CASE STUDY OSRAM. Next-Generation Firewall

Similar documents
CASE STUDY. AUSTRIAN AIRLINES Modernizes Network Security for First Class Performance

CASE STUDY. RHEINLAND VERSICHERUNGSGRUPPE Who Ensures Security for The Insurers? RHEINLAND VERSICHERUNGSGRUPPE Who Ensures Security for The Insurers?

Moving Beyond Proxies

CASE STUDY. UNIVERSITY OF SOUTHAMPTON Top UK Research University Gets Future-Proof Solution for Bandwidth and Security Needs

Palo Alto Networks Gets Top Marks for Solving Bandwidth and Security Issues for School District

CASE STUDY. NEXON ASIA PACIFIC Nexon Securely Onboards 25 Cloud Customers in Only Eight Months

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

WildFire. Preparing for Modern Network Attacks

Still Using Proxies for URL Filtering? There s a Better Way

Growing MSP Uncovers Huge Service Efficiencies With Network Infrastructure RMM

CASE STUDY. ANNIE WRIGHT SCHOOLS Hogwarts Works Magic with the Next-Generation Firewall

Securing the Virtualized Data Center With Next-Generation Firewalls

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

REPORT & ENFORCE POLICY

Breaking the Cyber Attack Lifecycle

A Modern Framework for Network Security in the Federal Government

Network Security for Mobile Users

Reducing Costs With Next- generation Network Security Investing in Innovation Pays Cost Savings Dividends

What s Next for the Next Generation Firewall Vendor Palo Alto Networks Overview. October 2010 Matias Cuba - Regional Sales Manager Northern Europe

What s Next for Network Security - Visibility is king! Gøran Tømte March 2013

Enterprise Security Platform for Government

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

Content-ID. Content-ID URLS THREATS DATA

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

App-ID. PALO ALTO NETWORKS: App-ID Technology Brief

Reducing Costs With Next-generation Firewalls. Investing in Innovation Pays Cost Savings Dividends

Top 10 Reasons Enterprises are Moving Security to the Cloud

Deployment Guide for Citrix XenDesktop

Next Generation Enterprise Network Security Platform

May Palo Alto Networks 232 E. Java Drive Sunnyvale, CA

MEETING CSIP OBJECTIVES WITH AN AUTOMATED AND PREVENTIVE SECURITY APPROACH

Solution Brief. Aerohive and OpenDNS. Advanced Network Security for Retail Stores

IP Telephony: Reliability You Can Count On

White Paper. Five Steps to Firewall Planning and Design

SSL Encryption and Traffic Inspection ADDRESSING THE INCREASED 2048-BIT PERFORMANCE DEMANDS OF 2048-BIT SSL CERTIFICATES

White Paper. What is an Identity Provider, and Why Should My Organization Become One?

About the VM-Series Firewall

Taking a Proactive Approach to Patch Management. B e s t P r a c t i c e s G u i d e

Panorama PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.

WildFire Overview. WildFire Administrator s Guide 1. Copyright Palo Alto Networks

The Cisco ASA 5500 as a Superior Firewall Solution

Customer Services Overview

White Paper. Consolidate Network Security to Reduce Cost and Maximise Enterprise Protection

Readiness Assessments: Vital to Secure Mobility

Datasheet FUJITSU Cloud Monitoring Service

Securing the Database Stack

Cybersecurity Imperatives: Reinvent Your Network Security With Palo Alto Networks

Palo Alto Networks Cyber Security Platform for the Software Defined Data center. Zekeriya Eskiocak Security Consultant Palo Alto Networks

Securing Virtualization with Check Point and Consolidation with Virtualized Security

Mobile Secure Desktop Maximum Scalability, Security and Availability for View with F5 Networks HOW-TO GUIDE

Now Leverage Big Data for Successful Customer Engagements

Next-Generation Firewall Overview

Cisco Cloud Web Security

McAfee Security Architectures for the Public Sector

About the VM-Series Firewall

Virtualization Essentials

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013

PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.

