RetailOperations

How THG Cut Security Response Time 60% with Elastic ML Detection

THG (formerly The Hut Group) is a UK-based ecommerce retail company with revenues exceeding £2 billion, selling its own-brand and third-party cosmetics, dietary supplements, and luxury goods online while also providing ecommerce infrastructure to third parties through its Ingenuity division. Facing a rapidly expanding threat surface as it grew through acquisitions and added SaaS platforms, THG deployed Elastic Security as its unified SIEM, using machine learning capabilities to surface novel attack vectors and automation to eliminate manual triage overhead. The outcome: mean time to respond to security events dropped by 60%, first-line triage burden fell from 90% to 50% of analyst time, and physical storage costs declined by 60% through intelligent data tiering.

Outcomes

60%Reduction in mean time to respond (MTTR)
From 90% to 50% of analyst timeFirst-line triage time reduction
60%Storage cost reduction
25,000Events ingested per second

Tools & Technologies

1ES
Elastic Security
SIEM and security analytics platform for threat detection, investigation, and response at scale.

AI Categories

Challenge

THG’s ecommerce and technology stack was expanding rapidly through acquisitions, creating 100+ fragmented data sources with incompatible logging formats that forced analysts to spend up to 90% of their time on first-line triage and left the business exposed to threats that fell below rule-based detection thresholds.

Solution

THG deployed Elastic Security as a unified SIEM, ingesting 25,000 events per second from 100+ sources into a common schema, using machine learning for anomaly detection and automated SOAR-integrated playbooks to reduce analyst triage time and accelerate incident remediation.

Full Story

THG’s rapid growth through acquisition created a security challenge that traditional multi-vendor approaches couldn’t handle. As the company expanded its technology stack to include a growing number of SaaS platforms and a zero-trust architecture, each new system came with its own logging format, interface, and query language. Security analysts were context-switching constantly, spending up to 90% of their time on first-line triage—a pattern that suppressed the proactive threat hunting and detection engineering the business needed.

Access 451+ AI use cases, 424+ tools, and adoption signal rankings.

Source

ELASTIC
January 2025
Original case study

Similar Cases

1S
How Shopify Scales AI-Powered Sidekick to Millions of Merchants with Claude on Vertex AI
Shopify
< 24 hoursModel Upgrade Deployment
2S
How Super-Pharm Uses Vertex AI to Improve Inventory Accuracy from 50% to 90%
Super-Pharm
50% to 90%Inventory Accuracy
3AM
How Adore Me Uses Writer AI Studio to Cut Market Launch Time by 95%
Adore Me
40%Increase in non-branded search volume
4I
How Ibotta Uses Databricks Vector Search and AI/BI to Personalize Cashback Offers and Reduce Latency at Scale
Ibotta
IncreasedOffer relevance improvement
5GF
How Grupo Falabella Uses Agentforce on WhatsApp to Resolve 60% of Requests
Grupo Falabella
60%Service requests resolved autonomously on WhatsApp
6P
How PetSmart Uses AI Decisioning to Boost Salon Bookings 22%
PetSmart
22%Incremental lift in salon bookings
7E
How Erewhon Automated 70% of Customer Service Tickets and Saved $40K Annually with Zapier
Erewhon
70%Customer service tickets automated
8E
How Etsy Uses Gemini and Vertex AI to Personalize 90 Million Shopping Experiences
Etsy
~80xListings per theme increase via algotorial curation
9G
How Gearfire Cut IT Costs 67% with Elastic Cloud Serverless
Gearfire
67%IT cost reduction in first month
10BL
How Bank Leumi Cuts Security Detection Time 60% with Elastic
Bank Leumi
-60%Log detection and analysis time
See all use cases →