Lydia HudsonCase study: Bird & Bird

Bird & Bird is a global law firm specialising in intellectual property and technology. The firm advises major tech brands, governments, sports organisations and pharmaceutical companies. With around 3,700 users across 33 offices, the team runs a complex IT estate that has to stay secure and compliant while supporting day-to-day legal work. For the security team, this is fundamentally a cybersecurity asset management challenge: keeping track of every device, control and policy in one place.

The challenge: conflicting data and dangerous blind spots

Before partnering with ThreatAware, Bird & Bird’s security team could not get a straight answer to a simple question: how many devices do we really have, and are they all protected? Multiple tools reported different numbers. SCCM, Intune, Tenable, Cortex and ServiceNow each had their own console, their own reports and their own view of the world . None of them matched. Security and infrastructure teams spent hours exporting data and comparing spreadsheets, only to end up with conflicting answers.

“We could never tell exactly how many machines we had deployed in our estate, and whether they were all running our security agents correctly.” - Dan Fleming, Information Security Specialist

The team could see there were gaps, but they had no reliable way to measure or prioritise them. Devices that did not appear in every system could easily be missed. Renewals such as Cyber Essentials Plus demanded data from several teams and systems, adding to the workload. Cyber insurers increasingly wanted proof that controls were working everywhere, not just deployed in theory. Large programmes such as the firm’s Windows 10 end-of-life migration also depended on accurate, up-to-date inventory data, which was hard to guarantee without a single trusted source.

The ThreatAware solution: unified visibility across a global estate

Bird & Bird selected ThreatAware to act as a single source of truth for security-relevant asset data and to strengthen its cybersecurity asset management across their global estate. ThreatAware was integrated with 13 existing systems, including on-premise and SaaS tools, through API connections. Deployment did not require agents and needed only light internal effort:

• Cloud-based platform: no complex on-premise infrastructure to maintain.

• Agentless integration: data flows directly from existing tools.

• Fast time to value: usable data appeared in hours, not weeks.

A key factor in the decision was the integration with Tines, which Bird & Bird had recently adopted for security automation. ThreatAware not only surfaces issues; it can also trigger automated workflows to start remediation straight away.

ThreatAware now provides:

• A single, consolidated inventory of all devices across Bird & Bird’s global environment.

• Clear visual indicators (tick or cross) to show which security controls are present and working on each device.

• Role-based access so regional IT teams can view and manage devices in their own areas.

“You need a single source of truth that correlates results from multiple systems and corroborates evidence. That’s just a reality of modern computer systems.” - Martyn Styles, CISO

Impact: clearer visibility and practical security gains

With ThreatAware in place, Bird & Bird has moved from manual, fragmented reporting to real-time, unified visibility over its global IT estate and day-to-day cybersecurity asset management.

Windows 10 end-of-life migration with confidence

During the Windows 10 end-of-life project, an export from SCCM suggested that all devices had been upgraded. ThreatAware showed a different picture, revealing machines that SCCM had missed because its agent was not working correctly.

Some devices were correctly visible in Intune, Azure AD and other tools and were running the firm’s endpoint protection, but they were not showing in SCCM at all. ThreatAware surfaced these exceptions immediately, allowing the team to tag them, raise alerts and make sure they were remediated or isolated where needed.

Stronger cyber insurance and compliance position

ThreatAware now provides cross-checked evidence that security tools are not only installed but actually working across devices. This helps the firm demonstrate to cyber insurers that controls are deployed and functioning across the estate.

For Cyber Essentials Plus recertification, the security team no longer needs to contact multiple IT teams for device counts or control status. ThreatAware brings this information into one place. Dan notes that for the latest Cyber Essentials Plus cycle, he did not need to chase other teams for data at all; the integrations in ThreatAware gave him everything required.

Operational efficiency and cost savings

ThreatAware has also delivered very practical time savings. The security team no longer spends hours exporting from multiple systems and reconciling spreadsheets. Real-time alerts highlight missing agents, misconfigurations or end-of-life operating systems as they appear.

ThreatAware also exposed virtual machines that were assumed to be offline but were still running, helping avoid unnecessary infrastructure spend.

Key benefits for Bird & Bird

Bird & Bird now relies on ThreatAware in its day-to-day security work:

• Complete visibility: A clear, up-to-date view of all devices across 33 offices, replacing conflicting reports from separate tools.

• Security control validation: Ongoing confirmation that endpoint protection, monitoring and other controls are both deployed and functioning, supporting stronger cyber resilience and insurance readiness.

•Time savings for the security team: Hours of manual reporting have been removed from compliance and project work, allowing the team to focus on higher-value security tasks.

• Cross-team enablement: Regional IT managers and specialist teams can use ThreatAware and AI Studio to answer their own questions from the same trusted data set.

• Reduced risk: Alerts and Tines workflows mean gaps are identified and addressed quickly, rather than discovered during audits or after an incident.

Having implemented ThreatAware, Bird & Bird have moved from guessing at asset coverage to proving it, with a single, trusted view of the firm’s global cyber estate.

Real-Time Results

Bird & Bird now has the evidence it needs to prove security coverage across a large, complex estate without manual reconciliation or guesswork. If you face similar challenges with fragmented tools and incomplete asset data, ThreatAware can provide the same single source of truth for your cybersecurity asset management needs.

If you'd like to see how complete visibility across your IT estate could transform your security posture, book a demo with our team today.