Thanks to Cisco, weve reduced the hours allocated to maintenance and security management operations by 80%.
Livio Bonatti, Information Technology & Network
Infrastructure Manager, Marcegaglia Group
Even companies and organizations operating in sectors where the computerization of production processes is an essential feature have only recently begun to experience the advantages of complete ICT security based on systems able to ensure that an operating environment is safe from external and internal threats and attacks. Executing a truly 360-degree security strategy makes it possible to protect all kinds of corporate resources - from the data and information stored in data centers to industrial systems and network-connected devices while reducing costs and the time spent on maintenance and management. The Marcegaglia Group chose Cisco as its sole reference brand to implement a complete and comprehensive security platform capable of meeting all its security needs, both now and in the future.
Achieve next-generation IPS performance levels adequate for the dimensions of the new Data Center
Set up a homogeneous and centrally controllable security environment for both wireless and wired networks
Integrate technologies appropriate to a long-term strategy
IT security, a vital factor for long-term growthThe Marcegaglia Group confirms an IT security strategy based on Cisco solutions with the acquisition of centrally managed firewall tools and a Next-Generation Intrusion Prevention System.
The Marcegaglia Group is a world leader in the steel processing sector which operates out of Italy on a global scale, with 43 plants spread over a total area of 6 million square meters. The Group comprises 7,000 employees, 60 commercial offices and 210 sales points for a turnover in 2013 of more than 4 billion euros from the steel industry and its other diversified business interests. Each day it produces 5,500 kilometers worth of stainless steel and carbon steel products for over 15,000 customers, for a total of more than 5 million tons of processed steel per year.
2015 Cisco Systems, Inc. All rights reserved. 1
Ciscos FirePOWER 8000 Series Appliances are the most effective platform for the Cisco NGIPS (Next-Generation Intrusion Prevention System) solution, which integrates visibility, automated management and intelligent security functions to provide reliable performance at competitive costs.
Integrate Ciscos FirePOWER 8250 NGIPS into the Cisco ASA 5545 firewall
Integrate the Cisco FireSIGHT Management Center to centrally manage network security
Use Ciscos Identity Services Engine (ISE) to administer network access and monitor device behavior
Case Study | Marcegaglia GroupEmployees: 7.000 Sector: Heavy Industry
The group was founded in 1959 and is still fully owned and managed by the Marcegaglia family from its headquarters in Gazoldo degli Ippoliti (Mantua).
After expanding the capacity of its Data Center by boosting connectivity to 10 gigabits, the Group realized it now needed to bring its IT security platform up to speed, starting with the Intrusion Prevention System, which could no longer keep pace with the performance of the new Data Center infrastructure. With the objective of integrating the best of natural technological evolution into an environment which already included Cisco ASA 5545 firewall appliances, the Marcegaglia Group chose the Cisco FirePOWER Appliance 8250 as the solution most in line with its security strategy for the future.
Intrusion prevention is a critical factor
After the Data Center infrastructure was upgraded, the Intrusion Prevention System (IPS) already in place at the Groups offices and plants proved unable to match the performance of the new appliances. The efficiency level dropped well below 70% of threats, jeopardizing Marcegaglias IT systems and resources: almost a third of attacks could not be blocked, with all the consequent risks for operations and business.
2015 Cisco Systems, Inc. All rights reserved. 2
To deal with the problem, the Group launched a test phase during which the five most commercially successful IPS solutions were compared. The proof of concept allowed us to implement the solutions in parallel on different network segments, to verify which one was best suited to our security requirements, said Livio Bonatti, Information Technology & Network Infrastructure Manager for the Marcegaglia Group. It was during this phase that the functionalities which convinced the Group to chose Ciscos FirePOWER 8250 Appliance emerged.
Thanks to the next-generation FirePOWER intrusion prevention technology, the 8000 Series appliances can enable features such as real-time context recognition, complete visibility and intelligent security automation.
And thats not all. The Cisco FirePOWER Appliance 8250 was identified as the solution which could be fully integrated into the pre-existing Cisco firewall environment, thereby validating it as a natural evolution of the investment just made in Ciscos ASA 5545 firewall. Confirming the choice of Cisco solutions enabled us to structure an IT security platform in line with the companys security strategy for the future, said Bonatti.
Centralized management for distributed benefits
Setting up a single environment based on Cisco technology to protect against threats and intrusions also enabled Marcegaglia to implement a comprehensive security solution that can be centrally managed. We adopted the Cisco FireSIGHT Management Center as a centralized management console, said Bonatti. This means we can now manage the whole pre-existing firewall configuration together with the newly-added Next-Generation IPS solution.
Indeed, the Marcegaglia IT administrators can now centrally control all the network security services provided by the Cisco ASA firewalls and the FirePOWER 8250 appliance. The ease with which we can manage the entire security environment adds to the quality of the solution in terms of its effectiveness, which was verified as 100% in detecting threats of attack, said Bonatti. Not to mention the possibility of future developments of the platform, which will enable us to maximize the value of our investment.
The advantages of centrally managing the security apparatus of an organization like the Marcegaglia Group are obvious. All of our plants have installed or will soon install a Cisco firewall, said Bonatti. Up until a few years ago, our network infrastructure devices were managed individually and we had no uniform system to protect against malware. With the centralization of IT security management via a single console for both the firewalls and the Next-Generation IPS modules, Marcegaglia has taken a major qualitative leap forwards.
2015 Cisco Systems, Inc. All rights reserved. 3
Savings in time and resources
Bonatti identifies the optimization of security management for all locations and plants as one of the main benefits of the new configuration. With just a few policies distributed across the entire IT environment we have complete control, whereas before we had to connect with each individual device in order to manage different policies, resulting in a substantial waste of time and resources.
A greater level of security has corresponded to a concrete acceleration of maintenance operations. The hours devoted to policy management and, in general, to all security-related activities have been reduced by 80%.
More security in the future
The roadmap outlining Marcegaglias present and future security strategy has seen further developments. After upgrading its infrastructure and IT security solutions, the Group also installed the Cisco Identity Services Engine (ISE), a platform based on context-aware identity management which gathers real-time information from the network, users and devices to enable security policy to be applied and network access to be better managed by companies deploying BYOD, who need to make resources and work tools available through the corporate network. Cisco ISE helps us manage wireless and wired access, and it acts as the reference for switches and access points as regards the policies to be implemented when a device connects to the corporate network, Bonatti explained.
This architecture fully integrates with the Cisco FirePOWER Appliance 8250. Cisco ISE identifies roles and privileges across the network, but its the FirePOWER Appliance which inspects the data traffic. If malware is detected, the Appliance communicates the risk of attack to the Cisco ISE. The infected device can then be investigated and kept away from the more vulnerable corporate resources.
Increased overall security levels for the IT infrastructure 80% reduction of management time Protection of the technology investment thanks to
security solutions adopted as part of a long-term strategy
2015 Cisco Systems, Inc. All rights reserved. 4
Security is also decisive for business
The project developed by the Marcegaglia Group is proof of the growing tendency of companies and organizations in every sector to consider IT security a vital factor in growth and business. The Groups management understood that the security project developed using Cisco solutions was crucially important, said Bonatti. Thanks to this approach, we were able to demonstrate the effectiveness of a 360-degree security vision as compared to non-unified actions targeting individual problems, while avoiding heavy investments in the initial stage.
Ciscos IT security solutions are well suited to strategies that can enable the needs of a company like Marcegaglia to be met scalably and flexibly, needs that range from protecting network devices to safeguardin