APERTURE. Safely enable your SaaS applications.

security changes with Orange focus on your business, we focus on your security

Meru MobileFLEX Architecture

Unwired Revolution Gains Full Visibility into Enterprise Environments with Server Side and Mobile App Monitoring from New Relic.

How To Bring In Palo Alonnetworks

Helping Customers Move Workloads into the Cloud. A Guide for Providers of vcloud Powered Services

Palo Alto Networks. September 2014

Firewall Feature Overview

Preventing Data Leaks At The Firewall A Simple, Cost-Effective Way To Stop Social Security and Credit Card Numbers From Leaving Your Network

IBM Security Intrusion Prevention Solutions

The Network and The Cloud: Addressing Security And Performance. How Your Enterprise is Impacted Today and Tomorrow

VMware vcloud Networking and Security

Network Design Best Practices for Deploying WLAN Switches

The Application Usage and Threat Report

The Hillstone and Trend Micro Joint Solution

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

MITEL. Enterprise Management Solutions

Network Virtualization Solutions - A Practical Solution

Simplifying branch office security

Five Steps to Building Visibility and Security Into Your Network

Symantec Client Management Suite 8.0

Internet Content Provider Safeguards Customer Networks and Services

Achieve Deeper Network Security and Application Control

Solutions Brief for Financial Institutions A Solutions Brief By Shoretel

Simplifying Branch Office Security

WhatWorks in Log Management EventTracker at San Bernardino County Superior Court

Moving Network Security from Black and White to Color Refocusing on Safely Enabling Applications

How to Dramatically Reduce the Cost and Complexity of PCI Compliance

WildFire Cloud File Analysis

Enabling Database-as-a-Service (DBaaS) within Enterprises or Cloud Offerings

Panorama. Panorama provides network security management beyond other central management solutions.

Cisco and Citrix: Building Application Centric, ADC-enabled Data Centers

Connectivity And Speed For An Always On World

Reduce Your Network's Attack Surface

Palo Alto Networks Next-generation Firewall Overview

Protecting the Infrastructure: Symantec Web Gateway

Putting Web Threat Protection and Content Filtering in the Cloud

Cisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016

GlobalProtect Overview

Ricoh Consulting. IT Service. Affordable, smart solutions from Ricoh Consulting. Contact

Transcription:

CASE STUDY OSRAM World s ANNIE Leading WRITE Light SCHOOLS Manufacturer Saves $120,000 Hogwarts Per Works Year by Magic Replacing with 78 Proxy the Servers Next-Generation Firewall

PA-5020 (6) OSRAM is one of the two leading light manufacturers in the world. The company s portfolio covers the entire value chain from components including lamps, electronic control gear, and opto semiconductors such as light-emitting diodes (LED) as well as luminaires, light management systems, and lighting solutions. The company, which is internationally oriented, had more than 34,000 employees worldwide and generated revenue of almost 5.1 billion Euros at the end of fiscal year 2014. The company s business activities have been focused on light and hence on quality of life for over 100 years. INDUSTRY // Manufacturing CHALLENGE // Centralize and standardize security infrastructure, gain network visibility to control traffic and application access, heighten security, and simplify IT management. SOLUTION // Palo Alto Networks enterprise security platform, Threat Prevention including IPS, URL Filtering (PAN-DB), WildFire, the Panorama centralized management system, and GlobalProtect. SUBSCRIPTIONS // WildFire, GlobalProtect, Panorama, Threat Prevention, URL Filtering (PAN-DB) APPLIANCES // PA-5020, PA-2050, PA-3020, PA-500, PA-200, M-100 PA-2050 (2) PA-3020 (2) PA-500 (5) PA-200 (56) M-100 (1) RESULTS... Saving $100,000 on hardware and software costs, and $20,000 on maintenance and support, per year Improved IT troubleshooting speed by more than 50% Accelerated response times and decreased support requests by a factor of 10 Reduced administrative effort associated with security infrastructure by 50% Increased visibility into applications and threats Heightened security STORY SUMMARY // In manufacturing, limiting costs, satisfying special requests from production units, and protecting IP are key issues. From basic light bulbs to specialized LEDs, OSRAM has been the world s foremost maker of light products for one hundred years. As the company grew, so did its number of offices and locations, and the network that connects them all together. As it evolved alongside the company, OSRAM s network became highly decentralized, efficiencies declined and IT struggled to maintain the level of security and responsiveness it desired. That s when a chance encounter led OSRAM s IT team to test the next-generation firewall from Palo Alto Networks. Learn why OSRAM was so impressed with Palo Alto Networks that it quickly reconfigured its network to standardize security on it. PAGE 2

