More Visibility, Less Complexity: A Network Security Overhaul with Cisco Secure
Starting any new job inevitably brings some unexpected challenges, and it was no different when I joined building maintenance company Beyersdorf Dienstleistungen GmbH & Co. KG.
I was hired to help restructure our IT environment, and while I thought I had a fairly good idea of what would be needed, I quickly discovered I had a much bigger task ahead of me.
A Patchwork IT Solution
Over our 65-year history, Beyersdorf Dienstleistungen has grown to 1,300 employees across six branches located in the Schleswig-Holstein region of Germany. We pride ourselves on our open and positive working environment, and for years, each branch was largely left to govern their own IT hardware and processes. This was great for morale and autonomy, but it caused headaches for our IT team.
I learned early in my career that using many different vendors adds unnecessary complexity, increases the number of vulnerabilities in the system, and is harder to manage. I saw this in action at Beyersdorf. Because each branch had their own hardware, our IT staff had to deal with multiple vendors when purchasing hardware and accessing customer support. We also had to rely on an external service provider to manage the existing firewalls. This patchwork approach was inefficient, and it left us vulnerable to malicious attacks.
Upon seeing the state of our infrastructure, my initial reaction was to walk away from the project altogether. But I quickly reconsidered, mostly because I knew the problem was solvable. We needed a network solution that would significantly simplify management, encompass all of our locations, and enhance the network’s security through automation.
Not only did I have to find that solution, but I also had to persuade others to change the way they’d operated for years. It was going to be a challenge to get everyone on the same page, especially since our six branches would have to relinquish some autonomy. The end results would be beneficial to everyone, but we had a long way to go to get there.
Fortunately, I had a hunch where to start the journey.
The Network Infrastructure Dream Team
I have long been a big fan of Cisco. Having worked with the company in previous positions, I knew they’d have a solution that could offer significant improvements. Beyersdorf was also familiar with the organization, having previously used Cisco ASA Firewalls and Cisco Firepower and we wanted to utilize more of their solutions.
One reason Cisco appealed to us was because of their reliability. When I first started as CIO, I decided to change all our switches from HP to Cisco. Those 25 switches have been running ever since. We manage all of them remotely—no one has ever had to physically access a device to update the firmware. Instead, we receive a notification when one of them goes down, so we can quickly identify and react to potential issues. Cisco also leads the way in network security and innovation. By choosing Cisco, I knew that it would be easy to keep the system current for years to come.
After our experience with the switches, I was even more confident that Cisco could help improve our security situation. Because this was a much bigger project, Cisco put me in touch with avodaq, a leading provider of IT communications and infrastructure solutions. The avodaq engineering team made a great first impression. They were incredibly open and honest during our initial conversations, and they made recommendations that were always in our best interest. Their goal was to make sure that we found the right solution—not to make a sale.
With Cisco and avodaq by our side, we were ready to hit the ground running.
Modern Solutions to Enhance Visibility and Security
At avodaq’s recommendation, we identified a number of solutions that could help us achieve our security goals, the first of which was Cisco Meraki. Meraki features a single dashboard where our IT department can view all of the devices on the network. We can track data and life cycles of devices and software, which makes it easier for our IT staff to see and secure everything. We took a closer look at competitors like Checkpoint, Palo Alto, Aruba, and HP, even securing some proofs of concept to evaluate the solutions fairly. In the end, nothing else on the market came close to Cisco Meraki’s level of control and integration.
We began a complete overhaul with Cisco Meraki, rolling out Wireless LAN for all of our branches. From the beginning, it was clear how much easier things were going to be. We started to receive notifications for devices that were on the network, and it was much easier to keep track of switches or access points if they went offline.
We also signed up for a trial period of Umbrella, a cloud-delivered service that blocks malicious destinations before a connection is ever established. During this trial period, avodaq explained the advantages of using Cisco SecureX, a cloud-native, built-in platform experience that connects the Cisco Secure portfolio with our existing infrastructure. The portfolio proposed included Cisco Secure Endpoint, Cloud Email Security, Cisco Secure Cloud Analytics, Cisco Identity Service Engine, and multi-factor authentication with Secure Access by Duo (as well as many other technologies). Also included are insights from the industry-leading threat intelligence group, Cisco Talos. Talos is one of the most important components we use to conduct vulnerability research to ensure rapid detection and protection of our infrastructure. This way we can protect ourselves from known and new threats.
Upgrading our security had always been on my agenda. My goal was to evolve to an enhanced security solution that we could manage in house. Cisco SecureX was everything we needed, plus a couple of features that I hadn’t considered. We purchased the lot.
More Control, More Transparency
Prior to our upgrade, Beyersdorf used a solution from cybersecurity company Proofpoint for email protection. But it was complicated to manage and support. Every time we had a concern, we had to turn to the support team, and that always took time. By comparison, Cisco Secure Email tracks abnormal behavior automatically, so we can identify potential threats on our own. From the very beginning, we had a diagram of email traffic of where things originate and where things are going, so we can quickly intervene if necessary to protect the system.
Cisco Secure Access by Duo was new to us, but it was a very easy deployment. Initially, we only had 10 users, but now, all of our users log in through this portal. Access is more transparent for our IT team, and we can more effectively and efficiently protect all of the devices and applications on our network. What’s more, we can help troubleshoot devices better if users have an issue.
With Cisco SecureX and Meraki, we get fewer calls to IT asking for people to have certain permissions. Managers can let their teams access the necessary applications to get their work done, but we still have the “master key” to monitor all of the devices on the network. Users and team leaders have much more control of their own access.
Together, these solutions create an automated chain of actions for any unusual behavior or security concerns. Our devices are much more protected now, and Secure Access by Duo has come in especially handy with so many employees working remotely due to the pandemic—something that we didn’t anticipate when we first started. Nearly every aspect of the system has increased transparency, so our team can better anticipate different scenarios and are better prepared for any potential attacks.
In Cisco and avodaq We Trust
I’ve always been impressed with Cisco, but avodaq was the perfect complementary partner. They were engaged from the beginning, and through the planning and implementation process, consistently provided step-by-step support alongside Cisco.
Our Cisco overhaul has made our network much more secure and the automation and visibility have allowed us to manage everything in house. After all the work that we’ve done to reach this point, I want to make sure that we stay on top of current security and networking trends, and with Cisco, we can do that. They always have a solution to fit a need, and they are always innovating to keep up with their customers. Overcoming our patchwork infrastructure was an unexpected challenge, but I was right to trust in Cisco all along.