Deploy Bravely — Secure your AI transformation with Prisma AIRS

Rovensa Group cultivates responsive and resilient cybersecurity with Unit 42

SUMMARY

Rovensa Group had planted the seeds of a global cybersecurity strategy, but it needed stronger threat defence and security intelligence to blossom. This multinational leader in sustainable agricultural solutions relied on a legacy endpoint protection platform across over 40 countries – but the platform lacked the complete visibility needed to stay in front of a complex, evolving threat landscape. Skills shortage was an issue too: the security operations centre (SOC) team in Portugal was stretched to the limit, separating genuine threats from false positives.

However, a platformization approach to security is now carving through Rovensa Group’s complexity. The Unit 42 Managed Detection and Response (MDR) service, paired with Cortex XDR, provides complete, consolidated visibility and control while liberating valuable SOC person hours to focus on strategy.

RESULTS

Minutes rather than hours

MTTD/MTTR

90%

reduction in cases

2 FTE time saving

by increasing security team productivity

90%

retest success rate

challenge

Advance threat intelligence and defence

Cybercriminals are constantly creating new, sophisticated attack methods – such as phishing, malware, and ransomware – which made it difficult for Rovensa Group to stay in front of threats. The organisation needed to cultivate a modern cybersecurity strategy. Until recently, the organisation’s existing endpoint protection platform lacked the smart threat intelligence and agile incident response needed to drive agricultural business growth. Moreover, Rovensa Group was short of skilled expertise to monitor and act on incidents.

The organisation needed to:

Improve alert processing: The team faced an overwhelming volume of alerts, leading to fatigue as each one demanded scrutiny to distinguish genuine threats from false positives.
Reduce network and endpoint complexity: Diversity and scale of endpoints (2,500 users across servers, workstations, and mobiles in 40 countries) impacted visibility, making it harder to standardise security and apply consistent policies.
Address resource limitations: The small team was overwhelmed with implementing and managing endpoint security across a global footprint. Skills shortage in Portugal also made it harder to hire and retain seasoned analysts, responders, and threat hunters.

“Our global SOC team was being pulled in so many different directions. With threats growing in volume and sophistication, we simply didn’t have the bandwidth to effectively manage threat intelligence and incident response.”

João Lázaro

Global Information Security Manager, Rovensa Group

SOLUTION

Simple, complete platformization approach to cybersecurity

Rovensa Group upgraded from the existing endpoint security tool (managed in-house) to a simple yet highly effective platformization approach to cybersecurity from Palo Alto Networks. Cortex XDR and the Unit 42 MDR service now deliver extended detection, response, and security expertise – all as a managed service.

“We previously used Microsoft Defender to protect our endpoints, but the tool struggled to keep pace with evolving threats. Cortex XDR is a terrific endpoint security platform, and the Unit 42 MDR Service takes this protection to a whole new level. These expert professionals have a proven track record in threat hunting, incident response, and threat intelligence,” says João Lázaro, Rovensa Group’s Global Information Security Manager.

Continuous monitoring accelerates detection and response

Comprehensive visibility across 2,500 endpoints in over 40 countries and seamless case management and triage all contribute to agile, effective case response.

Following the deployment, Rovensa Group has reduced both its mean time to detect (MTTD) and mean time to resolve (MTTR) by 90%. This speed ensures the business stays in front of even the most sophisticated threats.

“Unit 42’s speed of analysis and case closure is so fast, it sometimes happens before we’re even aware of a ticket being raised,” says João.
Intelligence-driven and response-ready

Investigation and response managed by Unit 42 contains threats faster, streamlines investigations, and ensures Rovensa Group can recover quickly from an issue.

João has witnessed this speed firsthand: “When we performed our annual penetration test, we didn’t warn Unit 42 in advance. Despite the fact we hadn’t needed to talk to their team for six months, they contacted us the second the pentest started.”
Saves time and resources

Unit 42 manages Rovensa Group’s critical issues – including endpoint, network, and cloud – from a single pane of glass. It also handles case management and investigation, allowing Rovensa Group’s SOC team to focus on other, more strategic initiatives.

There has been a 90% reduction in cases, and Rovensa Group has reduced the time the team spends administering security by 90%. This has allowed two people to be deployed to more strategic work.

Looking ahead, Rovensa Group wants to extend the collaborative relationship with Palo Alto Networks, potentially introducing a zero trust cloud-delivered secure access service edge (SASE) strategy. “It’s all about adding layers to the security onion,” says João.