Clean thing

Since Entsorgung + Recycling Zürich (ERZ) provides important infrastructure services to the population of Zurich around the clock, the information technology must also always be ready for operation. The ERZ managers therefore know that it is crucial to protect the network in the best possible way. This is especially true against the backdrop of changing threats. Among other things, the waste disposal service provider has long relied on a next-generation firewall (Palo Alto Networks PA-4020) for network protection and application and bandwidth control, as well as IPS (intrusion prevention system). Julio Lorenzo, head of the specialist infrastructure group at ERZ, explains: "It is stable, reliable, powerful and offers excellent IPS as well as real application control. However, Palo Alto Networks not only provides point-to-point security, but also security in the application layer."

Previous endpoint protection inadequate

Over the years, ERZ had purchased several products for virus protection and endpoint protection. Some of these required excessive administrative effort from the IT team and left ERZ additionally vulnerable. "It was a constant challenge to implement security patches in a timely manner to respond to new vulnerabilities or zero-day attacks," Lorenzo said. As a result, ERZ wanted a modern endpoint security solution that did not require additional resources. "We are always looking for new solutions through which administration and threat prevention can be automated. In the past, the workload added up to four hours a day," explains the IT expert.

Due to the limitations and compromises of using their existing products, the waste management company was looking for a new endpoint security solution. "We were also increasingly faced with risks such as Advanced Persistent Threats and similar threats. However, our old antivirus solutions were not able to protect us from these complex attacks. As a result, we didn't have reliable endpoint security because we needed more than just protection at the Internet gateway to fend off external and internal threats," Lorenzo explains.

New start for endpoint security

ERZ turned to its IT consultant Omicron AG. They recommended Traps Advanced Endpoint Protection, which is also part of Palo Alto Networks' enterprise security platform. The security platform as a total solution provides visibility and control for applications, users and content. It also protects against known and unknown cyber threats. The Threat Intelligence Cloud, which is part of the platform, analyzes suspicious files and identifies new, previously unknown threats. It provides access to a global threat intelligence community and distributes newly known defenses within minutes, reducing response times for analysis, forensics and remediation when security incidents occur.

Traps, on the other hand, which ERZ has chosen, prevents complex vulnerability exploits and attacks carried out by unknown malware. The flexibly scalable, lean agent uses an innovative method to prevent attacks without the need for prior knowledge of the threat. The product thus provides enterprises with a powerful tool to protect endpoints from virtually any targeted attack.

Before making the decision, ERZ tested Traps in its lab, which convinced the team: "We didn't even have to consider testing another endpoint security product," says Lorenzo. He adds that the application offers extremely reliable protection in the cyberattack lifecycle. Another important consideration was ease of use. "We don't have to keep track of and update Traps all the time - and yet it can prevent unknown attacks," says the ERZ man.

Another layer of protection

ERZ then replaced the previous solution with Traps. "Patching is no longer time-consuming or urgent because Traps already protects us even before we implement the patches," Lorenzo explains. "The new application also requires little administrative work and does not absorb resources. Before, our solutions were running permanently and consumed resources unnecessarily accordingly. Traps only becomes active when it's needed." Lorenzo is convinced by the scalability and low resource consumption: "The deployment does not affect performance at all. You can deploy the solution in different places and easily cover different networks. Moreover, you can use it with minimal training."

ERZ has also newly subscribed to "WildFire". This subscription service protects against advanced malware and threats by proactively identifying and blocking unknown malware, zero-day exploits and advanced persistent threats (APTs). "WildFire" acts as an extension of the enterprise security platform and applies its behavioral analysis regardless of port or encryption. When an unknown threat is detected, the application automatically provides protection and blocks the threat in near real-time across the cyber attack lifecycle.

"The direct integration between Traps and WildFire means that unknown executables attempting to run on endpoints are automatically scanned. If the file is malicious, Traps prevents it from running. In addition, outright unknown malware can also be stopped because Traps preemptively sends unknown executables to WildFire for analysis."

Higher safety level, less effort

With the solution it has adopted, ERZ has improved endpoint security, as well as the overall level of security, while reducing IT management overhead. "There is no magic bullet in IT security," Lorenzo says. "Everything from network perimeter protection to the endpoint needs to be precisely integrated because we never know where threats can come from. Endpoint security integrated into the enterprise security platform using traps shows us what's happening, where it's happening and stops threats."

Case Study from Palo Alto Networks