OSRAM Shines a Light into Network to Boost Security Performance, and Efficiencies with Palo Alto Networks Enterprise Security Platform Spotlighting IT Issues OSRAM knows the light business. It should, arguably it s been the top light manufacturer in the world for over 100 years. A massive, global manufacturer with 20,000 users at over 100 sites in 50 countries, OSRAM must diligently protect its Intellectual Property (IP) and be extremely efficient operationally. This means keeping IT costs down and limiting the time and money it devotes to addressing security concerns. Most of OSRAM s traffic is internal, but it provides extranet services for three websites that host catalogs, and supports customer applications and connections with business partners through VPN tunnels. Each branch office connects to the company s datacenters via MLPS and a local Internet access point. Our network was highly decentralized with different rules for access at sites, says Steffen Siguda, Corporate InfoSec Officer and Data Protection Officer, OSRAM. This wasn t extremely efficient nor as secure as we wanted, and it frustrated traveling staff when they tried to connect. Network Puts IT in the Dark OSRAM s decentralized network was cumbersome to maintain, costly, and made it difficult for IT to respond quickly to the needs of the business. We must keep IT costs down while being highly responsive, says Siguda. In manufacturing, we use a lot of customized applications and get lots of requests for tweaks to policies to accommodate production. Our network is very heterogeneous and has to support a variety of needs. For example, a special banking app may want to talk to other apps, or a service support app a supplier is using to service on-site equipment needs to talk to another app or system. The huge, decentralized network at OSRAM, with thousands of users distributed across many sites, hindered IT s ability to support the business quickly and efficiently, and to track changes. In a highly decentralized IT landscape, it was always a challenge to learn things like which VPN router or IT device had been changed, says Siguda. Fulfilling business requests was time-consuming and inefficient. It took a half a day of work to accommodate changes because we had to do global configuration changes manually for 78 proxy servers. At one point we had over 1,000 lines of configuration in our previous firewall solution. With Palo Alto Networks, we deliver better service, more securely, faster, and more accurately, and do so using fewer resources. What used to take a half a day to do now takes seconds. We were totally surprised by the capabilities of a modern, application-based security system like Palo Alto Networks. It works so well we didn t look at any other options. Steffen Siguda, Corporate InfoSec Officer and Data Protection Officer, OSRAM OSRAM s decentralized network, IT management burdens, and lack of network visibility detracted from security. We had no global view or monitoring of security, says Siguda. If something went wrong in India, China, or Brazil, it was impossible to search the log of every proxy server to identify the problem. We couldn t get a consolidated view to address a threat or infection. We needed visibility and a global view of devices to improve security and make uniform changes, and better protect our IP and business. A Light Bulb Goes On Siguda and his colleagues weren t actively looking for a solution to their problems, but a solution found them anyhow. My boss asked us to meet a friend to hear about a so-called next-generation firewall, says Siguda. We weren t that interested, but we met him anyway and he gave us a demo firewall from Palo Alto Networks. He told us to install it in virtual wire behind our existing Cisco firewall, and then he d come back in two weeks. PAGE 3

