WatchGuard Appliances in Action at IKN GmbH
Challenge
As a middle-market engineering firm, IKN GmbH has been thriving since 1982 in the international cement-plant construction sector, with core competences centering on brick firing and cooling processes. With more than 650 installations all over the world, IKN is a market leader when it comes to fitting new cement plants or implementing modernization and conversion projects at any point along the cement processing chain. The IKN repertoire also includes the appropriate maintenance services, which due to the wide geographical spread of their systems, can lead to challenges.
As René Clausing, head of IT at IKN, says, “Our systems can be found all around the globe, from Algeria to Vietnam. Consequently, we needed to come up with a good strategy for their maintenance. In the past, modem dial-up was the standard solution, but with analogue telephone connections becoming extinct we had to look for a viable alternative.” Additionally, IKN required a flexible security solution for the company’s headquarters that would provide them with robust defense in depth, while at the same time being easy to manage.
Solution
WatchGuard’s VPN (Virtual Private Network) tunnels, secured by WatchGuard T10 Fireboxes, were the answer. “This gives us controlled access to the customer’s systems,” explains Clausing. “Either the customer provides us with an Internet link or we can use an LTE router for wireless access.” Currently there are 15 WatchGuard T10 Fireboxes at work on various customer sites and an M500 at IKN headquarters. As Clausing notes, “Advanced security is now an integral part of all our projects, be it a new plant, a revamp, or a retrofit. Every quote includes a Firebox option, and our experience to date has been exclusively positive.”
All it takes to give IKN secure access for remote servicing of a control system is to install the WatchGuard appliance in the customer’s local control cabinet. “Compliant access is only possible for a clearly defined group of users in the active directory,” Clausing explains. “We make sure of this with closely targeted configurations. After all, system security is of the utmost priority, and the support tunnels are secured against unauthorized access in either direction.” IKN attaches special importance to WatchGuard’s RapidDeploy configuration functionality, available with all WatchGuard firewalls. With the necessary settings and configurations maintained at HQ, Firebox hardware can be sent to anywhere in the world and as soon as the appliance is powered up, it configures itself in accordance with the configuration parameters stored back at headquarters. “This is a major benefit for us,” reflects Clausing, “since cement plants rarely have their own IT administrator, we just ask one of the technicians to correctly plug in the power and network cables. Everything else either takes place automatically or can be managed by our own people back at headquarters.”
“RapidDeploy saves us a lot of time and expense,” he continues. “Replacing a firewall does not mean that one of us has to hop on a plane and fly halfway around the world. The centralized configuration is ideal for us and has yet to display the slightest weakness.” No wonder, then, that Fireboxes have also been deployed at IKN’s regional sales offices - and even home offices - in order to safeguard the transfer of data between staff, offices, and the group’s central network.
Results
When the old security structures were replaced at IKN it was hardly foreseeable that the WatchGuard products would turn out to be so versatile in everyday use. “At the time,” Clausing says, “my main goal was to get a better handle on the IT security environment and I knew from previous experience that WatchGuard products were very intuitive and user-friendly.”
“Due to deficient logging and reporting, we used to have to call in an external service provider every time we had a problem,” recalls Clausing. “But when we made the change over to WatchGuard, we were able to take charge of IT security management ourselves, gaining a lot more independence – not to mention all the resulting cost savings on service expenditures.”
The transition went smoothly and the new WatchGuard infrastructure – including a UTM cluster for protecting the data center – was quickly deployed, going live within a few weeks. Appliances for IKN’s sales offices and customer sites soon followed, enabling stable VPN access with minimal latency. The deployment has IKN’ s four-member IT team seeing big benefits with Dimension, WatchGuard’s data visualization and reporting platform. “We monitor Dimension’s security dashboards regularly” says Clausing, “so we’re always aware of what is going on in the network. We get a near real-time view of attempted cyber attacks, as well as the taken countermeasures.” Dimension’s intuitive dashboard also makes it easy for the IKN team to track down and rectify potential vulnerabilities from one central point for the entire network. Numerous UTM functions – including APT Blocker, Data Loss Prevention (DLP), Intrusion prevention service (IPS), spamBlocker and WebBlocker – provide additional layers of defense, guaranteeing comprehensive security for data traffic. “To sum it up,” says Clausing, “IT security is essential, but our company’s strategic alignment also emphasizes flexibility, and with WatchGuard, we are keeping all our future options open.”