Anywhere Workspace3 min read

Rentokil: Enhancing Endpoint Security with a Hybrid SOC

Ciara McIlvenna

The increase in remote work makes endpoint security more important than ever. Rentokil Initial elevated device security by establishing a hybrid security operations center (SOC) combining VMware technology, in-house expertise and crowd-sourced threat detection.

Rentokil Initial is a leading pest control and commercial hygiene services provider. It has more than 36,000 employees working in 1,800 teams across 80 countries. Around 60 percent of staff work in the field.

With a large, dispersed workforce, endpoint security and device management were a priority for Rentokil even before the COVID-19 pandemic forced thousands more employees to work remotely.

Scaling cybersecurity to support the rise of remote work

As the world reeled from the first wave of COVID-19, companies rapidly scaled remote capabilities and adapted their operating models. Cyber criminals found new opportunities to launch sophisticated attacks on unsuspecting users, exploiting vulnerabilities to steal data, cause disruption and install ransomware.

INTERPOL reports highlight a sharp increase in the rate of cyberattacks during the pandemic. Significantly, attackers targeted fewer individuals and small businesses and instead moved against major corporations, governments, and critical infrastructure instead.

Rentokil needed to scale up cybersecurity in this volatile landscape.

“We rolled out VMware Workspace ONE to centralize device management and get our estate under control. VMware Carbon Black Cloud enhances security. When the pandemic hit, we needed to accelerate the rollout and deploy next-generation security with the minimum number of agents to have the maximum impact,” says Pete Shorney, global head of information security at Rentokil Initial.

Building a hybrid security operations center

Enterprise-level security is no longer the sole responsibility of the IT team. Collaboration is key, and good security demands everyone to keep company data secure.

Rentokil established a hybrid SOC to align people and processes around security best practices. This was vital for identifying and preventing cyberattacks before they pose a risk to the business, 24-7.

The hybrid SOC is staffed by both in-house and outsourced professionals for greater flexibility, scalability and cost-saving—all while achieving a higher level of security.

A team of first- and second-line responders use VMware Workspace ONE and VMware Carbon Black Cloud to monitor the company’s environment from a single console. With approximately 13,500 Microsoft desktops, 25,000 laptops, 6,000 Google Chromebooks, 30,000 Android mobile devices and 3,500 servers, that’s no small task.

Tier one comprises Rentokil front-line engineers, dedicated to workplace security. Tier two includes the security operations team that manages the environment.

VMware Workspace ONE Unified Endpoint Management (UEM) monitors the full lifecycle of all devices anywhere in the world. Comprehensive built-in security features protect data and devices from increasingly insidious threats. The team also uses Workspace ONE Intelligence for insights and analytics, which helps to identify vulnerabilities and risks based on user behavior.

The company outsourced tier three threat detection to Kroll, an organization providing security services and crowdsourced expertise. “The hybrid model means we can access the latest skills and knowledge to block as many attempted breaches as possible. The Kroll team focuses on what they do best, leaving our in-house team to manage and protect the environment,” says Shorney.

Over 12 months, the hybrid SOC blocked 95 percent of threats before they entered Rentokil systems, and the team swiftly identified and dealt with the rest. With central visibility across the landscape, they can move to quickly isolate any infected devices in minutes and prevent the malware from causing damage.

Enhanced user training to enable “work from anywhere”

User training is a key component in the Rentokil security posture. Evidence suggests the vast majority of successful cyberattacks are linked to human error, and more employees working remotely amplifies this risk.

The company defined three personas among its workforce: those with good knowledge of cybersecurity; those who are somewhat aware; and those who lack awareness of what constitutes high-risk behavior.

Rentokil launched a campaign to educate users about security, leveraging data from Carbon Black Cloud to show staff when they’ve clicked suspicious links. Learning from real-world examples improves employee understanding of security risks and crucial skills for maintaining a secure “work from anywhere” environment.

Next, the hybrid SOC team is exploring how to establish a Zero Trust environment, enabling workers to use their own devices and enjoy secure access to workplace technology.

Cybercriminals are as active as ever, but as attacks evolve, the hybrid model provides cost-effective access to expertise beyond threat hunting.

“Strong partnerships and great technology are crucial for next-generation security. We have the agility and scalability to keep our business secure as we grow, without increasing costs or complexity,” explains Shorney.

Download the full Rentokil customer case study here!