Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Marcegaglia Group


Published on

The Marcegaglia Group confirms an IT security
strategy based on Cisco solutions with the
acquisition of centrally managed firewall tools
and a Next-Generation Intrusion Prevention System.

Published in: Technology
  • Be the first to comment

Marcegaglia Group

  1. 1. “Thanks to Cisco, we’ve reduced the hours allocated to maintenance and security management operations by 80%.”” Livio Bonatti, Information Technology & Network Infrastructure Manager, Marcegaglia Group Even companies and organizations operating in sectors where the computerization of production processes is an essential feature have only recently begun to experience the advantages of complete ICT security based on systems able to ensure that an operating environment is safe from external and internal threats and attacks. Executing a truly 360-degree security strategy makes it possible to protect all kinds of corporate resources - from the data and information stored in data centers to industrial systems and network-connected devices – while reducing costs and the time spent on maintenance and management. The Marcegaglia Group chose Cisco as its sole reference brand to implement a complete and comprehensive security platform capable of meeting all its security needs, both now and in the future. • Achieve next-generation IPS performance levels adequate for the dimensions of the new Data Center • Set up a homogeneous and centrally controllable security environment for both wireless and wired networks • Integrate technologies appropriate to a long-term strategy The challenge IT security, a vital factor for long-term growth The Marcegaglia Group confirms an IT security strategy based on Cisco solutions with the acquisition of centrally managed firewall tools and a Next-Generation Intrusion Prevention System. The Marcegaglia Group is a world leader in the steel processing sector which operates out of Italy on a global scale, with 43 plants spread over a total area of 6 million square meters. The Group comprises 7,000 employees, 60 commercial offices and 210 sales points for a turnover in 2013 of more than 4 billion euros from the steel industry and its other diversified business interests. Each day it produces 5,500 kilometers worth of stainless steel and carbon steel products for over 15,000 customers, for a total of more than 5 million tons of processed steel per year. © 2015 Cisco Systems, Inc. All rights reserved. 1
  2. 2. Cisco’s FirePOWER 8000 Series Appliances are the most effective platform for the Cisco NGIPS (Next-Generation Intrusion Prevention System) solution, which integrates visibility, automated management and intelligent security functions to provide reliable performance at competitive costs. • Integrate Cisco’s FirePOWER 8250 NGIPS into the Cisco ASA 5545 firewall • Integrate the Cisco FireSIGHT Management Center to centrally manage network security • Use Cisco’s Identity Services Engine (ISE) to administer network access and monitor device behavior The solution Case Study | Marcegaglia Group Employees: 7.000 Sector: Heavy Industry The group was founded in 1959 and is still fully owned and managed by the Marcegaglia family from its headquarters in Gazoldo degli Ippoliti (Mantua). After expanding the capacity of its Data Center by boosting connectivity to 10 gigabits, the Group realized it now needed to bring its IT security platform up to speed, starting with the Intrusion Prevention System, which could no longer keep pace with the performance of the new Data Center infrastructure. With the objective of integrating the best of natural technological evolution into an environment which already included Cisco ASA 5545 firewall appliances, the Marcegaglia Group chose the Cisco FirePOWER Appliance 8250 as the solution most in line with its security strategy for the future. Intrusion prevention is a critical factor After the Data Center infrastructure was upgraded, the Intrusion Prevention System (IPS) already in place at the Group’s offices and plants proved unable to match the performance of the new appliances. The efficiency level dropped well below 70% of threats, jeopardizing Marcegaglia’s IT systems and resources: almost a third of attacks could not be blocked, with all the consequent risks for operations and business. © 2015 Cisco Systems, Inc. All rights reserved. 2
  3. 3. To deal with the problem, the Group launched a test phase during which the five most commercially successful IPS solutions were compared. “The proof of concept allowed us to implement the solutions in parallel on different network segments, to verify which one was best suited to our security requirements,” said Livio Bonatti, Information Technology & Network Infrastructure Manager for the Marcegaglia Group. It was during this phase that the functionalities which convinced the Group to chose Cisco’s FirePOWER 8250 Appliance emerged. Thanks to the next-generation FirePOWER intrusion prevention technology, the 8000 Series appliances can enable features such as real-time context recognition, complete visibility and intelligent security automation. And that’s not all. The Cisco FirePOWER Appliance 8250 was identified as the solution which could be fully integrated into the pre-existing Cisco firewall environment, thereby validating it as a natural evolution of the investment just made in Cisco’s ASA 5545 firewall. “Confirming the choice of Cisco solutions enabled us to structure an IT security platform in line with the company’s security strategy for the future,” said Bonatti. Centralized management for distributed benefits Setting up a single environment based on Cisco technology to