Ireneo Demanarig is the Chief Information Officer at CEITEC S.A. located in Porto Alegre, Rio Grande do Sul, Brazil. CEITEC is a microelectronics manufacturer that specializes in solutions such as automatic identification (RFID and smartcards), application-specific integrated circuits (ASICs) aimed at identifying animals, and much more.
Recently, I jumped on the phone with Ireneo and asked him three questions about his deployment of Trend Micro Network Defense products. And here is what he had to say.
Can you briefly describe your network protection?
We are using a Palo Alto Networks Next Gen Firewall and an F5 DNS at the perimeter with a TippingPoint IPS sitting in-line behind both of them. Off our core switch we are running Deep Discovery Inspector to protect us from advanced threats. Some people consider using a Next Gen Firewall along with an IPS is redundant but that is not the case. They both protect my network in different ways. The firewall protects my applications while my IPS helps keep the threats at bay. A great example was WannaCry. My next gen firewall missed it but my IPS was able to block every attempt. I also know that if threats get past both of them I can rely on Deep Discovery Inspector to detect the threat as it moves in, out or across my network.
Toward the end of 2018 Trend Micro released Deep Discovery Network Analytics add-on module, which will correlate Deep Discovery Inspector events and display the entire attack lifecycle graphically for quicker response to threats. CEITEC was one of the first customers to do a proof of concept on the new module.
When you did the proof of concept with Deep Discovery Network Analytics what were you able to see?
The proof of concept was a real eye opener for us. Deep Discovery Inspector generates a lot of events and we have a limited staff. So we can only focus on the highest level detections. We don’t have time to look at all events, much less try to connect the dots between multiple events. The Deep Discovery Network Analytics showed us a number of detected attacks that were buried in the events. Specifically it found a coin miner that had been hiding in our network. Network Analytics showed us all the users that were being used in this attack and where they were calling out to. Correlating all this info would have taken my team 3-4 months.
After purchasing Deep Discovery Network Analytics how long did it take to start seeing the value?
It was immediate. We looked at our correlated events in the management console and could see quickly that we had a major breach impacting a large number of our users and servers. Network Analytics showed us on a single chart where the breach started, how it spread, and all the users impacted. With one click of a mouse we were able to see hundreds of Deep Discovery Inspector events pulled into a single graph. This helped us understand not only the threat, but also how to respond appropriately to the attack.
Find out why CEITEC relies on Trend Micro to not only protect his network but also provide visibility and automation.
See the customer use case.