Capital Brands Holdings
‘Wonderfully simple’ – how Darktrace helped Capital Brands thrive during constant change
Peter Huh jokes there’s never been a dull moment for him or his team since his first day five years ago as Capital Brands’ CIO and CTO.
In that time, the company – best known for the Magic Bullet and NutriBullet kitchen blenders – has gone from private ownership to Private Equity management through to acquisition by Italian coffeemaking giant DeLonghi. One constant from 2020 on has been the presence of Darktrace as the company’s cybersecurity provider of choice.
An incident affecting the company’s website gave Capital Brands the impetus to make a measured, cost-conscious evaluation of what it really needed to do to protect itself from cyber-attacks in the long term. With the insight of Peter and his team, the result is a long-running, fruitful working partnership with Darktrace to protect and support the business through momentous periods of change.
Rapid change - and constant security demands
“When I joined, the team was at the end of consolidating 27 microsites for the company’s brands,” explains Huh. “It’s an understatement to say that was a large undertaking, and we were in the process of stabilizing all of that work when the website was breached.”
Huh knew the right response was not a kneejerk reaction. “We needed to have the greater picture. We had an incident affecting our website – which is serious – but it didn’t affect the internal systems,” says Huh. “We took the time to really look at what we needed to do – short term and long term, reactive and proactive.”
“The conversation [with the owners] went to ‘What do you need now’ very quickly from a prior focus on keeping costs at a minimum and doing more with what we had,” explains Huh. “I wouldn’t recommend this to anyone as a means to explore new technologies, but there is an old political adage about never letting a good crisis go to waste.”
Peter had followed Darktrace from the company’s early days. “Even then, they were leveraging things like AI to look at and address behavioral anomalies. I went back to the same contact I’d had from the beginning to see how far Darktrace had got. It turns out – much to my delight – that they’d come up with developments and evolutions that matched what we were looking for.”
Difficult choices and a small team
Capital Brands punches massively above its weight as a company; only 64 employees are responsible for sales in the region of hundreds of millions of dollars a year.
To make the right buying decision – and to live with it for a long time after – the tiny security team at Capital Brands had to box clever. The accepted security model at the time called for concentric circles of security and selective defense of specific assets, all executed with a laundry list of tools, hardware, services and vendors. Even with an unlimited budget, the small yet mighty team would struggle just to keep everything needed for this approach up to date. Bringing in a consulting firm or other third party to quarterback the buying process and ongoing operations didn’t appeal either.
“Quite rapidly, the question became: how do we take our limited resources, both in terms of people and budget, and make the most of it?” says Peter. “The conclusion was simple: we needed a completely different approach to most security shops. We don’t have a NOC, we don’t have a security team, and we don’t have a CISO, and there’s no way we want to outsource. There weren’t any companies out there that could help us succeed within these constraints. Except Darktrace.”
A key point was the Darktrace approach: trapping and assessing suspicious traffic and activity, rather than going to great lengths to build concentric defenses around key assets. Every vendor Huh and his team engaged with talked about the inevitability of breaches, but few talked about the practicalities of minimizing the resulting damage.
The security team at Capital Brands got to work to build two scenarios – one with the traditional security approach, the other using Darktrace’s techniques.
“At the baseline, it was a 5x difference in cost,” says Huh. I “actually made the case that it could be more than that, and we actually justified a 10x cost plus reaction budget to update all the network infrastructure, add things like endpoint security and so on – all compared with a more nimble approach that didn’t need a constant hardware refresh.”
Attack Surface Management to the rescue
Key to this was Darktrace / Attack Surface Management.
“It was a crazy plugging Darktrace /Attack Surface Management into our network and watching it learn and query whether what it was turning up was legitimate behavior,” explains Huh. “Every subsequent tool [from Darktrace] we’ve adopted has been eye-opening in a lot of ways, but this was the most significant in the sense that we’d never had the capacity to proactively scan and test for vulnerabilities.”
Early on, Darktrace / Attack Surface Management discovered some virtual machines (VMs) set up by previous tech teams to conduct testing. A number of ports – including one for Telnet – had been left open to allow backdoor access to systems when working remotely. The undocumented VMs existed without the team’s knowledge and had not been visible in any controls or tests.
“But even before that moment [with the Darktrace / Attack Surface Management appliance] we were very comforted knowing that the isolation techniques and tactics Darktrace employs allows us basically not to worry. Every step of the way it’s been eye-opening in one shape or form.”
Proactive prioritization provides patch perfection
A further benefit is prioritizing tasks within the small team. By way of example, Huh describes the software update and patching process; the two-person team managing software updates for the company can rely on Darktrace’s assessment to understand the priority of each update for Capital Brands’ specific IT environment.
“All the patches get applied, but just knowing you have the prioritization set based on threat levels saves a ton of time going through the notes for each update to understand what the threat really is,” explains Huh.
Wonderfully simple
Peter happily admits he didn’t foresee the integration of Capital Brands into DeLonghi – a vertically-integrated company on another continent with 9,000 employees – going so smoothly or so fast. Capital Brands still very much operates as an independent company, and in the early days, the speed and ease with which Darktrace could swing into action stood out.
“I love telling this story, because it highlights how wonderfully simple Darktrace can be for us,” says Huh. “During the acquisition process, people from DeLonghi visited our offices and used our network. One of them happened to try to VPN back to their corporate network during a meeting I was in for some documents, and Darktrace / NETWORK immediately shut [their connection] down. I pulled out my phone, confirmed with them that they’d tried to create a VPN connection and unlocked her access there and then. They were shocked we could investigate and fix something so quickly and easily.”
For the future
Huh is confident the collaborative approach with Darktrace will continue to work in future – buoyed up, in no small part, by a roadmap that is realistic, rather than mythical. “When I look at Darktrace’s product roadmap, my team and I can see that we’ve future-proofed out situation. Not only did we achieve the ability to identify and isolate [threats], we now have the ability to prevent bad things from happening. We’re looking at this very holistic approach to cyber security, and we’re not worried for the future at this point at all.”