Customer Background
Our customer is a leading Singapore food and beverage (F&B) enterprise that operates a diverse portfolio of restaurants, catering services, and large-scale food production facilities. The company operates dozens of brands and outlets supported by a centralized IT infrastructure that connects its headquarters, retail branches, and production facilities. These systems must run around the clock to ensure uninterrupted business operations.
As one of the top players in the F&B sector, the organization relies on a connected ecosystem of endpoints, servers, and applications to support high daily transaction volumes throughout their branches and outlets. This extensive digital footprint increases its exposure to cyber threats such as ransomware, credential theft, and lateral movement attacks.
We spoke with the company’s Senior IT Manager, who shared how adopting Sangfor’s Athena MDR (Managed Detection and Response) service has enhanced their ability to detect, contain, and prevent cyber threats, helping their business stay secure and resilient in today’s threat landscape.
Cybersecurity Challenges
With a lean IT team and no dedicated cybersecurity staff, the company faced multiple challenges in maintaining visibility, preventing data breaches, and responding quickly to incidents.
| Pain Points | Details |
| 1. Lack of Dedicated Security Resources | The company has no dedicated in-house cybersecurity team, with general IT staff managing both IT operations and IT security. “We don’t have a cybersecurity team at the moment, and we’re not planning to add the overhead,” said the Senior IT Manager. Building an internal SOC would require at least three full-time analysts, which in Singapore could cost upwards of SGD 330,000* annually (approximately USD 260,000), not including additional costs for new or upgraded technology tools, processes creation, or 24/7 coverage; |
| 2. Reactive and Delayed Response | Previously, the company relied on a third-party IT vendor for incident handling that operated only during business hours. Responses often came the next business day, leaving the company exposed during nights, weekends, and holidays. “It was more correction than prevention. We wanted something proactive, not just reactive,” said the Senior IT Manager, noting that their previous setup lacked the capabilities needed to provide effective and comprehensive security monitoring and response. |
| 3. Visibility Gaps and Incomplete Detection | The company’s previous deployment of a third-party NDR solution offered limited visibility; restricted to network-level detection. Without integrated endpoint and firewall telemetry, performing root-cause analysis during incidents such as ransomware attacks was extremely difficult. “When ransomware hit, we had to restore from backup but couldn’t trace where it came from because we didn’t have sufficient telemetry or visibility to investigate properly,” the Senior IT Manager explained. |
| 4. User-Originated Risks Across Branches | With hundreds of employees working across restaurants, catering sites, and HQ, maintaining consistent endpoint security hygiene was challenging. Devices used by staff at remote outlets were later connected to the HQ network, occasionally bypassing security controls and increasing the risk of lateral movement. “The weak point is always the users,” the Senior IT Manager shared. “Some laptops don’t have endpoint protection installed, so when they connect to HQ, they can potentially compromise the network. We have notified all staff to ensure their computers are equipped with the latest endpoint security, but this initiative always falls on deaf ears.” |
| 5. Incomplete Integration Between Security Tools | Previous solutions lacked full integration for alert correlation and automated response. The F&B entity required a unified platform capable of correlating data across endpoints, networks, and firewalls — with human-led validation to minimize disruption caused by false positives. |
* Three times the median salary of SGD 110,000 based on the SGD 80,000–SGD 130,000 range for professionals with 5–10 years of experience (Morgan McKinley benchmarks).
Sangfor Security Solution
Recognizing the need for comprehensive visibility, 24/7 monitoring, and proactive, expert-led threat response, the company adopted Sangfor Athena MDR to establish a Security Operations (SecOps) function without the associated overhead. To support this initiative, it deployed endpoint protection (Athena EPP), network detection (Athena NDR), and firewall (Athena NGFW) in a cost-effective solution to enhance visibility and enable coordinated detection and response across endpoints and network infrastructure.
Athena MDR operates 24/7 from Sangfor’s ISO/IEC 27001–certified SOC in Malaysia, supported by over 450 cybersecurity experts worldwide. The Athena MDR service integrates AI-driven analytics (Security GPT) with human intelligence, ensuring real-time validation before response to avoid unnecessary disruption.