The enterprise security platform from Palo Alto Networks consists of a Next-generation Firewall, Threat Intelligence Cloud, and Advanced Endpoint Security. The firewall delivers application, user, and content visibility and control, as well as protection against network-based cyber threats integrated within the firewall through a purpose-built hardware and software architecture. The Threat Intelligence Cloud provides central intelligence capabilities, as well as automation of the delivery of preventative measures against cyber attacks. Siguda and his team spent two hours setting up the Palo Alto Networks PA-2050 next-generation firewall. We let it run for two weeks and it gave us a great overview of our apps, systems, and users, says Islam Masoud, Security Operations Manager for OSRAM. Plus, our 1,000 lines of configurations instantly went down to just 75 rules. Siguda was equally surprised. The filtering capabilities let us see exactly what we re doing in the network, where to allow VPN protocols, and more so many things were answered in seconds, and we could easily help someone with an app issue in minutes, he says. We were totally surprised by the capabilities of a modern security system like Palo Alto Networks. We fell in love with the PA-2050 and told our boss friend he didn t need to take it back, and immediately ordered a second one. It fit so well we didn t look at any other options. Flipping the Switch Within weeks, OSRAM replaced the legacy firewalls at its main datacenter that protect its primary Internet connection. The migration to Palo Alto Networks was so smooth it didn t interrupt our daily work at all, says Masoud. Next, OSRAM swapped out its three main firewalls, then decided to replace all 78 of its proxy servers with 56 Palo Alto Networks PA-200 next-generation firewalls. We calculated that replacing the 78 proxy servers with the PA-200s would be really cost-effective, says Siguda. OSRAM also purchased and deployed six PA-5020, two PA-2050, two PA-3020, and five PA-500 next-generation Palo Alto Networks firewalls. OSRAM added Panorama from Palo Alto Networks to efficiently and centrally manage all of its firewalls and policies. Panorama, running as a VMware virtual machine, provides centralized management and logging capabilities for OSRAM to easily manage all security platforms from one location and interface, and quickly deploy uniform polices to all devices. It also added a subscription to GlobalProtect, which extends OSRAM s secure application enablement policies to all users including mobile regardless of location or device used for access. Palo Alto Networks is simplicity within complexity. You can see and analyze everything, and quickly get detailed information, to truly understand what s going on in your network. It s a sophisticated, but simple-to-use firewall, that makes life easier for IT and your company safe. Steffen Siguda, Corporate InfoSec Officer and Data Protection Officer, OSRAM The deployment of Palo Alto Networks was uneventful. It was extremely easy and all done in two to three hours, says Siguda. We took out the box, set up an IP, hit a button, clicked and told the person at each local site around the world to remove the cables and proxy servers. No local tweaks were required because the configuration is done globally, and distributed through Panorama. We just clicked and synchronized everything. OSRAM is using all the features of the Palo Alto Networks firewalls, including URL filtering (PAN-DB), WildFire, Threat Prevention including IPS, and as a VPN gateway for employees to access the network. Results Light Up Due to standardizing security on Palo Alto Networks, OSRAM has reaped a variety of benefits. These include better efficiencies and lower IT management costs, increased security, and the ability to satisfy requests for exceptions to rules faster. With Palo Alto Networks, we deliver better service, more securely, faster, and more accurately, and do so using fewer resources, says Siguda. PAGE 4

