DSM is active worldwide in nutritional and pharma ingredients, performance materials and industrial chemicals. The company has annual sales of more than 8 billion, employs some 22,000 people worldwide and ranks among the global leaders in many of its fields. DSM is headquartered in the Netherlands, with locations in Europe, Asia, Africa, Australia and the Americas.
On the basis of advice from several consultative bodies as well as its own awareness of safety and security for its IT infrastructure, DSM’s corporate IT management team—led by Eric IJpelaar, manager of technical infrastructure and security services—was asked by the board of governors to explore solutions to solve the networks operational problems.
Integrated solution needed to fully monitor network traffic
DSM’s fundamental dilemma was that the network’s operators lacked a total overview of the information travelling through the network. In addition, the network was vulnerable to infiltration—and therefore attacks—from unauthorised users as well as from Internet-related viruses and malware. The company needed a solution that would integrate with the network and offer compliance with IXO and ISO standards, as well as protect against security leaks in the software.
Another key concern for the corporate management team was a system that could monitor and provide reports about the network traffic. Like many companies, DSM had installed a firewall to protect itself against malicious attacks entering the system through the Internet connection. DSM found that, as a large corporation with thousands of employees working internally and externally on both a permanent and consultancy basis, it was extremely difficult to monitor the network traffic. Consequently, something more than a firewall was needed.
DSM’s key security requirements
In order to establish which solution would best meet its criteria, DSM requested four security suppliers to submit their products for trial. The company decided upon two solutions provided by McAfee.
Network intrusion protection key to operators’ ability to monitor traffic
To provide DSM with a monitoring system for its network, the corporate IT team implemented McAfee Network Security Platform (formerly McAfee IntruShield®), a network intrusion prevention solution (IPS). The system provided the network with “cameras” that allow the network operators to watch the electronic traffic travelling through the organisation’s network. The “cameras” detect potential security problems, and highlight them to the operators so that they can be neutralised before they cause any disruption. All of these monitoring devices are connected to the IPS manager which acts as the systems emergency centre.
"The efficiency benefits provided by McAfee’s integral solution have led to significant cost savings. The solution demanded substantial investment, but it pales into insignificance when related to the costs we would incur if the corporate processes were disrupted."Eric IJpelaar
Manager of technical infrastructure and security services, DSM
Reporting and patch prioritization enhance security risk management and control
McAfee also recommended installing McAfee Vulnerability Manager to deal with DSM’s security and compliance issues. Foundstone provides the operators with a clear view of issues such as:
“Thanks to this integral approach, DSM now has a much better picture of the systems—servers, PCs, printers, and other devices—that are connected to its network. The company can see which devices need a patch, for instance, and which devices ought to be given priority in the light of potential risks to the organisation says Eric IJpelaar. He adds, “We can also see which devices have been illegally linked to the network and, moreover, we can now see which traffic is being generated by all those devices. As a result, we currently have much more control of the situation”.
Network traffic visibility ensures minimal disruption in corporate processes
According to IJpelaar, DSM now works in accordance with the regulations, so there is less chance of a device slipping through the security structure. “All in all, we have minimized the risk of disruption to our corporate processes”, says IJpelaar, “because McAfee Network Security Platform now enables us to view all the traffic that travels through our network. We can also see which traffic we want to stop, such as instructions to a printer that is no longer in use. Cases like these also assist us in realising the most efficient possible use of our network’s capacity and we now make better use of the bandwidth of our electronic highways by giving priority to certain types of traffic”.
IJpelaar concludes that, “The efficiency benefits provided by McAfee’s integral solution have led to significant cost savings. The solution demanded substantial investment, but it pales into insignificance when related to the costs we would incur if the corporate processes were disrupted”.