Care Park Replaces Darktrace with WatchGuard
What Was Care Park’s Challenge?
Care Park is a major global parking and property management group with a portfolio of parking properties valued at over $200 million and a network of more than 450 car parks across Australia, New Zealand, the UK, and Malaysia, supported by approximately 200 employees. Over time, Care Park’s security stack had become fragmented, with separate tools delivering point capabilities rather than an integrated security outcome.
Darktrace provided network and endpoint monitoring across more than 450 IP addresses. A WatchGuard Firebox handled core perimeter security, while around 350 endpoints relied on Microsoft Defender, and 25 servers were protected by SentinelOne.
Although Darktrace delivered strong detection and took evasive action on the endpoint, full containment and remediation still required frequent intervention from their IT service provider.
“Our security stack had evolved over time, combining various technologies that didn’t cohesively operate as a single source of information,” said Paul Foley, vCTO of Care Park. “In terms of value for money, we were not happy with rising costs and a lack of the full field of view. We’re a 24/7 operation and needed a response team capable of taking action at any time.”
Care Park also faced practical gaps that affected governance and future readiness, including limited compliance reporting, cloud application monitoring that required a separate module, and no straightforward path to extend monitoring to cloud workloads if requirements expanded.
With renewal approaching and Darktrace costs rising, the priority shifted to consolidating tools and improving outcomes without increasing operational burden. The goal was to reduce costs, improve integration, and meet compliance needs.
What Was WatchGuard’s Solution for Care Park?
WatchGuard led the approach to replace Darktrace and broaden coverage across both current and emerging attack surfaces. WatchGuard Total NDR was deployed for 500 IPs (251 licenses) to replace Darktrace network monitoring, while providing the Cloud SaaS coverage and compliance reporting capabilities Darktrace lacked. For servers, WatchGuard’s Advanced EPDR replaced SentinelOne, unifying prevention, detection, and remediation under a single strategy.
Care Park’s WatchGuard Firebox M390 was also upgraded to a Total Security license to enable XDR across the environment, and MDR was aligned with Microsoft Defender, so Care Park could retain its endpoint investment without deploying an additional agent solely to achieve MDR coverage.
Total MDR was then introduced for 375 seats, covering 350 endpoints and 25 servers, to operationalize response and reduce the need for partner-led intervention. The resulting operating model consolidated visibility and action into a single workflow: NDR for network detection, MDR for containment and remediation, and XDR to align signals and enhance reporting.
What Were the Results?
Care Park achieved tangible improvements in cost, coverage, and operational efficiency, reducing annual spend by nearly 35% compared to its Darktrace renewal. WatchGuard Total NDR and Total MDR expanded protection across the network, endpoints, and servers while supporting future SaaS and cloud monitoring needs without requiring additional platform modules.
By pairing NDR detections with MDR-led containment and remediation, Care Park reduced the partner’s day-to-day manual workload and shortened the path from detection to response. Visibility and reporting also improved through the upgrade of the existing Firebox services to introduce ThreatSync XDR, providing more consistent telemetry and centralized monitoring across the environment.
“The business case was clear: stronger coverage and reporting, fewer moving parts, and meaningful cost reduction,” explained Mr. Foley. “We’ve improved governance today while positioning ourselves to extend monitoring into SaaS and cloud as our requirements evolve.”