Case Study / Red Bull - Managed Security: That's how a good collaboration works

Organisation & Compliance
The Red Bull energy drink is famous throughout the world. Motorsport, football and ice hockey activities, the sponsoring of athletes or projects such as the Red Bull Air Race, all help to establish a strong brand. Miscellaneous media companies in production, TV and publishing are also part of the corporate group. Put them all together and a global IT landscape emerges with vast quantities of data, regular expansion of locations and the integration of new companies and sectors.

Red Bull uses the managed services of RadarServices for IT security. This service provider implements ongoing IT security monitoring and vulnerability detection for all Red Bull’s IT locations and sectors worldwide. All the data is integrated and detected information relevant to security is reported in the RadarServices Risk & Security Cockpit on a daily basis to those responsible for security at the Red Bull headquarters.

How does the collaboration with the managed services provider work in practice? Jimmy Heschl, Head of Digital Security at Red Bull, offers an insight.

“A SOC as a managed service provides a second line of defence in the balancing act that is IT security”
Jimmy Heschl, Head of Digital Security Red Bull

Mr Heschl, how do you incorporate the issue of IT security in your company?

Two basic concepts are fundamental to our IT security management. Firstly, security is enshrined in the thinking of our internal, operational IT teams. This means that we do not have the problem of needing to implement IT security measures “on top” of changes in our IT landscape, but we collaborate, from the security point of view, and are in constant dialogue with those who manage IT operationally worldwide. Secondly, we are aware that the security of an IT landscape cannot be achieved by technology alone. It would not work without the experts, their excellent handling of highly specialised software and our strong trust and confidence in their abilities.

As regards day-to-day IT security monitoring, you have relied on managed services provided by RadarServices for many years. This means your internal IT security team works together with security analysts from Europe’s largest Security Operations Centre in Vienna every day. Exactly what form does this collaboration take?

We communicate with the analysts in Vienna virtually every day. They pass on all the problems relevant to security that they have detected and prioritise and assess them for us. They also provide instructions to help us solve each individual problem. A major benefit of this is that it saves our in-house resources. They provide a risk & security cockpit which we use as a central information and communication platform, but we can also call them if we need to.

We also get a monthly visit from the RadarServices’ team of analysts. These IT security jour fixes are not only attended by us, but our colleagues from the operational IT team are also involved. We review the status of data collection for monitoring, changes to the IT landscape, patterns and trends. Beside these firsthand exchanges of information with the analysts, we also hold six-monthly meetings with the service managers of RadarServices. This provides a forum in which to discuss potential strategies and improvements.

What was the decisive factor for having a managed service, rather than setting up your own in-house SOC at Red Bull?

Having our own SOC would mean that we would have to find many highly-specialised security analysts to handle the technologies, the processes and the detection itself at our location, employ them longterm and also provide them with the professional challenges they need on an ongoing basis. I think that for a company of our size with key expertise that has nothing to do with IT security, this is neither feasible nor logical over the long term. So working with external specialists was never in doubt. And it remains the right decision to this day.

What considerations were crucial for the choice of your managed security services provider?

We see the ongoing collaboration with our external partner as one part of our security architecture. We have a lot of security mechanisms and tools inhouse, of course, and we are constantly adjusting and improving. But the external SOC still checks that all these measures are effective. They tell us if this is not the case, as well as alerting us, if necessary. Hence, we regard the SOC services as a “second line of defense” from an independent source.

We weighed things up meticulously when choosing an actual SOC provider – where would we merely be buying “off the peg” services, and where, on the other hand, would we get customised services and sufficient attention. The IT security situation at every company is different, and an external provider in the daily “IT security balancing act” also has to understand and live with this in practice. This is how we came to RadarServices.

“We have a lot of security mechanisms and tools in-house. But the external SOC still checks that all these measures are effective.”
Jimmy Heschl, Head of Digital Security Red Bull