protect against threats and intrusions also enabled Marcegaglia to implement a comprehensive security solution that can be centrally managed. “We adopted the Cisco FireSIGHT Management Center as a centralized management console,” said Bonatti. “This means we can now manage the whole pre-existing firewall configuration together with the newly-added Next-Generation IPS solution.” Indeed, the Marcegaglia IT administrators can now centrally control all the network security services provided by the Cisco ASA firewalls and the FirePOWER 8250 appliance. “The ease with which we can manage the entire security environment adds to the quality of the solution in terms of its effectiveness, which was verified as 100% in detecting threats of attack,” said Bonatti. “Not to mention the possibility of future developments of the platform, which will enable us to maximize the value of our investment.” The advantages of centrally managing the security apparatus of an organization like the Marcegaglia Group are obvious. “All of our plants have installed or will soon install a Cisco firewall,” said Bonatti. “Up until a few years ago, our network infrastructure devices were managed individually and we had no uniform system to protect against malware.” With the centralization of IT security management via a single console for both the firewalls and the Next-Generation IPS modules, Marcegaglia has taken a major qualitative leap forwards. © 2015 Cisco Systems, Inc. All rights reserved. 3
  4. 4. Savings in time and resources Bonatti identifies the optimization of security management for all locations and plants as one of the main benefits of the new configuration. “With just a few policies distributed across the entire IT environment we have complete control, whereas before we had to connect with each individual device in order to manage different policies, resulting in a substantial waste of time and resources.” A greater level of security has corresponded to a concrete acceleration of maintenance operations. “The hours devoted to policy management and, in general, to all security-related activities have been reduced by 80%.” More security in the future The roadmap outlining Marcegaglia’s present and future security strategy has seen further developments. After upgrading its infrastructure and IT security solutions, the Group also installed the Cisco Identity Services Engine (ISE), a platform based on context-aware identity management which gathers real-time information from the network, users and devices to enable security policy to be applied and network access to be better managed by companies deploying BYOD, who need to make resources and work tools available through the corporate network. “Cisco ISE helps us manage wireless and wired access, and it acts as the reference for switches and access points as regards the policies to be implemented when a device connects to the corporate network,” Bonatti explained. This architecture fully integrates with the Cisco FirePOWER Appliance 8250. “Cisco ISE identifies roles and privileges across the network, but it’s the FirePOWER Appliance which inspects the data traffic.” If malware is detected, the Appliance communicates the risk of attack to the Cisco ISE. “The infected device can then be investigated and kept away from the more vulnerable corporate resources.” • Increased overall security levels for the IT infrastructure • 80% reduction of management time • Protection of the technology investment thanks to security solutions adopted as part of a long-term strategy Results © 2015 Cisco Systems, Inc. All rights reserved. 4
  5. 5. Security is also decisive for business The project developed by the Marcegaglia Group is proof of the growing tendency of companies and organizations in every sector to consider IT security a vital factor in growth and business. “The Group’s management understood that the security project developed using Cisco solutions was crucially important,” said Bonatti. “Thanks to this approach, we were able to demonstrate the effectiveness of a 360-degree security vision as compared to non-unified actions targeting individual problems, while avoiding heavy investments in the initial stage.” Cisco’s IT security solutions are well suited to strategies that can enable the needs of a company like Marcegaglia to be met scalably and flexibly, needs that range from protecting network devices to safeguarding industrial equipment. “The use of Cisco solutions allowed us to implement a comprehensive project with which we achieved all our objectives, of protecting the network and corporate resources.” Cisco products and solutions • Cisco FirePOWER Appliance 8250 • Cisco ASA 5545 • Cisco FireSIGHT Management Center • Cisco Identity Services Engine For more information More information about the Cisco architectures and solutions referred to in this case study are available at For more information about the Marcegaglia Group, see Security Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA Tel.: 001 408 526-4000 Italian Headquarters Cisco Systems Italy Via Torri Bianche, 8 20871 Vimercate (MB) Toll Free: 800 782648 Fax: 039 6295299 Rome Branch Office Cisco Systems Italy Via del Serafico, 200 00142 Roma Toll Free: 800 782648 Fax: 06 51645001 There are more than 200 Cisco branch offices around the world. Their addresses, telephone and fax numbers are available on the Cisco website: © 2015 Cisco Systems, Inc. All rights reserved. The Cisco logo is the registered trademark of Cisco Systems, Inc. in the United States and a number of other countries. All the other trademarks or registered marks referred to in this document or on the Cisco Website are the property of their respective companies.