© 2016 Cisco and/or its affiliates. All rights reserved.© 2016 Cisco and/or its affiliates. All rights reserved.

How a global manufacturing leader automates network security.

CASE STUDY

Organization snapshot

Company: ATS Automation

Headquarters: Cambridge, Ontario, Canada

Number of users protected: 3,500

Challenge: Protect the assets of a globally-distributed, increasingly mobile workforce against malware and breaches.

Solution: Cisco Umbrella Cisco AnyConnect Secure Mobility Client

Impact:

• Enabled protection for off-network users with Umbrella roaming client

• Leveraged Umbrella’s enforcement API to amplify FireEye investment

• Achieved four-to-five-fold reduction in alerts on other security solutions

• Decreased malicious activity and time-to-containment

“ Umbrella has allowed us to stop attacks earlier in the kill chain. We are better protecting both our own and our customers’ environments.”

Ron Keyser CIO ATS Automation

http://umbrella.cisco.com/https://www.opendns.com/enterprise-security/threat-intelligence/

© 2016 Cisco and/or its affiliates. All rights reserved.

The challengeThe rise in off-network threats

ATS Automation maintains a global presence to support its position as world leader in manufacturing automation solutions, with 3,500 networked employees across 75 offices in the Americas, Europe and Asia. To design state-of-the-art benchmark automation for other world leaders in the transportation, pharmaceutical, automotive and energy sectors, ATS Automation must manage and protect vast amounts of proprietary intellectual property.

“When we saw an increase in threats, malware and command-and-control callbacks on our global network, we knew we needed to act,” says Viorel Vilcu, who manages corporate IT governance at ATS. “We were looking for a product to proactively prevent malware and breaches on all company assets worldwide, especially those operating in a primarily mobile environment because nearly 25% of ATS employees are stationed offsite in home offices or co-located with customers.”

“We witnessed an increasing number of incidents with employees working outside of the corporate network, and were growing especially concerned about the risk of infecting on-network machines as mobile assets reconnected onsite,” he continues.

“When users plugged back into the ATS network after working at a customer facility, we saw a lot of malware and botnet activity picked up while off-network, which then posed a risk to the network’s security,” adds Avinish Raj, Senior Network Administrator at ATS.

CIO Ron Keyser shared this concern. “In order to protect our customers, we needed to have a solution that allowed ATS engineers to do their work at customer sites, while at the same time protecting our customers’ networks from viruses and other malware.”

© 2016 Cisco and/or its affiliates. All rights reserved.

The solutionSecurity that extends off the network and protects any device

“Cisco Umbrella fits our business model; it’s cloud-based, easy to deploy to all locations as well as to the mobile workforce, and gives us the power to enforce security compliance off-network and not on the VPN,” Vilcu notes.

“Outside of it aligning so well with our corporate structure, I had also used Umbrella professionally and personally and knew what it could do. So based in part on my previous positive experiences, we were confident Umbrella would meet our security needs,” says Raj.

After a thorough evaluation, ATS decided to add Umbrella to its security stack. According to Vilcu, “Umbrella is our first line of defense. It stops threats before they hit the endpoint – they’re resolved before they even hit the firewall. That proactive prevention is one of the main reasons ATS ultimately chose Umbrella; we also liked the way it worked with our existing security solutions.”

Built on traditional defense-in-depth elements, ATS’ security stack included a Cisco AnyConnect VPN client to route all internet traffic through secured company networks and two FireEye Network Threat Prevention appliances located in regional hub offices to provide advanced threat protection in the respective local environments. By recognizing the additional value offered by Umbrella’s API-based integration with FireEye, ATS was able to avoid the significant cost of replicating that set-up in 70+ offices across three continents.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

The results Mobile users secured on- and off-network

After a seamless deployment of the Umbrella roaming client, which protects devices on and off the corporate network, ATS was able to enforce security at both the DNS and IP layers to prevent system compromise and data exfiltration regardless of user location or network.

“The Umbrella roaming client has significantly reduced malware. Its protection has been very valuable,” reports Raj, noting that “Users were notified of the deployment via email and therefore aware of it, yet we received no user complaints or issues.”

“Perhaps more importantly,” Keyser points out, “we are further protecting our customers when we are doing work for them, and we now have a very compelling story to tell our customers that we are taking the security of their environments very seriously.”

ATS realized further value from integrating Umbrella with FireEye, which was accomplished in less than five minutes and allowed ATS to extend FireEye’s protection to all locations without undertaking a time- and cost-intensive physical deployment. As a result, local malware intelligence gathered in real-time by FireEye automatically triggers global enforcement by Umbrella.

“As FireEye sees a threat in the corporate environment, it immediately updates the Umbrella dashboard, which then protects all global users on and off the network by blocking that threat—all in the course of 50 seconds,” Vilcu observes. “Since integration, ATS has seen a four-to-five-fold decrease in alerts to FireEye, with the number of integrated FireEye blocks increasing daily, which has been really valuable.”

To support implementation and maximize Umbrella’s value, ATS chose Cisco’s Platinum Support agreement featuring a dedicated technical account manager who has become a valued partner and security advisor. “Our Cisco contact has become a great resource, and our weekly call with him is extremely valuable. Our technical account manager is our ‘Go-To’, whose guidance has been vital. Direct access to a Cisco resource like this has proven indispensable,” Vilcu remarks.

Moving forward, Vilcu aims to mine more Umbrella value from its investment. “We plan to integrate Umbrella into our SIEM so we can track all events in one place, and based on our improved security and strong results so far, we’re also looking at global web content filtering,” he relates.

With time once spent fighting malware now recaptured, ATS can focus on these and other innovations to help maintain its automation solutions world leadership position well into its upcoming 40th anniversary year and beyond.