Elica, an Italian company standing at the forefront of cooking appliance production and design, has been a global leader in kitchen extraction systems for over 50 years. The company is a major European player in the production of electric motors for household appliances and heating boilers. Under the leadership of company President Francesco Casoli, Elica employs 2,600 staff across its Fabriano headquarters and seven production sites in Italy, Poland, Mexico and China.
Elica’s results are driven by corporate values that inspire every project, product, and activity: design that meets aesthetics and performance for an extraordinary cooking experience, art destined as a model for creative processes and working methods, and innovation to support technological solutions capable of enhancing product functionality.
Continuous Detection and Mitigation of Security Gaps
Elica prioritizes information security because in a "connected" world, where data is always "online" and "shared,” it is vital to support ongoing business success. The biggest worry for Elica is the potential harm of data breaches and other security incidents, which could have long-term effects. That's why it's crucial for Elica to constantly validate and improve its cybersecurity measures. This includes ensuring that security controls are optimally configured to defend systems against the latest threats.
“We needed to understand whether all the work we had done to protect our external and internal surfaces was effective and to ensure that no human error was present,” says Caucci. " The only way to achieve this is to have a product that continuously checks the security posture of our infrastructure."
Operationalizing Threat Intelligence
Caucci further points out that previously, in order to stay updated on potential threats that could target them, they needed to maintain a high level of alertness, conduct thorough research, and collaborate with external red teams for testing purposes. This process not only consumed a considerable amount of time but also incurred significant costs for the company. Streamlining this process was imperative for Elica to stay threat-aware at all times and take swift action to mitigate risks without excessively draining resources.
Demonstrating Security Effectiveness and ROI
In the boardroom, where the importance of cybersecurity investments is increasingly recognized, there's a growing need to demonstrate effectiveness, drive continual improvements, and optimize budget utilization. Without comprehensive visibility into the effectiveness of its existing controls, Elicia struggled to obtain the insights it needed to make security decisions and prioritize spending in the right areas.
“Conveying technical information to the executive board, particularly when seeking additional budget or resources for security measures, presents a significant challenge. Articulating the importance of these investments and the necessity for changes in security products often proves to be a hurdle.”
Enhanced Security Control Effectiveness
Elica has realized significant advantages through the implementation of the Picus platform, which consistently validates the effectiveness of its security controls. Powered by Breach and Attack Simulation, the Picus Security Validation Platform automatically and consistently simulates attacks, empowering the company’s security team to measure security control effectiveness at any moment and benefit from actionable insights to optimize their prevention and detection capabilities.
The Picus platform’s rich threat library is updated daily, ensuring that Elicia can test its defenses against the latest threats soon after they emerge. It also reduces the time required by the team to research new threats.
Caucci emphasizes, "Picus's real-time testing capabilities and pre-configured alerts have proven highly valuable in safeguarding the integrity of our cybersecurity systems. These features allow us to promptly detect any unfavorable changes, whether internal or external, ensuring that potential vulnerabilities are addressed before they can pose a threat."
Streamlined Prevention and Detection Engineering
Elica has experienced significant time savings since implementing Picus. Caucci emphasizes the efficiency gained, stating, "Picus has been a game-changer in saving us valuable time." The platform alerts Elica to potential security gaps and provides actionable insights to address them, including prevention signatures and detection rules. This proactive approach ensures that issues are addressed before they can be exploited by malicious actors, eliminating the need for extensive research across vendor websites for mitigation content.
Furthermore, Caucci highlights the Picus platform’s seamless integration with FortiSIEM, stating, "This integration not only saves time but also reduces costs associated with external engagements."
'Revolutionized' Risk Communication with Executive Board
Elica has significantly enhanced communication with its executive board by leveraging the Picus platform’s auto generated reports and dashboards. Caucci underscores the transformative impact of this feature, stating, "Picus has revolutionized how we convey security outcomes to our executive board." Through executive reports distributed to the CEO and other board members, Elica effectively communicates the ROI of its security products. By visually representing the organization's security posture with Picus, they demonstrate the results of past investments and ongoing improvement efforts. "This weekly insight enables our board to monitor the effectiveness of our security measures, both internally and externally, facilitating informed decision-making and safeguarding the integrity of our security infrastructure."
Data-driven Decision Making
Caucci underscores the value that Picus adds to Elica's security strategy, particularly in terms of cost-savings and informed decision-making. He highlights, "Picus is our go-to when evaluating new security products. Recently, it flagged a product that didn't meet our standards, potentially sparing us from a costly mistake." This insight directly translates into cost savings, as Caucci explains, "Picus simulations confirmed our concerns, prompting us to explore better alternatives."
Elica's adoption of the Picus Security Validation Platform has significantly strengthened its cybersecurity resilience and demonstrated tangible ROI. The platform's automated simulation of real-world threats, rich threat library, and seamless integration capabilities have empowered Elica to measure security control effectiveness in real-time, streamline prevention and detection engineering, and revolutionize risk communication with the executive board.
“I recommend the Picus platform to other organizations because, in my experience, it stands out as the most comprehensive validation platform currently available. Its seamless integration with leading cybersecurity controls and user-friendly interface make it an invaluable asset for any organization looking to enhance its security posture. Picus simplifies the complex task of cybersecurity testing and assessment, making it accessible and effective for teams of all levels of expertise.”