Customer story
Retail and Wholesale


As one of the largest retailers in Germany, ROSSMANN’s IT security team needed a solution to identify threats inside its network.


Needed a way to identify threat behaviors and decryption without deep packet inspection

Selection criteria

A network-centric detection and response solution that captures security-centric metadata to identify threats without prying into payload or contents of traffic


  • Consolidation of hundreds of events to pinpoint host devices that pose the biggest threat
  • Greater understanding of the context behind every threat
  • Automated scoring and prioritization by the Vectra Threat Certainty Index

Vectra stops data breaches across one of Europe’s largest drug store chains


ROSSMANN, one of Europe's largest drugstore chains, faced the challenge of strengthening its security posture to identify cyber threats within its network while adhering to strict data protection laws, requiring a solution that avoids the operational burden of open-source tools and signature-based intrusion detection.


To address these challenges, the ROSSMANN IT security team selected Vectra's network detection and response (NDR) platform, leveraging AI-driven Threat Certainty Index™ and GDPR-compliant security-enriched metadata extraction to automate threat detection without compromising data privacy.

Customer benefits

The Vectra AI platform demonstrated a speedy time-to-value, automating the hunt for cyberattackers, reducing noise, and providing a strong threat signal, ultimately saving time for the IT security team. The platform's ease of use, automation, and ability to quickly expose red team behaviors allowed for efficient response and mitigation of real threats, enhancing the overall security posture of ROSSMANN.

“Vectra offers protection without prying. Instead of looking at the payload or contents of traffic, it only captures the security-centric metadata to identify threats.”

Daniel Luttermann
Security Team Lead ROSSMANN IT

“It sends a strong, high-fidelity threat signal, there’s no noise, and no alert fatigue. If a critical detection appears in the dashboard of the Cognito UI, we know it’s worthy of our attention.”

Daniel Luttermann
Security Team Lead ROSSMANN IT