Volvo Group Turns to McAfee for Worldwide Vulnerability Management

Volvo Group serves customers in more than 180 countries, primarily in Europe, Asia, and North America. The company’s brand is one of the world’s most recognized. It appears on a range of products including trucks, buses, and construction equipment. Volvo Group has production facilities in 19 countries and carries a workforce of approximately 100,000.

As one would expect in such a large enterprise, Volvo Group’s IT function is massive. “Volvo Group’s IT organization is global and employs nearly 7,000 people—a combination of staff and contractors,” explains Jonas Björklund, Volvo Group’s Vulnerability Control Manager. “We have major sites in 15 locations and we have some presence almost anywhere the company has a production or sales facility. Altogether, the IT group is in 200 sites. Plus, we manage 14 large data centers spread around the world.”

Within Volvo IT, 12 people make up the Volvo IT Global Security group. And, high on its list of priorities was a scanning solution that combined asset discovery and vulnerability assessment.

Compliance pressure drives search for scanning solution
“For many companies, compliance is the big driver for vulnerability management and scanning,” comments Björklund. “And it is for Volvo Group as well. We need to be able to see whether or not a security pack or an important patch has been applied to clients or servers and be able to document it.” Björklund wanted to build a process that would first help identify all the equipment connected to Volvo Group’s network and then match nodes with vulnerabilities so they could be managed.

When McAfee’s account team began discussions with Volvo Group, the company had virtually no scanning technology in place. It relied exclusively on another vendor’s configuration manager, which Björklund found awkward to use and consumed too much network bandwidth. “You couldn’t even call it a challenge,” Björklund continues. “We had no visibility into our assets. And our IT functions are so dispersed that we had several full-time employees constantly gathering information, trying to keep up. So before we could address vulnerabilities we first had to get a complete picture our assets.”

Volvo Group researched a number of security software companies and short-listed McAfee and one other vendor, which actually looked more attractive on paper. But McAfee engaged Volvo in a series of very technical discussions about its security concerns and product expectations. These discussions convinced Volvo that McAfee Vulnerability Manager (formerly McAfee Foundstone® Enterprise) was the best fit for its needs. “We used practical installation tests and theoretical analysis,” recalls Björklund. “What put McAfee Vulnerability Manager over the top was the ability it gave us to write custom scans and the fact that we could keep our data inside the organization.” The competitor was a hosted solution.

Getting started: discovery and assessment
McAfee Vulnerability Manager supports the entire life cycle of the vulnerability management process, starting with asset discovery. It performs discovery scans, imports all discovered assets to a database, supports grouping and assignment of asset owners, and pinpoints the most valuable assets. Once assets are identified, Vulnerability Manager scans for vulnerabilities and policy violations.

In addition to the Vulnerability Manager’s flexibility, Björklund also appreciated the strength of the McAfee brand, which is trusted around the world.

"What put McAfee Vulnerability Manager over the top was the ability it gave us to write custom scans and the fact that we could keep our data inside the organization."

Jonas Björklund
Vulnerability Control Manager, Volvo Group

“Not all our servers and clients are connected to an Active Directory (AD), which means that we can’t actually see where all our assets are,” Björklund notes. “So Vulnerability Manager’s asset scanning capability enables us to see where we have hosts answering on the net. Then we can make sure they are compliant with our standards.”

To Björklund’s point, soon after deploying Vulnerability Manager one of the factories was found to have a prohibited operating system on its network. More revealing was the fact the operating system was coordinating robots inside the factory. Theoretically, the scan should not have been able to reach this system via the network. “We shouldn’t have been able to see this operating system, but we could because the factory’s network was misconfigured,” Björklund emphasizes. “We couldn’t do anything about the operating system since it was essential to the factory’s operations. But we could address the vulnerability of the network.”

Not only was this information valuable to Björklund and his staff, but it provided two quick wins for McAfee Vulnerability Manager, which helped him quiet skeptics who questioned the need for scanning.

The company deployed 15 Vulnerability Manager 850 appliances across its network, covering different geographic regions, business units, and operating companies. Two Vulnerability Manager 1000 appliances are deployed centrally. Vulnerability Manager’s multi-tiered scanner, management, and database also feature a highly scalable open architecture that easily accommodates growth.

As Björklund becomes familiar with Vulnerability Manager’s capabilities, the bulk of scanning focuses on asset discovery, which currently touches, in addition to servers and clients, more than 1,000 routers, 6,500 switches, 2,000 wireless LAN access points, and 50 firewalls—over 100,000 nodes in total.

Over time, the product will also help optimize patch management and contribute to compliance efforts. McAfee Vulnerability Manager contains packaged templates for assessing vulnerabilities and misconfigurations that impair compliance with government and industry regulations and standards. Also, credentialed scans, which embed proof of access authorization, can perform deeper audits of targeted systems—gathering data that is off limits to routine scans. “We’re off to a good start,” concludes Björklund. “Right now, we’re gaining the benefit of basic usage and getting some quick wins. In a year, we’ll have optimized many more functions and the business value for Volvo will be even greater.”

Volvo Group

Customer profile

Volvo Group serves customers around the world with trucks, buses, construction equipment, and engines for the maritime and aeronautics industries.

Industry

Transportation, construction, maritime, aerospace

IT environment

Volvo Group’s complex environment includes major operating platforms as well industry-specific applications such as vehicle management systems. Its network links production facilities, 14 data centers, 5,500 servers, and is accessed by approximately 70,000 laptops and desktops running Windows XP

Challenges

With a network that supports operations in more than 180 countries, Volvo Group needed a comprehensive and flexible scanning and vulnerability management solution

McAfee solution

McAfee Vulnerability Manager and McAfee ePolicy Orchestrator provide a comprehensive scanning solution that combines asset discovery and vulnerability assessment

Results

  • Delivered vulnerability management to a global network that spans over 180 countries
  • Scans more than 100,000 nodes
  • Protected 14 large data centers and 5,500 servers
  • Combined vulnerability, asset, and countermeasure information
  • Provided agentless policy compliance auditing
  • Enabled Volvo to write custom scans and maintain data securely within the organization