Just as we guard the honest production of our lager, we also guard our data. Cybersecurity is an important topic and priority for us.
Baseline and project objectives
At the beginning of everything there was an analysis. With the arrival of a new IT director, there was a need to map the state of IT security in the organization. After several consultations, our specialists convinced the customer of the quality of our services and received a request for an analysis of the current state of cybersecurity.
In this analysis, we use the necessary security methodologies, collect data, conduct interviews on the applications and processes used and, according to the data obtained, assess the maturity of the organization in this area. We take into account the technological view, but also the strategic view, i.e. whether there is a risk analysis, whether there are response plans in place, and we evaluate the personnel background. For Budvar, we actually went through the procedures of how more than 600 employees work, evaluated what 1 day of downtime means and how many millions of CZK it costs the company and which part is most affected. The result was a set of recommendations and a time line of steps to gradually improve safety.
On the basis of the agreement on long-term cooperation and the scope of prepaid consulting days, it was possible to explain the advantages and disadvantages of possible proposed solutions, to carry out a Proof of Concept for some areas and to define more precisely the partial requirements and separate projects. Budvar then handles these sub-projects in the form of a request for proposals within the framework of public tenders.
- Cybersecurity analysis services and PoC projects as a way to find a reliable solution
- Unified centralized management of enterprise network operations with custom intelligence that moves internal IT from element management to comprehensive predictive maintenance and development of the network as a whole
- A solution open to third-party integrations improves the economics of the entire project and multiplies the utility of the whole in building a comprehensive security organization
- Space to grow the organization with much needed consolidation and unification of LAN and WAN
As one of the first implementation projects, a solution was designed to increase the cyber security of the organization by means of segmentation of the corporate network and subsequently micro-segmentation so that the level of rights for communication within the corporate network could be set for each device or user. Of the two possible proposed paths, a centralized solution with a global policy server was chosen to enable micro-segmentation of network access in the full sense of the word, central management of policies and the entire solution lifecycle, both at headquarters and at other sites, and integration with the organization's firewalls and MDM systems. It is an all-in-one solution that offers health checking of accessing devices, self-management of BYOD devices by their users and guest access management. All with appropriate integration links to other security systems, using HPE Aruba ClearPass technology.
The proposed solution using HPE Aruba technology stands and falls with dynamic segmentation technology, which, using tunnels, exports the traffic of any device to the HPE Aruba Gateway. This centralizes all user data and allows us to perform security operations on it, filter traffic, and determine quality of service by seeing into the context of the application and user. The advantage is that each user has their own tunnel that is built according to a defined role and that can be individually audited. With these technologies, the customer's expectations of increasing the security of the organization can be met.
One of the needs was to provide access to the device to the network, based on its current state/health. This means that the device meets all the defined compliance conditions and active protection from threat introduction is provided, which was addressed by the HPE Aruba ClearPass OnGuard module. Visitor/guest access requirements were also addressed, making it as simple as possible, but at the same time the customer registered their identity while verifying that they were inside the premises, not behind a wall somewhere. Multi-level guest impersonation is provided by the HPE Aruba ClearPass Guest module.
The foundation of the solution is built on the HPE Aruba 7200 series gateways, which also feature an SD-WAN license. The entire solution is unified managed by HPE Aruba Central, which allows all traffic to be monitored and managed using the power of the cloud and machine learning. The huge advantage is that through this system, a single view of the entire operation management is available and no additional tools are required.
The project included high requirements for integration with other elements of the organization's communications infrastructure ecosystem, with existing corporate firewall technology, with enterprise MDM systems in use for device management, etc. The entire solution is ready for future integration with the IoT world and the use of sensors in production or logistics.
- Analysis of the state of cybersecurity
- PoC projects and pre-implementation analysis
- HPE Aruba 7200 Mobility Gateway / Controllers
- HPE Aruba ClearPass (OnGuard, OnBoard, Guest)
- HPE Aruba Central
You May Also Like
- IT operation of restaurants and introduction of self-service kiosks in Mc Donald's
- Companies in KKCG's technology pillar are changing. Qinshift to be spun off from Aricoma
- Security and remote management of thousands of commissioners' mobile devices for Census 2021
- IT infrastructure and key applications in the cloud for CSA
- Consolidation of several datacenters into a common hyperconverged solution for PNS
- Simple, secure and unified network management at Zeelandia
- Modernization of infrastructure for the operation of critical applications for Invia.cz
- Innovation of the Technology Centre of the South Moravian Region
- Migration of 12,500 Česká spořitelna users to the Microsoft 365 platform
- Deployment of Alvao Service Desk and Asset Management in the private cloud of the Vysočina Region
- Secure management of corporate network and user rights from the cloud for LetsGetChecked
DO NOT HESITATE TO
Are you interested in more information or an offer for your specific situation?