Retailoperations

How THG Cut Security Response Time 60% with Elastic ML Detection

T(
THG (The Hut Group)Source: ELASTICJanuary 2025

THG (formerly The Hut Group) is a UK-based ecommerce retail company with revenues exceeding £2 billion, selling its own-brand and third-party cosmetics, dietary supplements, and luxury goods online while also providing ecommerce infrastructure to third parties through its Ingenuity division. Facing a rapidly expanding threat surface as it grew through acquisitions and added SaaS platforms, THG deployed Elastic Security as its unified SIEM, using machine learning capabilities to surface novel attack vectors and automation to eliminate manual triage overhead. The outcome: mean time to respond to security events dropped by 60%, first-line triage burden fell from 90% to 50% of analyst time, and physical storage costs declined by 60% through intelligent data tiering.

Impact

60%

Reduction in mean time to respond (MTTR)

From 90% to 50% of analyst time

First-line triage time reduction

60%

Storage cost reduction

25,000

Events ingested per second

Challenge

THG’s ecommerce and technology stack was expanding rapidly through acquisitions, creating 100+ fragmented data sources with incompatible logging formats that forced analysts to spend up to 90% of their time on first-line triage and left the business exposed to threats that fell below rule-based detection thresholds.

Solution

THG deployed Elastic Security as a unified SIEM, ingesting 25,000 events per second from 100+ sources into a common schema, using machine learning for anomaly detection and automated SOAR-integrated playbooks to reduce analyst triage time and accelerate incident remediation.

Tools & Technologies

ESElastic SecurityCybersecurity

What Leaders Say

With Elastic, we can add new data sources at any time. We’re now pulling in as many as 25,000 events per second from about 100 different feeds. It all adds up to terabytes of data that we can use to enhance security and business performance.

Ryan Kennedy, Head of Security Engineering, THG

Elastic is much more than a log collection tool. It adds features and value that make a real difference to the security of the business.

Ryan Kennedy, Head of Security Engineering, THG
Get the full story.

Sign up to read complete case studies, access detailed metrics, and unlock all use cases.

Full Story

THG’s rapid growth through acquisition created a security challenge that traditional multi-vendor approaches couldn’t handle. As the company expanded its technology stack to include a growing number of SaaS platforms and a zero-trust architecture, each new system came with its own logging format, interface, and query language. Security analysts were context-switching constantly, spending up to 90% of their time on first-line triage—a pattern that suppressed the proactive threat hunting and detection engineering the business needed.

The core problem was fragmentation: THG was ingesting logs from approximately 100 different data sources at up to 25,000 events per second, but no single platform could correlate, query, and act on that data efficiently. Storage costs for the volume of security data were also significant, requiring expensive hardware to maintain hot and warm tiers for data that was increasingly rarely accessed but still needed to be retained for compliance.

THG deployed Elastic Security as a replacement for its fragmented multi-vendor stack, consolidating all security operations into a single interface. The platform ingests from all 100+ data feeds, giving analysts a unified schema to query across the entire organization—device telemetry, phishing data, threat intelligence, and SOAR alerts—in a single language. Machine learning runs continuously to detect anomalies, including fraud patterns, data breach indicators, and denial-of-service signatures that fall below the threshold of rule-based detection. Elastic’s integration with THG’s SOAR platform enabled automated playbook execution, so when a threat pattern is identified, remediation steps begin automatically rather than waiting for analyst intervention.

The shift in operational profile was substantial. Mean time to respond fell by 60%. Analyst time spent on first-line triage dropped from 90% to 50%, freeing the security team to focus on threat hunting, detection engineering, and forward-looking security initiatives. Storage costs for infrequently accessed data—now held in Elastic’s cold and frozen tiers via searchable snapshots—fell by 60%, significantly reducing hardware dependency without sacrificing accessibility.

For THG’s Chief Security Officer, the value extends beyond incident response metrics. Elastic dashboards are now visible across different parts of the business, embedding security awareness in operational teams. The platform’s flexibility means that as THG acquires new businesses running on different technology stacks, those entities can be integrated into the same security architecture without re-engineering the detection layer. In an ecommerce environment where customer trust and transaction integrity are foundational, THG’s investment in unified, ML-driven security represents a direct business enabler.

Similar Cases

GC
Grupo Casas Bahia
14x
productivity gain in comment analysis

Grupo Casas Bahia is one of Brazil’s largest omnichannel retailers, serving over 100 million customers through more than 1,000 stores and a national logistics network. The company deployed Databricks Agent Bricks with Meta’s Llama 3.3 70B model to automate the classification of customer reviews from six distinct channels. Monthly review classification jumped from 1,500 to 33,500, model accuracy reached 90%, and the company saves over 4,000 person-hours annually — equivalent to nearly R$480,000.

RetailDUDatabricks Unity CatalogDADatabricks Agent Bricks
P
PetSmart
22%
incremental lift in salon bookings

PetSmart is North America’s largest pet retailer, operating over 1,700 stores and serving 75 million Treats Rewards loyalty members. The company deployed Databricks Mosaic AI with Hightouch’s AI Decisioning Agents to move beyond static campaign calendars and deliver individualized marketing across owned channels. The result was a 22% incremental lift in salon bookings and a 13% improvement in autoship transaction rates.

RetailDMDatabricks Mosaic AIDDatabricks
M
Morrisons
98.96%
data reporting lag reduction

Morrisons, one of the UK’s largest supermarkets serving nine million customers weekly across 500 stores, migrated its on-premise data warehouse to BigQuery and Looker, reducing reporting lag by 98.96% from one day to 15 minutes. Real-time data now powers Vertex AI demand forecasting models and a customer-facing Product Finder app that receives 50,000 hits per day during peak periods.

RetailVAVertex AIBBigQuery
E
Etsy
~80x
listings per theme increase via algotorial curation

Etsy, the global marketplace for handcrafted and vintage goods, serves nearly 90 million buyers across more than 130 million listings from 5 million sellers. Using Vertex AI, BigQuery, Dataflow, and Gemini, the company built a personalized search and discovery platform it calls “algotorial curation” — increasing listings per theme by 80x, driving a 5% lift in SEO-driven visits, and delivering a 3% conversion improvement for sellers.

RetailVAVertex AIBBigQuery
GF
Grupo Falabella
3x
growth in whatsapp conversations

Grupo Falabella, one of Latin America's largest retailers, deployed Salesforce Agentforce on WhatsApp to autonomously handle customer service inquiries across seven countries. The AI agent resolves 60% of requests without human intervention, operates 24/7, and has driven a 3x increase in WhatsApp conversations in just three months — shifting customer support away from costly phone channels.

RetailECEinstein Chatbot
C
Catalyst
R
Rakuten
~50% reduction
mean time to recovery

Rakuten integrated OpenAI Codex into incident response, CI/CD pipelines, and autonomous development — cutting mean time to recovery by 50% and compressing quarter-long projects into weeks.

RetailOCOpenAI Codex
S
Super-Pharm
50% to 90%
inventory accuracy

Super-Pharm leveraged Google Vertex AI for ML-powered demand forecasting, improving inventory accuracy from 50% to 90% and making forecasting 10x more efficient.

RetailGBGoogle BigQueryGVGoogle Vertex AI
S
Shopify
< 24 hours
model upgrade deployment

Shopify built Sidekick, an AI commerce assistant powered by Claude Sonnet on Google Vertex AI, enabling millions of merchants to reach their first sale in days instead of weeks.

RetailCOClaude on Vertex AIGBGoogle BigQuery