Case Study

How IFF Communicates An Actionable Threat Exposure Story to Both Executives and Security Team Members With One Data Set Using Nagomi

The Global Ingredients Company Uses Nagomi to Bridge the Gap Between Security Operations and the Executive Board

At a Glance

Industry: Manufacturing
Customer: International Flavors and Fragrances
Employees: 25,000
Headquarters: New York, NY
About: IFF is an American corporation that creates products across taste, texture, scent, nutrition, enzymes, cultures, soy proteins, and probiotics categories, which it markets globally.

The Global Ingredients Company Uses Nagomi to Bridge the Gap Between Security Operations and the Executive Board

When we speak with security leaders and practitioners about communicating security effectiveness, threat exposure, and how the overall security program matches against threats we often hear significant challenges. They have to strike a balance between answering the high level question “are we protected against ransomware?” accurately, but without the degree of technical nuance that loses an executive audience.

“We wanted a way to communicate with our steering committee and with our executives,” said Lauren Dana, CISO at International Flavors and Fragrances. “A way to tell the cybersecurity story that they would understand. When we were searching for a tool, most told a very technical story or a subset of the story. None told it at the right level to communicate with our stakeholders.”

IFF makes ingredients that help people experience taste and smell. Their ingredients can be found in grocery stores, beauty supply stores, pharmacies, and more. And although their ingredients are in everything consumers buy, they wouldn’t know that they were buying IFF products – instead they know the end producer of the materials. But that’s what makes IFF special: they are really involved in consumers’ everyday lives.

Finding Balance: Sharing the Security Effectiveness Story While Addressing Gaps

Before Nagomi, understanding the team’s overall security effectiveness against real-world threats was a manual process involving logging into individual tools’ portals, taking screenshots, and manually trying to connect the dots between security tools, defenses, and how they protect against threats.

“It was a lot of manual effort. As an internal team, we do our own weekly review from a technical perspective, and before Nagomi we were taking screenshots of screens across each security tool’s dashboard but that didn’t give us the holistic picture we were looking for. We were forced to think tool-by-tool and not program-by-program or not as a holistic picture. For instance, I would know what my email security protected against, or how many people took my special awareness and education training. But, I wouldn’t know – for ransomware as a whole – these are the ten things that factor into our ability across all tools to be the most protected. It was very, very manual,” added Dana.

Nagomi gave IFF one set of data to share with executive level stakeholders to help them understand overall threat protection while also showing the security team insights into gaps in their tools. The team at IFF was implementing best-in-class security tools, configuring them properly at the time, but after a couple of years new features were added that the team didn’t know about and that were perhaps causing overlap: two tools doing the same thing that could be conflicting. In some cases, IFF found it could be better to just have one tool, but in other cases having several tools that all have a certain feature gave them defense in depth. Nagomi helps IFF with both aspects.

“You need to think along two perspectives,” said Dana. “First, there’s your CISO’s leadership team, and their senior stakeholders throughout the organization. Then you have the CISOs team – the people that are leading the technical tools, it is going to give them a level of insight that they’re not going to get in their individual tools, and it’s going to give a level of collaboration across a program and a level of insight that they’re not going to get on their own through their existing tool platforms and any of those dashboards and metrics.”

Working with Nagomi

IFF began working with Nagomi as a design partner over a year ago while the product was still being developed. This partnership helped to shape the platform and ensured that IFF was able to finally solve a complex, nagging problem.

“It’s been absolutely fabulous,” said Dana. “For me, the speed of development, the speed of changes and integrations, and level of listening and partnering with us has been incredibly impressive. Seeing the way that the developers and the senior leaders are thinking and adapting as the environment is changing, seeing the new directions gives me confidence in where the platform is headed.”

“Nagomi takes a lot of data from all different places and gives you a picture that’s actionable. It helps you make decisions and communicate in a way that you wouldn’t be able to do with all of your different tools one at a time.”

Ready to get started?

Schedule a personalized demo with Nagomi Security or start a risk-free 30 day trial to see what it can do for your organization.