Autohaus Is Advancing with WatchGuard
Challenge
With experience dating back to 1973, Autohaus Timmermanns GmbH is a luxury car dealership that specializes in both BMW models and BMW car accessories. Originally based in Düsseldorf, Germany, its dealerships extend to Neuss, Kaarst and Nettetal.
In order to meet customers’ requests for publicly accessible Internet access that is both fast and secure, Autohaus Timmermanns GmbH set up a guest wireless local area network (WLAN) at its four locations in Düsseldorf, Neuss, Kaarst, and Nettetal years ago. However, the technologies used were merely stand-alone solutions. All of them came from different manufacturers, which made it difficult to consolidate IT-related tasks. In addition to the administrative challenges, additional security requirements also played a major role in day-to-day business. Michael Hendrich, head of IT, explains: "Since 2015, iPads have been used for customer contact, allowing vehicles to be configured and customized to meet the customer’s exact requirements. Without a WLAN, product presentation and simple ordering would not be possible." As such, the IT team wanted to choose a WLAN solution that had a high level of security for internal applications, fast Internet connection speeds for employees and customers, as well as straightforward and — most importantly — standardized in-house administration.
Solution
With the help of Düsseldorf-based IT service provider, IT-On.NET, different models of the WatchGuard Access Points were integrated into the existing IT infrastructure of the BMW authorized dealer. Since a WatchGuard UTM platform was already being used to protect the central network, this fit seamlessly into the existing security infrastructure. Functionalities such as Application Control, Gateway AntiVirus, or APT Blocker — which offers effective protection against advanced IT threats and zero day malware on the basis of behavioral analysis and sandboxing technology — are used extensively. Since 2017, the WatchGuard Wi-Fi Cloud solution has provided an additional level of security for management and reporting within the WLAN, at minimal implementation and administration costs.
Together with the guest WLAN, there is also an in-house WLAN segment for internal use, administration and the workshop. The performance is tailored to the frequency of use in all of the subnetworks. Future changes to this will not present any problem because the solution can be scaled to requirements simply by replacing an existing access point with a more powerful model or adding another access point. On top of that, user access is provided in each WLAN area via a WPA2 password. “Of course, at first, there were questions as to why a password was necessary for the WLAN dial-up and could not simply be used right away, as is the case in many places. But once we explain the security and performance aspects, all customers are immediately won over. As a result, addressing this matter also reinforces our trustworthiness in general — an important plus in the automobile trade,” says Michael.
Results
A total of ten access points with different performance levels now guarantee all four of the BMW authorized dealer’s locations have exactly the connection they need. The entire corporate WLAN, including the various subnetworks, can now be controlled centrally and easily. Specific rules can be assigned and implemented at the click of a mouse. Adjustments can be made effortlessly, while the reporting system means that no queries are left open — a feature that clearly sets it apart from other applications. Important information such as signal strength range, bandwidth consumption by WLAN clients, distribution of clients, application usage, and wireless intrusion prevention system (WIPS) security events are visible in an instant or are routinely scheduled and automatically sent to the responsible person’s email inbox.
At the same time, Autohaus Timmermanns GmbH benefits from the most advanced technology with WIPS. Extended rogue detection not only recognizes and classifies foreign WLAN clients, but can also deactivate unwanted rogue clients automatically, for even greater security and performance. The days when “harmless” devices were denied access and neighboring hotspots were classified as a threat are now over. “The beauty of it is we gain a high level of security, without having to do a lot of the legwork ourselves. Now, no one can sneak undetected into the WLAN and misuse it by tapping data or eating up bandwidth. If anything happens, we know the defense systems we need are in place. If necessary, we also receive alerts about the situation. This saves us a huge amount of time in our day-to-day work,” says Michael. Furthermore, Michael is convinced of the monitoring possibilities offered by the Cloud solution. The effective interaction of all components also results in even better protection across the whole network — from the perimeter to the endpoint. “Thanks to the intuitive display, we have oversight of everything all the time, and thus, complete control over all areas," Michael concluded.