Bassadone Automotive Group
Growing and expanding the business with Darktrace
Bassadone Automotive Group has been distributing vehicles since 1927, but over the past decade, it has seen record growth with a global turnover of €1.2bn in 2023. With the evolution of the business, there has also been an evolution in the volume and nature of threats it faces.
As the business has expanded supplying directly from new depots – including Dubai, Japan, and South Africa – it operates large currency transactions which make it a target for cyber-criminals. At the same time, as its supply chain and customer base grows, it faces increasing supply chain risk and impersonation attempts.
In the past, the security team dealt with a lot of virus-based attacks, whereas in recent years it has seen an increase in phishing. With seven locations worldwide, the range of attempts has increased by location, as well as an influx of attempts from Russia and China.
Before adopting Darktrace, Bassadone spent several years looking for a security solution with Darktrace’s capabilities. It first adopted Darktrace’s AI detection capabilities across its Gibraltar network and has continued to evolve its product suite in line with Darktrace’s innovation, adding Autonomous Response, attack surface management, email security, and most recently, incident readiness and recovery functions.
“It’s all about keeping ahead of the game,” said Albert Marsden, IT Director at Bassadone. “We see lots of attacks coming in that we haven’t seen before, but Darktrace catches these attempts.”
Consolidating the organization’s security stack with front-line defense
The security team has traditionally seen Darktrace as complementing its existing security stack. While Darktrace helped eliminate some of its previous tools, the team was mainly using it as a second line of defense to give peace of mind if other tools failed.
However, in recent months Darktrace, has transitioned from a second line of defense to a first line of defense because it picks up threats before they hit anything else in the network. Similarly, while the security team initially limited Darktrace / EMAIL activity on the company’s servers, it has gradually been allowing Darktrace to do more and more in an autonomous sense.
“We trust it more and more because it’s a maturing product, learning all the time,” Marsden said.
The team has also recently adopted Darktrace / Incident Readiness and Recovery to upgrade its incident response plan from a manual to automated approach. Before adoption, the team had moved site, so were dealing with a whole set of static playbooks and a disaster recovery plan that had become out of date. Darktrace / Incident Readiness and Recovery allows for the creation of dynamic playbooks that adapt to the incident based on Darktrace’s understanding of the business.
“It’s fantastic that the team can take actions directly from within Darktrace itself, rather than dealing with a list of manual updates,” commented Marsden said.
Having multiple Darktrace products is important, as it allows Bassadone to view everything within a single portal. The security team views its Darktrace portfolio as a ‘one-stop-shop,’ and the mobile app in particular has increased the speed of response to alerts and actioning on emails.
Justifying cost and ongoing support
Bassadone’s board is very conscious of the evolving threat landscape and is receptive to technology that can help the company stay ahead of the curve and protect its reputation. With digestible reports that display intercepted threats, the value of Darktrace is clear and easy to justify.
“Since we’ve had Darktrace, the biggest thing for us has been peace of mind,” Marsden said. He cites the customer service as a clear benefit of Darktrace compared to other suppliers, as well as the helpful resources available via the customer portal.
Bassadone also subscribes to the Darktrace Security Operations Support service, which offers the security team 24/7 access to expert Darktrace Cyber Analysts if it needs assistance during live threat investigations or even during day-to-day operations.
“We haven’t had to use it yet,” Marsden said. “But it’s reassuring that it’s there in case of an incident.”