NormCyber delivers comprehensive cyber security protection for Europe’s leading specialist radiator manufacturer, enabling it to proactively mitigate cyber risk.
Stelrad Group plc manufactures and sells an extensive range of hydronic, hybrid, dual fuel and electrical heat emitters to more than 500 customers in over 40 countries, with over 1,400 employees. Since its first entity set up shop in the UK in 1936, the company has grown to operate five market-leading brands across Europe – Stelrad, Henrad, Termo Teknik, Hudevad and DL Radiators – and today manufactures over 5 million radiators each year.
In brief
- With geographically dispersed operations and a decentralised IT model, Stelrad Group sought to bring visibility into its cyber security processes, gain nimble response capabilities and shift to a more proactive risk management approach
- Norm’s Cyber Security Managed Service provides business-critical capabilities to Stelrad Group’s UK, Netherlands and Belgium-based teams
- Benefitting from robust protection, hands-on guidance and a flexible service model, Stelrad Group can confidently and continuously progress its cyber resilience
The challenge
As a publicly traded organisation, Stelrad Group operates on a stringent, risk-focused model, which also extends to its cyber security posture. In March 2023, following a Board recommendation, the company set out to enlist external expertise to help it advance its cyber security processes and take a more proactive stance around cyber risk mitigation.
Stelrad sought a simple solution to a complex challenge. Its operations in Western Europe are geographically dispersed and involve multiple moving parts. From manufacturing to warehousing and distribution, every component of the business must work in perfect harmony to ensure on-time deliveries and no supply chain disruptions.
The nature of cyber risk in the sector poses additional complexity. A lack of end-to-end visibility or seamless communication between networks can open the door to cyber security threats, which could wreak havoc on operations in more than one area. With a vast customer base to serve and a reputation to uphold, Stelrad Group wanted to get ahead of this evolving cyber threat landscape.
“We evaluated three different managed service providers and Norm stood out to us as the right experts. We were particularly impressed with Norm’s people, technical prowess and flexible business model. It reassured us that we would have the right level of support and we won’t be locked into a vendor,” said Leigh Wilcox, Finance Director at Stelrad Group.
The solution
From this initial point of contact, Stelrad Group’s relationship with Norm grew organically and today encompasses two large geographical units: the UK & Ireland, and The Netherlands & Belgium.
In the UK&I business – covering 200 employees and selling 2.5 million radiators a year – Norm delivers end-to-end cyber security protection. Norm’s Managed Threat Detection & Response (MDR) service provides the company with near real-time security monitoring across three areas:
- Networks – monitors Stelrad Group’s internal corporate network traffic for known threats and Indicators of Compromise (IoC)
- Services – monitors activity from business applications and operational infrastructure
- Endpoints – monitors activity across laptops, desktops and servers
Combining data from across these telemetry feeds with global threat intelligence and pre-agreed custom playbooks, Norm’s Security Operations Centre (SOC) automatically identifies and isolates threats 24/7 for Stelrad Group.
“Norm helps us discover hidden threats, investigate and escalate any incidents as needed, and provide us with all the tools and knowledge needed to take swift action against emerging cyber risks. We are aware that there are hundreds, even thousands of such threats out there at any given time, but we don’t have to lose sleep over that. All we see is what we need to see – Norm takes care of everything else,” Wilcox said.
Norm solves another key pain point for Stelrad Group: reporting. With separate IT systems and no central Head of IT, Wilcox and his team sought support in providing KPIs, updates and recommendations to the Board. Norm’s custom performance dashboard, Smartbloc acts as a central repository for expert insights and real-time threat assessments – offering comprehensive reports that are accessible for all skill levels.
Norm also has a dedicated Focal Analyst assigned to Stelrad Group. This is a named Senior SOC Engineer whose job is to understand the customer’s unique business environment and commercial goals and provide counsel to help strengthen its cyber defences.
“The Focal Analyst looking after us, Harry Lewis, made a real difference from day one and now feels like part of our own team. He is a trusted advisor for Stelrad Group, who can translate complex IT security knowledge to help us make decisions faster – giving us confidence, conviction and clarity.”
Stelrad Group’s Dutch and Belgian sites – covering another 200 employees and 700,000 radiators sold each year – also benefit from Norm’s SOC capabilities and Focal Analyst guidance, with further service modules added:
- Norm’s Cyber Safety & Phishing service provides Stelrad Group’s regional operations with regular, bite-sized security staff training as well as testing under simulated phishing scenarios. With the results of these tests available via Stelrad’s online performance dashboard, decision-makers can track improvements in staff vigilance and compliance over time.
- Norm’s Penetration Testing service adds a final layer of protection to Stelrad Group, in two steps. Firstly, Norm’s CREST-certified team of ethical hackers make proactive attempts to exploit vulnerabilities within Stelrad Group’s infrastructure, applications, workforce, and operational processes, using modern cyber criminal tactics. Secondly, the team provides valuable context to their assessment, identifying high-priority areas that require further attention and providing best-practice advice.
“Expanding our partnership in The Netherlands and Belgium is a testament to the expertise and guidance Norm brings into our organisation. Thanks to Norm, we know where we stand and where we want to get to. Norm has evolved our thinking on cyber resilience, and its flexible service model makes it possible for us to easily act upon the advice we receive.”
The results
With Norm delivering robust cyber threat protection, staff training and guidance on process improvements, Stelrad Group has covered all areas of an efficient cyber security strategy.
“When we began working with Norm, we thought the biggest challenge we had to solve was gaining full visibility into our dispersed IT infrastructure and potential threats facing our business. Onboarding Norm was like shining a torch into a dark corner. Now that we know what our risk exposure looks like, we realise that the biggest challenge – across our entire industry – is, in fact, taking positive action. This is where Norm is a game-changer for us.”
Norm makes cyber security operations transparent and easy to understand by providing central reporting capabilities and hands-on guidance. It categorises risk and prioritises the actions Stelrad Group should take to further bolster its cyber defences. It also produces empirical metrics into the level of protection the company enjoys and makes it possible to benchmark improvements. This allows Wilcox and his team to quantify the ROI on cyber security spending to the Board, while delivering vital education and insights to decision-makers.
“Next to clarity, the most important thing Norm has given us is confidence. We know where to look for answers, who to turn to for help and how to improve our cyber resilience. For our IT teams, Norm’s reporting dashboards mean they can track vulnerability scoring and take proactive action, while for senior management, Norm’s presence gives meaning to the expression ‘no news is good news’. This confidence permeates all levels of the organisation, even the Board.”
With its new Cyber Security Managed Service, Stelrad Group has stepped on a path of continuous improvement. Quarterly meetings enable the company to strategise with Norm; discuss and advance its efforts based on real business priorities. Wilcox summarised:
“We have found a great partner in Norm. The team have provided us with new technical capabilities, visibility, education and support. Our Focal Analyst has become so familiar with our business, that we have deep trust that his recommendations will have a significant impact on our operations and future growth. This business-focused approach has empowered us to make informed decisions and shifted our cyber security strategy to a more proactive and agile basis. If I had to describe our relationship with Norm, three words spring to mind: easy, professional and reassuring.”