Rimi Baltic is one of the largest retailers in the Baltic States, operating 294 stores across Estonia, Latvia, and Lithuania.
Juris Smits is the IT Security Manager at Rimi Baltic, overseeing the internal security of store networks and all public networks accessible by Rimi Baltic’s employees and partners.
Juris’ team forms part of a broader security function at Rimi Baltic, which includes network configuration, endpoint protection, data center management, and core communication lines.
As a major retailer, Rimi Baltic must effectively safeguard sensitive data to prevent devastating data breaches and maintain regulatory compliance. Accordingly, Juris and his team are always looking for ways to improve the organization’s security posture.
Juris and his team use an external scanner to monitor Rimi Baltic’s public infrastructure on a regular basis. The team’s lack of automated scans proved challenging during the asset discovery process. As a multinational organization, Juris says that Rimi Baltic’s IT infrastructure has “many moving parts,” with over 30 domains hosted across a combination of legacy and modern systems.
Rimi Baltic is constantly adopting new SaaS tools to improve operational efficiency. For Juris’ team, the initial vendor risk assessment process drained significant time and resources. It involved assessing each potential vendor’s level of risk through various sources, such as public information through Google searches and manual scanning techniques.
"Before UpGuard, conducting proper research for each vendor would eat up a lot of time – Does it comply with our requirements? Where is their data located? Do they have privacy policies?"
Juris and his team researched several attack surface management solutions before deciding on UpGuard. He was particularly impressed by the user interface and that the workflow supports how he would like to perform certain steps, and how he would like to see the data presented. The UpGuard dashboard also provides Juris with a summary of their security posture, including an overall risk rating with the ability to drill further into identified risks.
"Through one click, we can understand the exact issue that is driving our score down and whether it's low, medium, or high risk."
Juris says that by automating their asset discovery process with UpGuard, the team has greater visibility of Rimi Baltic’s external attack surface.
"We were monitoring external resources ourselves initially, and we found out it takes quite a lot of time, and it's very tricky. The UpGuard interface brings this all together in one concrete picture. With UpGuard, we found that discovery came straight out of the box."
Juris’ team have also significantly sped up their vendor vetting process using the UpGuard Vendor Risk dashboard. Leveraging the platform’s instant security ratings, they can gain immediate insights into potential SaaS vendors’ security postures.
"UpGuard gives us this great ability. We just enter the domain and straight away see whether the vendor looks plausible and whether it's worth investing further time."
For Juris, the benefits of using UpGuard were immediate. His team can now assess Rimi Baltic’s overall security posture at any given time and benchmark its performance against competitors.
"When I get a notification that our score has dropped, I can see which of our domains is to blame and what exactly changed there. The greatest thing that UpGuard gives us is that scoring, and looking at my competitors allows me to understand ‘where am I?’ and ‘should we worry about it or should we not?"
Saving Time Through Automation
Juris says that saving time through automation is the number one benefit of using UpGuard. Time-consuming manual scanning processes no longer hold Juris and his team down. They instead rely on real-time risk alerting to take action when Rimi Baltic’s security rating drops.
The team has also sped up their vendor vetting processes with UpGuard. By leveraging instant security ratings, they’ve reduced their initial research from one to two hours to five to 10 minutes.
"UpGuard’s automation processes definitely save us a few man days per month."
Improving Reporting Capabilities
Juris says that sharing high-level risk insights from the UpGuard platform has greatly improved internal reporting capabilities. The UpGuard dashboard displays Rimi Baltic’s security posture as a score out of 950 and pinpoints critical risks by automatically assigning a severity level.
"The level of explanation of an exact issue is great for people who aren’t trained in security, which saves me time explaining why risks are an issue. It’s as easy as opening a Teams chat and pasting a screenshot."
Reducing Cyber Risk Exposure
With UpGuard, Juris’ team can now also focus their efforts on two previously unmanaged cyber risks affecting Rimi Baltic:
- Typosquatting: The UpGuard Typosquatting module alerts the team when any Rimi Baltic domains are at risk of typosquatting.
- Employee data vulnerabilities: The UpGuard platform identifies data leaks affecting Rimi Baltic employees.
"Domain squatting wasn’t an area that we would pay attention to, and finding leaked employee data wasn’t an area we had enough resources to work on. And right now, we have it on a silver platter."
IT Security Manager, Rimi Baltic