Download PDF
Manufacturer Improves Network Perimeter Defense and DDoS Prevention With Arbor Edge Defense
Technology Category
- Cybersecurity & Privacy - Intrusion Detection
- Cybersecurity & Privacy - Network Security
Applicable Functions
- Discrete Manufacturing
- Quality Assurance
Use Cases
- Cybersecurity
- Intrusion Detection Systems
- Perimeter Security & Access Control
Services
- Cybersecurity Services
- System Integration
The Challenge
The company's Security Operations (SecOps) team was facing challenges in securing the network perimeter. The process was largely manual, involving maintaining a rolling list of IP addresses (i.e., blacklist) at the firewall level. Any new IP address potentially viewed as a rogue actor was manually added to the “bottom of the list” by a SecOps resource. This approach was proving to be inefficient due to the vast size of the IP address list, the manual efforts associated with its maintenance, and questions regarding both accuracy and currency. With the company’s network and data center operations growth and the resultant expansion of their threat landscape, SecOps was in need of a next-generation perimeter security solution that would better safeguard business and complement what the nGeniusONE and smart visibility solution was already providing to cross-IT resources.
About The Customer
The customer is a U.S manufacturer that produces heavy-duty equipment under multiple brands. The company has production plants in more than a dozen countries and has strived to comply with high-quality industrial standards, which has helped the company maintain their status as a world-class manufacturer. The company’s information technology (IT) team has long used their NETSCOUT nGeniusONE® Service Assurance solution with InfiniStreamNG® (ISNG) and Packet Flow Switch (PFS) technology for real-time packet monitoring at their data center and headquarters locations. In coordination with Network Operations (NetOps), the Security Operations (SecOps) team derived additional value from the company’s investment in NETSCOUT by accessing nGeniusONE analytics and smart data visibility sources for packet-based forensics for incident-related troubleshooting.
The Solution
The company transformed its network perimeter defense strategy and automated its DDoS protection from attacks by deploying the NETSCOUT Arbor Edge Defense (AED) solution. With AED, SecOps has automated processes associated with defining both “deny” and “allow” lists at its firewall, leading to enhanced network perimeter security and better protection of the company’s manufacturing business. AED was deployed inline (i.e., between the internet router and firewall) on the same links already being tapped by NETSCOUT to feed network packet traffic to the long-deployed ISNG and PFS smart visibility sources responsible for real-time generation of smart data used by nGeniusONE analytics. In addition to improving network perimeter security and firewall efficiencies, AED equipped SecOps to stop DDoS attacks as large as 40 Gbps. Using NETSCOUT’s stateless packet processing technology, SecOps can also use AED to stop TCP-state exhaustion attacks that target and impact stateful devices, such as next-generation firewalls.
Operational Impact
Related Case Studies.
Case Study
Protecting a Stadium from Hazardous Materials Using IoT2cell's Mobility Platform
There was a need for higher security at the AT&T Stadium during the NFL draft. There was a need to ensure that nuclear radiation material was not smuggled inside the stadium. Hazmat materials could often be missed in a standard checkpoint when gaining entry into a stadium.
Case Study
Enel Secures Italian Power Generation Network
Electric energy operators around the world are working to increase the reliability and cyber resiliency of their systems. This includes Enel, a global power company that manages and monitors the Italian power grid. This grid:• Serves 31 million customers• Has a net installed energy capacity exceeding 31 gigawatts• Includes more than 500 power generation plants,including hydroelectric, thermoelectric, and wind• Is managed and monitored by Enel 24/7/365• Is operated by Terna, the Italian Transmission System Operator (TSO)Enel is responsible for the availability of the grid’s underlying ICS and industrial network. It also manages Regional Control Centers and Interconnection Centers which connect with the TSO. The TSO manages the flow of energy to the grid plus controls and remotely regulates the power generation of power plants, increasing and decreasing power production as required. The complex system of interaction and cooperation between Enel and the TSO has strong security implications as well as operational and business challenges.
Case Study
Securing the Connected Car Ecosystem
In-vehicle communications and entertainment system hosts high-value or sensitive applications. API libraries facilitate communication and sharing of vehicle data. These API libraries are vulnerable to reverse engineering and tampering attacks and may even result in loss of passenger safety. Attackers can inject malware that may be able to migrate to other in-car networks such as the controller-area-network (CAN) bus which links to the vehicle’s critical systems. Software provided for dealers to interface with cars through the OBD2 port is vulnerable to reverse engineering and tampering attacks. Hackers may be able to abuse these tools to inject malicious code into the ECUs and CAN bus. Attackers can lift the cryptographic keys used, and use that to build their own rogue apps/software. Their cloned version of the original app/software may have altered functionality, and may intend to gain access to other in-car networks.
Case Study
Secure and Cloud-based Data Marketplace
The great promise of new connected concepts of industry like 'Industry 4.0' is their ability to deliver a historically unparalleled level of responsiveness and flexibility. While modern supply chains are already heavily integrated and designed to be fluid and fast moving, a large swathe of manufacturing still remains beholden to economies of scale, large production runs, and careful preplanning.The Industrial Internet of Things (IIoT) is set to change this by allowing small-batch or even custom manufacturing on a truly industrial scale. With machines whose functions are not set in stone, but flexible and determined by their operating software and with a new form of connectivity bringing industrial engineers, product manufacturers, and end users closer together than ever before. Ad-hoc adjustments to automotive parts, for example, during active product runs or the bespoke manufacturing of custom sneakers become very viable options indeed.Much of this remains a theoretical vision, but IUNO, the German national reference project for IT security in Industry 4.0 demonstrates the new capabilities in action with a secure technology data marketplace running a smart drinks mixer.
Case Study
Expedia Hosted by 2lemetry Through AWS
Expedia is committed to continuous innovation, technology, and platform improvements to create a great experience for its customers. The Expedia Worldwide Engineering (EWE) organization supports all websites under the Expedia brand. Expedia began using Amazon Web Services (AWS) in 2010 to launch Expedia Suggest Service (ESS), a typeahead suggestion service that helps customers enter travel, search, and location information correctly. According to the company’s metrics, an error page is the main reason for site abandonment. Expedia wanted global users to find what they were looking for quickly and without errors. At the time, Expedia operated all its services from data centers in Chandler, AZ. The engineering team realized that they had to run ESS in locations physically close to customers to enable a quick and responsive service with minimal network latency.
