The Royal Automobile Club of Victoria (RACV) have 3,200 endpoints across Australia – including workstations and servers, point-of-sale systems, and mobile devices inside patrol vehicles to log repair details. Any one of these endpoints could be a security risk for their two million plus members were it not for the diligent and exhaustive work of Idris Shamsi, Chief Information Officer (CIO), and Sam Sala, Head of Cyber Security. RACV is a motoring club and mutual organisation that provides its two million plus members with a range of products and services across motoring and mobility, home, leisure, financial services and general insurance.

Today, RACV is focused on swiftly growing membership; delivering new offerings in the home space; helping customers and members accelerate their transition to clean energy; embedding the brand promise across all products and services; and broadening and deepening member and customer relationships. Underpinning those objectives are security initiatives to provide service continuity and resilience and protect information and personal data.

Tinkering to Gain Performance

RACV established a strong cyber defense, but attacks across the industry were getting faster, more sophisticated and more frequent. Relying on security technologies such as signaturebased detection was in danger of becoming less effective. Existing legacy antivirus applications were starting to age and drain endpoint computing resources.

The existing mix of different endpoint security tools was complex and taking more time, cost and manual effort to maintain and upgrade. “For every detection, our security operation staff would need to investigate, follow up and work out what was or was not a false positive,” said Sala. “Its actions in response were slow and resource intensive.” Staff often spent a long time on the phone with vendors sorting out technical issues.”

“As the nature of the threat evolves, the nature of our defenses has to evolve as well,” said Shamsi. “And I don’t think this was possible with the former solution.”

RACV ran a series of tests and evaluations to find a product that would help the organisation deal with the growing cybersecurity threat and ensure RACV’s ability to maintain a high-level of protection for member, staff and business data. One solution that stood apart from the rest was CrowdStrike. The feature rich platform promised to be simple to use and less of a drain on resources, while providing superior protection and performance.

“RACV liked the simplicity of CrowdStrike and having one portal and one set of policies that could be used across different IT stacks,” said Sala. “With CrowdStrike, we get feature parity and simplified policies for all platforms.”

Working in collaboration with CrowdStrike, RACV has deployed a suite of CrowdStrike managed detection and response (MDR) tools to protect all of the endpoints. At first, RACV was unsure about CrowdStrike’s claims. “When CrowdStrike told us how easy the solution was to deploy, we thought it was just marketing hype,” said Sala. “In reality, CrowdStrike turned out to be one of the fastest IT deployments we have had with the least impact on user and business operations.”

Speed and Ease of Rollout

RACV and CrowdStrike started the project in August 2020 and completed it by December. If not for the COVID-19 lockdown and other IT priorities, the solution would have been in place much sooner. “When we started, we had no CrowdStrike-experienced users,” said Sala. “But the speed, ease of rollout and user acceptance demonstrated that CrowdStrike is highly intuitive even for non-technical staff.”

Deployment was carried out jointly between CrowdStrike and RACV. CrowdStrike developed endpoint security policies, tested deployments on different endpoint platforms, and provided guidance and oversight to the RACV team.

“Hands down, CrowdStrike has been the single most impactful cybersecurity initiative we have pursued this year. We could not be happier with CrowdStrike because we are serious about the whole issue of member data confidentiality.”

322% Return on Investment

While reducing costs was not a key driver for using CrowdStrike, the solution has provided significant value for the money. RACV conducted a business value assessment and found that CrowdStrike could deliver a return on investment of 322% and will recoup costs in under three months. “With CrowdStrike, threat detection, protection, resolution and containment are done quickly and on the fly,” said Sala. “To have the equivalent level of protection in-house that we get with CrowdStrike would be too difficult and costly. CrowdStrike enables RACV to be orders of magnitude more effective in seeing, investigating and shutting down threats.”

RACV has realised several significant performance improvements since deploying CrowdStrike. There has been a 90% reduction in the cost and time to deploy, configure and maintain security products. Security efficiency and efficacy — increasing automation, reducing manual processes and minimising remediation — has improved by over 80%. Since CrowdStrike demands little or no endpoint processing power, user and device productivity has increased dramatically with a gain of five minutes per device per day for 3,200 endpoints.

Besides the main purpose of endpoint security, RACV is finding other uses and benefits of CrowdStrike. “Quite often, we and other teams in the organisation use CrowdStrike tools to perform some support and asset management functions, mainly because they are quicker and easier to use than our existing tools,” said Sala. CrowdStrike also helped reduce the cost of Azure cloud computing because the solution uses significantly fewer resources compared to the previous antivirus product.

The RACV team believes CrowdStrike offers indirect benefits for its members in addition to a strong level of security. By reducing the likelihood of security incidents, CrowdStrike has enabled RACV to ensure better service uptime, spend less time and money on incident recovery, and is freed up to improve member services and deliver new ones.

Alongside the CrowdStrike products, another significant benefit for RACV is its partnership with CrowdStrike. RACV was struck by CrowdStrike’s advice during the pre-sales process, and the ability to trial products before purchase. When questions arise, RACV continues to work with CrowdStrike support, which is always accessible to advise, and to anticipate future business and security needs and challenges. RACV describes the partnership with CrowdStrike as operating like one team.

With any IT and security application, there are likely to be deployment and operation issues. However, RACV believes CrowdStrike is different.

“My team are the toughest critics, finding faults in every product we have. With CrowdStrike, the team is still happily discovering new features and benefits several months into deployment. That for me is a thumbs up because we don’t see this with any other product or process.”