Ease of Use and Application Controls Help Nordson Corporation ‘Stick it’ to Network Security Threats
Headquartered in Westlake, Ohio, Nordson Corporation is the world’s leading manufacturer of systems that apply adhesives, sealants and coatings during manufacturing operations. With more than 3,800 employees in 30 countries and working relationships with more than 165 distributor organizations, Nordson’s worldwide presence covers 57 countries. Like many corporations with a global presence, Nordson must remain ever vigilant in their efforts to protect the network while maintaining appropriate cost controls.
REMOTE MANAGEMENT SHOULDN'T BE SO DIFFICULT
When it comes to network security, the best approach is a layered defense that applies different technologies to network traffic with the goal of stopping all manner of attacks. That is the theory anyways. Too often a layered security solution means multiple security devices from different vendors, each with their own management interfaces and related oddities, a fact that Tim Harr, Manager, Corporate Information Technologies, Nordson Corporation recently experienced firsthand.
Tim and his fellow IT manager were tasked with updating the security infrastructure at their remote sites and the solution they were in the process of deploying consisted of three different products--a firewall, an IPS and URL filtering—each from a separate vendor. The Nordson team had deployed five sites already and they were running into remote management complexities, the least of which being the fact that each device was a different management interface.
The firewall was hard to manage remotely, a problem that was exacerbated by the different OS versions on each firewall. The server-based URL filtering solution required a consultant to write custom scripts and the all-to-frequent OS updates meant that it was hard to fit a server backup into the schedule, given their remote locations. The operational efforts that the small Nordson IT team of two was devoting to remote management issues far exceeded their expectations and their most challenging deployment was looming at their facilities in China. Time differences, geographic location, connection speeds and the wealth of network security threats were keeping Tim up at night. Clearly there had to be a more efficient and cost effective means of deploying security in their remote locations.
COMMON POLICY TABLE SIMPLIFIES REMOTE MANAGEMENT
In the final planning stages for their China deployment, Tim heard about something that sounded like a solution to their problems–but he had heard it all before and was skeptical. The potential solution was the Palo Alto Networks PA-4000 Series firewall and from what he heard initially, it sounded like he could have firewall-like control over his applications, integrated threat prevention and URL filtering all in one device. Still skeptical, he was sure that the management would be atrocious, merely a cobbled together set of different interfaces, but Tim was intrigued enough to look into the Palo Alto Networks offering further.
After several in-depth technical discussions and demonstrations, the one thing that stuck with Tim and the team was the ease with which the PA-4020 was managed. A web interface that did not require any client software made secure remote access as simple as clicking on a URL. The process of setting up a firewall policy was all done in a single policy table. Tim also saw significant value in the tight integration with Active Directory, which not only told him which applications the employees were using based on their user identity and/or group membership, it allowed him to create a policy to control the usage. No need to use multiple products, no need for custom scripts, no need to worry about server operating system backups. Tim estimated that the reduction in efforts he and his colleague devoted to unexpected remote management issues could pay for the Palo Alto Networks device. And most importantly, it would allow him to sleep at night.
Once deployed in China, the Palo Alto Networks firewall opened the Nordson team’s eyes by showing them the non-work related applications and associated threats traversing their network undetected. Investigating threats, once a laborious task involving multiple devices, was now a simple and straight forward process of filtering logs and viewing reports. According to Tim, “not knowing which applications were running on the network is a big hole—particularly when it is at a remote site where there is typically less control. With the Palo Alto Networks firewall, we are able to identify the exact application running on the network, all the way down to the Active Directory user identity. And as needed, we can implement policy controls to protect the network.” Tim concludes, “we have deployed a single security appliance where we had originally planned on using three disparate devices and that has reduced the management complexity significantly, without compromising our security”.