Bühler
Patrick Zimmermann (Expert Information Security Specialist)
1. Can you briefly introduce your company and describe your role within the organization?
Bühler is a Swiss multinational technology and plant equipment manufacturer based in Uzwil. It is known for plant and equipment and related services for processing foods and manufacturing advanced materials. The organization holds leading market positions worldwide in the fields of technology as well as processes for transforming grain into flour and animal feeds, producing pasta and chocolate, and manufacturing die cast components.
The company was founded 1860, has been family owned ever since and has around 12500 employees in over 140 countries.
I am a security specialist and part of the governance, risk and compliance team where we take care about all non-SOC related information security topics.
2. What specific challenge or security concern prompted you to look for a cyber threat intelligence solution—particularly one focused on darknet monitoring?
We wanted to have a platform specifically to identify breached user credentials which also provides access to the breached credentials since often users struggle to identify the potential source of a breach if we were not able to tell them for example the affected password. We wanted to build a process that we can identify breached user credentials and then inform the affected employees so they can take the necessary steps like changing their password.
On top any additional functionality like being able to search through darknet forums was a plus.
3. Which other solutions did you evaluate before choosing Kaduu, and what were the key criteria that influenced your final decision? If you dont want to share brands, please just focus on the second part of the question.
We used Have I been Pwned (free tier) before. We were not really looking into any other solutions – the biggest point was that it must be cost effective since we would only use a small part from a typical “threat intelligence platform”. Having a platform for 10s of thousands per year would not have been realistic for our use case. The fact that we were also using Lucy in the past (which we also liked) also positively influenced the fact that Kaduu would be a great solution.
4. Since adopting Kaduu, what aspects of the platform do you value most? Are there any features or workflows you feel could be improved?
The cost effectiveness compared to others. Simple to use, API to extract data. The possibility to do all kind of threat intel research like accessing darknet forums, searching paste bin sites, etc.
To improve: The different UIs/ Frontends.
5. How do you integrate Kaduu’s data into your internal processes or security environment? Do you have automations, alerts, or incident workflows connected to it?
We extract the necessary data via the API via scheduled jobs and then feed it into our SIEM where we do the dashboards, data aggregation, etc.
6. Can you describe what typically happens inside your organization when Kaduu reports a new data leak or potential exposure?
Our Cyber Defense team has a scheduled activity where they check “first breached” credentials (username + password pair) and then the affected users get informed about the issue and requested to change their password. The steps look like this:
1. data ingestion > automated via API
2. review of the affected users (plausibility check) -> manual
3. user info > automated
7. Have you already identified data leaks or exposed credentials that could have posed a significant risk to your organization if they had been exploited?
The risk of breached passwords is not that high today since access to our assets from external are protected with multi factor authentication but we catched for example third party contractors which had stealer malware on their non-Bühler computer. That stealer collected session cookies which could be used to circumvent multi factor authentication.
Another aspect is that we may also protect our employees from private issues, if maybe a sensitive non-business related website was breached.
8. Would you recommend Kaduu to other companies? If yes, what would be your main reasons?
Yes, it is in our eyes e very nice solution with a lot of “bang for the buck” 😉
9. Is there anything else you would like to share about your experience with darknet monitoring or with Kaduu specifically?
no, I hope I mentioned all.
Your data might already be exposed. Most companies find out too late. Let ’s change that. Trusted by 100+ security teams.
🚀Ask for a demo NOW →Q: What is dark web monitoring?
A: Dark web monitoring is the process of tracking your organization’s data on hidden networks to detect leaked or stolen information such as passwords, credentials, or sensitive files shared by cybercriminals.
Q: How does dark web monitoring work?
A: Dark web monitoring works by scanning hidden sites and forums in real time to detect mentions of your data, credentials, or company information before cybercriminals can exploit them.
Q: Why use dark web monitoring?
A: Because it alerts you early when your data appears on the dark web, helping prevent breaches, fraud, and reputational damage before they escalate.
Q: Who needs dark web monitoring services?
A: MSSP and any organization that handles sensitive data, valuable assets, or customer information from small businesses to large enterprises benefits from dark web monitoring.
Q: What does it mean if your information is on the dark web?
A: It means your personal or company data has been exposed or stolen and could be used for fraud, identity theft, or unauthorized access immediate action is needed to protect yourselfsssss.