IT at OSRAM is now far more responsive. It used to take half a day to accommodate changes, says Masoud. Now, users can request access to things on their own and get an instant, automatic reply based on our rules, instead of us having to look at each one and decide. Adds Siguda: We ve reduced the need for exceptions by a factor of 10 because configuration is now app-based, so generic settings cover access to a banking site trying to use SSL to a different port, for example. The time we spend managing Internet access issues has dropped 50%. OSRAM appreciates Palo Alto Networks unique, comprehensive approach to security. The difference between app- versus port-based firewall security is dramatic, says Masoud. Cisco is totally port-based and difficult to manage, especially on non-standard communication requests. The app awareness of Palo Alto Networks allows us to shrink our rule sets considerably, and gives us information we can read and use. Previously, we couldn t make anything out of our logs. Now it s so easy: we just click, look, and understand. It s like going from zero to 100 kilometers per hour in seconds. Other efficiencies and better service include access for remote users. We want a quality, global, uniform experience for all our users, says Siguda. Everyone should follow the same rules and enjoy the same access, whether they re at other sites or traveling. Now they do. Adds Masoud: Users tell us they have faster online access, which improves productivity. Removing the Fog The granular network visibility of Palo Alto Networks firewalls, and their extensive reporting capabilities, have elevated security. Our previous proxy servers had poor visibility, so it took forever to find the source of a botnet or some other infection, says Masoud. Now, we can identify and monitor stuff globally at all our sites that we just couldn t see before, such as the top apps in use, the top threats, usage patterns, and more, all in one quick view. Troubleshooting speeds have increased significantly. You click, find the source of a problem, correct, update your policies, and you re done. With other tools like sniffers, analyzers and others, it took 4-5 hours, with Palo Alto Networks it takes seconds. Our monitoring and troubleshooting speed has improved by over 50%, says Siguda. OSRAM is saving in ways it didn t even envision when it installed Palo Alto Networks. By quickly catching things like typos in DNS and SNMP servers and traffic connections, we ve eliminated a ton of unneeded traffic that we didn t even know was there, says Siguda. Palo Alto Networks has reduced the noise in our logs by 95%. It s removed the fog so we can clearly see what s really going on in our network. Panorama is also shedding light into traffic and network activity, and enhancing security. We can view global traffic and activities and change and issue rules right away, says Masoud. If there s a malware attempt, in one click I can address the target IP and distribute the security solution to everyone all over the world. This wasn t easy in the past with a decentralized network; by the time we got to the malware it would be all over the place. With Panorama, we can apply rules and fixes to every device in seconds. Palo Alto Networks GlobalProtect is also delivering results. GlobalProtect secures and facilitates access for all company devices, says Siguda. We use it with distributed gateways and like that a roaming user doesn t need to do anything to connect. Before, they had to choose a regional VPN access point. The process was slow and the connection usually wasn t optimal. GlobalProtect gives end users better service and ensures our rules are applied. In the past, we had to ask users to follow the rules and hope they would. In IT, either you can enforce something or forget about it happening. OSRAM plans to look deeper into the capabilities of WildFire from Palo Alto Networks. WildFire provides integrated protection from advanced malware and threats by proactively identifying and blocking unknown threats commonly used in modern cyber attacks. PAGE 5

It Does Cut Vegetables Too In addition to countless hours saved from standardizing security on Palo Alto Networks, streamlining tasks, and automating policy deployments and updates, OSRAM is saving $100,000 per year in hardware and software license costs by replacing its 78 proxy servers with the PA-200s. This figure doesn t include the additional savings from reduced maintenance and support, which we believe would save about another $100,000 total over five years, says Siguda. Siguda and Masoud appreciate their improved ability to support the business. We can meet requests within minutes, instead of hours or days, says Masoud. We like that if people need something they know the security guys will get it to them quickly. Upper management has noted this. Adds Siguda: There s no way to put a dollar figure on having something state-of-the-art that can support new and upcoming business cases like streaming media, voice access, or accessing external training providers. Requests like these used to be a constant hassle, but are now just a click away for users. OSRAM also finds it difficult to put a figure on the enhanced security it receives from Palo Alto Networks. Before we were blind to some things, but now we ve raised overall security without expending more resources, says Siguda. I tell my peers in IT that Palo Alto Networks is simplicity within complexity. I think their firewall could even cut vegetables, meaning, you can more or less do anything with a packet. You can slice and dice it, and then look at Palo Alto Networks GUI and even a non-technical person can understand what s going on. It s a sophisticated, but simple to use firewall, that makes IT guys happy and your company safe. 4401 Great America Parkway Santa Clara, CA 95054 Main: +1.408.753.4000 Sales: +1.866.320.4788 Support: +1.866.898.9087 www.paloaltonetworks.com Copyright 2015, Palo Alto Networks, Inc. All rights reserved. Palo Alto Networks, the Palo Alto Networks Logo, PAN-OS, App-ID and Panorama are trademarks of Palo Alto Networks, Inc. All specifications are subject to change without notice. Palo Alto Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Palo Alto Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. PAN_CS_OSRAM_041515

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information