Migrating to Elastic security in the cloud resulted in 50% reduction in costs
Elastic security gives Hermes Germany a faster, more powerful security platform at 50% of the price of its previous on-premise solution.
Gains comprehensive visibility into 40,000 endpoints
With Elastic security, Hermes Germany has easily integrated the data from the handheld scanners of all 40,000 delivery staff for better visibility across its systems.
AI and machine learning automate security workflows
Hermes Germany uses Elastic security's AI and machine learning capabilities to automate processes, allowing its security team to focus on more complex investigations.
Officially listed as part of Germany's critical national infrastructure, Hermes Germany uses Elastic security to protect its systems and secure its essential delivery operations.
Hermes Germany, part of the Hermes Group, delivers parcels and goods to homes and businesses both in Germany and abroad. As the country's second-largest logistics company, it is officially listed as part of the nation's critical infrastructure (Kritis).
KRITIs, short for "Kritische Infrastrukturen" (Critical Infrastructures), refers to essential services vital for public safety, security, and economic stability. The German Federal Office for Information security (BsI) protects these services from cyber threats and other risks through security measures and public-private collaboration.
As Marco Uhl, sIEM Engineer at Hermes Germany explains, “Effective system security is essential for Hermes Germany. It is not a side issue, but critical for both our company and the country.”
With security threats on the rise, Hermes Germany needed a robust and cost-efficient security operations platform to navigate the current economic climate. Their previous on-premise third-party platform posed performance and cost challenges, making it difficult to store and quickly search their vast security log data.
“It was a very complex environment, with frequent outages. More than once the whole cluster practically blew up in our faces,” recalls Uhl. “It was also very expensive, with high license costs, along with the operational costs, such as infrastructure and energy, that come with running it on-premise.”
Driven by these constraints, as well as the company's corporate strategy to migrate all infrastructure to the cloud, Hermes Germany searched for a cloud-based security platform, evaluating a number of large providers.
"We chose Elastic security on Google Cloud Platform because we preferred the way it was structured and processes data. It is flexible enough to tailor it to our needs and is easily integrated with other systems and data sources."
Hermes Germany has its head office in Hamburg and is one of Germany's leading logistics service providers, employing more than 5,000 staff.
Taking delivery of a high-performing, easy-to-use security platform deployed on Google Cloud
Hermes Germany chose Elastic over its current sIEM deployment due to scalability issues with the on-premises solution and misalignment with Hermes' cloud-first strategy. The cost of maintaining the incumbent sIEM and migrating to the cloud was also five times higher than Elastic.
Hermes Germany also needed to move so it could manage data from 40,000 handheld delivery scanners, which is crucial for efficiency and KRITIs compliance. Their previous sIEM was too costly to ingest and retain this data effectively. Elastic provided a cost-effective solution, enabling them to ingest and analyze critical data without prohibitive expenses, ensuring regulatory compliance and operational excellence.
Hermes Germany partnered with the Elastic support team to migrate to Elastic security. This collaboration ensured a smooth setup and seamless data integration, allowing the Hermes Germany security team to quickly experience the platform's speed, reliability, and powerful search capabilities.
"Our previous solution would have been twice as expensive in terms of licenses alone. With Elastic security on the Google Cloud Platform, we get everything in one — we can isolate devices, pull files, query processes, and we get endpoint protection. It’s the complete package."
security analysts appreciated the ease of use of Elastic security, which eliminated the need for manual data transfer during investigations. With Elastic Common schema, Hermes Germany can now unify and normalize data from various sources, allowing analysts to quickly visualize and understand network traffic for effective security investigations.
ECs standardizes the way data is ingested and analyzed, making it easier to understand destination IPs and how connections flow through the network. This standardization is crucial for accurate and efficient threat detection and response, which is an essential functionality for Hermes.
Throughout the migration and subsequent use of Elastic security, the Hermes Germany team has benefited from the platform’s extensive documentation, which allows them to easily understand how to make the most of their solution.
Eliminating blind spots with comprehensive system visibility
With Elastic security, Hermes Germany has a comprehensive security platform for improved visibility across its IT infrastructure. The company can now ingest and analyze data from previously overlooked sources, such as the handheld scanners used by its delivery staff, enabling it to protect against threats from this core part of its operations.
"Previously, the sheer volume of data from over 40,000 delivery staff using handheld scanners made it impossible to process. Now, we ingest all that data into Elastic for analysis. This eliminates a critical blind spot and enables us to meet our requirements as a Kritis organization."
When Hermes Germany receives a security alert, their analysts leverage the powerful Elastic Timeline to visualize all related events seamlessly. By simply dragging and dropping filters — without the need for complex query writing — they can swiftly investigate incidents. This intuitive process allows analysts to trace the path of connections and identify any suspicious activities with ease.
Through this streamlined approach, Hermes Germany's analysts can quickly identify false positives, filter out noise, or recognize genuine security threats. For real threats, they follow a standard playbook or escalate to a collaborative "war room" for complex scenarios. This ensures the security of their systems and the smooth operation of their critical logistics services.
Increasing operational efficiency with AI and machine learning
Hermes Germany is also using a range of generative AI and machine learning (ML) capabilities within Elastic security to streamline and enhance security and elevate its security capabilities further with the roll-out of the Elastic AI Assistant to all its analysts.
securely linked to Google Gemini, the LLM of choice for Hermes Germany, the AI Assistant for security allows them to safely connect all its private data with the large language model, enabling the company's analysts to resolve problems more quickly with natural language interactions. The AI Assistant can help analysts quickly interpret log messages and errors, optimize code, write reports, and ultimately help secure the company's systems more effectively and efficiently.
Attack Discovery enables Hermes Germany to automatically detect and group suspicious behaviors and potential threats using advanced machine learning and contextual threat intelligence. This reduces alert fatigue by triaging hundreds of alerts to the few that matter, allowing security teams to focus on critical threats. The streamlined process accelerates investigation and response times, empowering the security team to take immediate, informed actions and enhance overall security.
"With the Elastic AI Assistant for security, we can help to take the pressure off our analysts by enabling them to do their jobs more easily, allowing them to spend their time focusing on more complex cases."
securing the future of Hermes Germany's critical infrastructure
As it expands its use of Elastic security to protect its operations, Hermes Germany is looking at further ML and AI integrations, while also rolling out Elastic Agent across its infrastructure. This will give it deeper system visibility, along with one-click isolation capabilities for rapid incident response. Elastic Agent and the platform's open APIs will also allow Hermes Germany to automate more security workflows and seamlessly integrate with other systems, helping it to proactively address emerging threats as the company works to secure the future of its critical logistics operations.