Now we have protection from endpoint to firewall, and the MDR team ensures all layers are guided and connected
The Senior IT Manager
Solution Benefits and Outcomes
Security Posture Summary Before and After Sangfor Athena MDR
| Area | Before Sangfor MDR | After Sangfor MDR | Quantifiable Improvement |
| Detection & Response | Dependent on an external vendor with responses typically arriving the next business day (up to 12-hour gap) | 24/7 alert validation and response within 30 minutes – 4 hours, depending on severity | Up to 90% faster response time |
| Visibility Coverage | Network-only visibility (NDR), isolated from antivirus | Integrated endpoint, network, and firewall telemetry monitored through MDR | 2x broader visibility coverage |
| Threat Validation Accuracy | Frequent false positives; manual triage | AI-driven detection with analyst validation reduces false positives and manual triage effort | 97% reduction in false positives |
| Security Operations Cost | Building a 3-person SOC requires at least USD 260K per year in staffing costs alone | 24/7 SOC coverage delivered through MDR at over 80% lower cost than building an in-house SOC | ~80% cost savings |
| Ransomware Resilience | 1 major ransomware incident requiring full backup restoration | No incidents since MDR adoption | 100% ransomware prevention |
| Operational Readiness | Disjointed security tools | Fully operational MDR setup in 4 weeks | ≈ 90% faster deployment |
Detailed Breakdown of Outcomes and Benefits
1. 24/7 Proactive Monitoring and Response
Athena MDR now provides real-time detection and human-led response, reducing alert validation from 1 business day to as fast as 30 minutes for critical threats. This improvement represents an estimated 90% faster reaction time, enabling the IT team to focus on business operations instead of manual incident handling.
2. Complete Visibility and Unified Coverage
Unlike the previous NDR-only approach, Sangfor’s integrated EPP + Firewall + NDR stack provides end-to-end visibility across all assets — endpoints, servers, and network traffic.
Through cross-domain correlation, the solution eliminates blind spots and delivers at least twice the visibility. This enables the MDR team to accurately identify attacks such as lateral movement, data exfiltration attempts, or command-and-control (C2) connections before they escalate.
3. Detection Accuracy & Noise Reduction Through Human-AI Collaboration
The MDR platform processes approximately 660 million logs each month. Its integration of Security GPT and advanced algorithms improves detection accuracy and helps minimize false positives. Over 99.9% of raw logs are automatically filtered, enabling the service team to notify the customer of meaningful security events instead of overwhelming them with millions of data points. As a result, the company experiences an average 97% reduction in false positives per month, based on the number of alerts and incidents generated throughout the duration of the MDR service.
“Technology alone can overreact, but with MDR, the human review ensures we strike only when necessary,” said the Senior IT Manager.
4. Reduced Operational Overhead and Cost
By outsourcing security operations to Athena MDR, the customer eliminated the need to hire three full-time cybersecurity staff and maintain costly SOC tools. This resulted in annual savings of approximately USD 260K, while gaining enterprise-grade protection and 24/7 expertise at a fraction of the cost.
These savings are further amplified when compared to potential business losses from a single week-long ransomware disruption, which could easily exceed hundreds of thousands in dollars of downtime and recovery costs. Sangfor’s MDR TCO model estimates a ROI exceeding 80% compared to an in-house SOC on a yearly basis. (Source: MDR TCO Calculator)
Based on IBM’s 2025 Cost of a Data Breach report, consumer companies face on average USD 3.72 million in total damages from cyberattacks on a yearly basis.
5. Strengthened Cyber Resilience and Zero Downtime
Since onboarding Athena MDR, the customer has not experienced any ransomware incidents following the previous attack. Proactive monitoring and immediate containment have contributed to 100% business continuity across all operations throughout the engagement.
Additionally, the MDR team conducts proactive threat intelligence monitoring to detect risks relevant to the company’s environment, helping the organization stay ahead of evolving attack techniques, as illustrated in the example below.
Athena MDR Notification Screenshot
Moreover, Athena MDR was deployed in less than 4 weeks, up to 90% faster than establishing a fully mature, real-world-tested SOC in-house, a process that typically takes 12 months or more.
6. Improved User and Endpoint Security Awareness
MDR reports have also helped the customer identify risky endpoint behaviors, including unprotected devices connecting from outlets. The MDR team provides regular recommendations to improve endpoint compliance, ensuring higher hygiene and reduced exposure from external users.
Conclusion
Through Sangfor Athena MDR, the customer successfully transformed its cybersecurity posture from reactive and fragmented to proactive and fully integrated, achieving faster response, better visibility, and significant cost savings.
Key measurable outcomes include:
- Up to 90% faster incident response and validation.
- 2x broader visibility across endpoints, network, and firewall.
- ~80% annual cost savings versus in-house SOC.
- Zero ransomware incidents since deployment.
The company now operates with the confidence that their entire digital ecosystem is continuously protected, allowing their IT team to focus on enabling business growth, not firefighting cyber threats.
We can focus on our business while Sangfor takes care of our security. That’s the value of MDR
The Senior IT Manager
See How Much You Could Save with MDR
Building and operating an in-house SOC requires significant investment in skilled personnel, security tools, and continuous operations. For many organizations, Managed Detection and Response (MDR) provides enterprise-grade protection at a fraction of the cost.
Curious how much your organization could save?
Use the Sangfor MDR TCO Calculator to estimate the potential cost savings compared to building and maintaining your own SOC. In just a few minutes, you can see the financial and operational benefits of adopting MDR for your security operations.
Try the MDR TCO Calculator and discover your potential savings today.
