The most pressing need for increased IT security was the fact that RITZ produces for numerous KRITIS operators who are legally obliged to implement state-of-the-art IT security, obtain certification, and provide evidence. This also places increased demands on their suppliers, who must in turn be able to show their customers that they are implementing reasonable measures to protect their environment as best as possible. In order to continue working for KRITIS operators, RITZ therefore had to improve its own IT security.

Machines must not come to a standstill

At the same time, the company also wanted to protect its own operations more reliably. The OT area is essential for the manufacturing company and was therefore a particular focus. Previously, the devices were only protected by a separate network segment, which did not correspond to the current state of the art. For Thomas Steffen, Head of IT at RITZ Instrument Transformers GmbH, the goal was obvious: “The machines have to run. Production has to take place, things have to be sold, that's the important thing.”

Holistic automation for greater security and focus

IT security at RITZ was patchy and involved a lot of manual work. IT employees had to go through logs manually to check incidents one by one. This was not tenable in its large environment encompassing more than 90 servers and 550 clients. Too many threats got overlooked, exposing the company to cyber threats.

There were some security solutions in place, but they were dispersed and not linked to each other. This left too many gaps, preventing comprehensive security.

When Thomas Steffen started as Head of IT at RITZ Instrument Transformers GmbH in September 2024, he immediately saw the need for a comprehensive, autonomous solution. He was already familiar with Darktrace from his previous company. There, the solution had prevented several serious attacks in the email area alone: it blocked numerous emails that were leading to attacks at other companies and brought their operations to a standstill. The decision in favor of Darktrace was therefore an obvious one for the IT manager.

Above all, Steffen wanted a 360° view of the company – a holistic view of security. For RITZ he wanted a solution where a limited number of systems would interact seamlessly with each other, and he already knew that Darktrace, with its numerous communication interfaces, could provide just that.

Adopting Darktrace was one of the first measures that Steffen took in his new position as Head of IT at RITZ. "The implementation was quick and painless,” he says. Less than two months after the start of the Proof of Value (POV), the solution was up and running.

Since the second week of January 2025, the Darktrace ActiveAI Security Platform™ has been running fully autonomously with:

• Darktrace / NETWORK
• Darktrace / EMAIL
• Darktrace / OT
• Darktrace / IDENTITY

Attack prevented in week 2

Darktrace / IDENTITY prevented an attack in the second week of live use: credentials were stolen, and three minutes later the attack would have occurred if Darktrace had not intercepted it in time.

RITZ Instrument Transformers has tuned Darktrace / EMAIL in such a way that only selected important emails are sent directly to the inbox. All others are sent to a separate folder, which users check regularly. They can use the analysis tool to check whether the emails are safe.

Considering OT right from the start

With Darktrace / OT, the requirements from production were taken into account right from the start. Shortly after the introduction of Darktrace, OT approached IT with a request for a specific security feature. “I've had that active for two weeks,” Thomas Steffen was able to reply to the request.

Threats in the network are now automatically detected, investigated, and stopped by Darktrace / NETWORK. In the event of incidents, devices, or users are blocked, "which works very well," says the Head of IT. This is the case, for example, when new devices are set up but not properly integrated into the security stack. In the period between December 2024 and March 2025, out of 148 network actions, none required any human interaction on the client side.

With the Darktrace ActiveAI Security Platform, RITZ benefits from 360° security. The company is viewed as a single unit, and previously siloed areas such as the network, email traffic, OT, and identities are protected holistically – and fully autonomous. "Darktrace manages everything autonomously,” says Steffen.

This automation has two advantages: it ensures greater overall security and noticeably reduces the workload on IT. The IT team can now spend more time on strategic IT projects and work more efficiently because they hardly have to worry about security. Steffen sums it up as follows: "Darktrace makes our lives easier because we can focus on other issues.“

And the legal department is also happy: “Our lawyers have said that [the adoption of Darktrace] is a very good and sensible decision. Thanks to its use, we are in a better position in the auditors' security assessments,“ explains Steffen.

Preparations are currently underway at RITZ to introduce further Darktrace components and interfaces to automate additional areas. All existing systems are being reviewed to identify potential for improvement. The aim is to be state-of-the-art at all times and to remain fully protected with Darktrace in the background.