Customer Story

Barratt Developments

The UK’s leading housebuilder, Barratt Developments, partners with BlueFort to gain visibility over its mobile threat surface and secure its mobile workforce.
Barratt Developments is the UK’s leading housebuilder, creating great new places to live throughout Britain. Its principal business is acquiring land, obtaining planning consents, and building the highest quality homes in places people aspire to live. This is supported by its expertise in land, design, construction and sales and marketing. Its vision is to lead the future of housebuilding by putting customers at the heart of everything it does.

Key challenges

  • Wide spectrum of mobile risk due to growing number of workers outside the corporate network
  • Limited visibility of users and end-devices accessing the network
  • Incomplete view of its cybersecurity state

Overview of the situation

Barratt employees have corporate-owned iPhones and iPads and use applications that are both third-party and developed in-house. Applications are hosted on-premise and in the private cloud. These apps allow mobile workers to feed information into the company’s systems. One of these applications allows the company to build data entry forms for on-site health and safety reporting that can feed that information to an on-premise server. Like many companies today, Barratt Developments is carrying out a digital transformation program incorporating a ‘cloud preferred’ strategy.

With a growing number of workers outside the corporate perimeter, the Barratt team began looking into mobile security solutions to address the broad spectrum of mobile risk and played well with Microsoft tools. They had particular concerns about application vulnerabilities and phishing attacks reaching mobile users, including via SMS, email and social media.

Developing an accurate blueprint of Barratt’s mobile threat landscape

BlueFort’s continuous discovery, validation, and control methodology is closely aligned and augments both the NIST framework and Gartner’s Continuous Threat Exposure Management (CTEM) principles. This focuses on identifying and validating risk factors that are important for the individual organisation and then taking a threat-led approach to preparation, risk reduction and control strategies. 

Utilising the methodology, BlueFort’s consultants undertook a technical ‘deep dive’ of Barratt’s mobile threat surface, which gave them clear visibility of all devices connecting to its network. With an accurate technical blueprint of Barratt’s mobile threat surface, BlueFort was able to validate its cybersecurity state, highlighting actual and potential cybersecurity risks and then implement suitable controls.

Barratt Developments has a Security Operations Centre (SOC), which includes industry-leading Security Information and Event Management (SIEM) and Identity and Access Management (IAM) tools to secure corporate equipment and ports. It deployed BlueFort’s Threat Event Stream, which integrates with its SIEM solution. 

Achieving data-driven results

Positive results have been achieved. One recent report showed that the platform had flagged 1,700 phishing attacks, including PayPal and Apple-branded attacks that users had clicked on. The platform was able to block any requests to these malicious sites, averting a potential attack.

The company conducts phishing training and tests via its SOC and has mandatory cybersecurity training for all colleagues to further improve the company’s overall security posture.

Its Head of security and compliance looks at the Mobile Threat Defence reporting, and provides the business with statistics, and insight on how many threats have been blocked. When it receives notifications for the latest threat, it looks for any relevant statistics and highlights to the business that the tools it uses are protecting them from security incidents people might be seeing in the news.

The company uses an industry-leading VPN solution for their laptops, but they don’t have a need for VPN on mobile as they use MDM tools to manage devices.

Going beyond mobile security with Evolve

Having gone through the initial discovery and validation journey with a comprehensive review of its mobile threat surface and then completing a control phase to secure its mobile workforce, Barratt Developments is now taking advantage of BlueFort’s Evolve program to build out its broader security strategy, ensure all of its security tooling is working together correctly, and dig deeper into other critical areas in its security environment.  

The Evolve platform gives BlueFort clients unlimited, on-demand access to industry experts who have gone through the vetting, testing and curation of exciting new technologies; to help organisations cut through the noise of the cybersecurity market, deliver proactive cyber market research, and provide enhanced support.

Barratt Developments is now leveraging the Evolve services platform to go beyond mobile security, working with BlueFort to take the same principles and methodology back to their external cloud surface and internal security environment. 

By applying the same continuous discovery, validation, and control journey, Barratt Developments can maintain a dynamic security posture that continuously shifts in alignment with the most critical threats facing the organisation. 

See how BlueFort can help you simplify your cybersecurity