Aziende Industriali di Lugano (AIL) SA

Locks down its utility grids and IT networks with Trend Micro

Introduction

Aziende Industriali di Lugano (AIL) SA is a Swiss corporation that produces, transforms, transports, distributes and markets energy, drinking water, water for industrial use, and raw materials for energy production. The company’s products and services are purchased every day by more than 110,000 individuals and businesses in the 56 municipalities of the Sottoceneri region of the Swiss canton of Ticino, which extends from Monte Ceneri to the Swiss border at Novazzano. This makes AIL the most important retail and wholesale distributor of water, natural gas, electricity, and heat of the Ticino canton.

The Challenge

Since 2015, Aziende Industriali di Lugano (AIL) has needed a solution that could effectively monitor the entire utilities grid and IT network in order to control the provision of electricity, water, and gas and to take quick action in the event of alarms. “From 2015 to 2017, we tested various solutions, not including Trend Micro, but none of them were able to fully meet our needs, especially in relation to monitoring our utilities grid,” said Michele Rusconi, head of ICT & FO Infrastructures for AIL.

Why Trend Micro

“One day, our partner MTF Info Centro SA, which had recently begun working with Trend Micro, suggested we try out their network inspection solutions. The monitoring and analysis of traditional IT networks proved to be excellent right from the start, but the solution didn’t yet support utilities grids.” Over the next six months, though, the research team at Trend Micro developed recognition of technical protocols to meet AIL’s needs. “That was when we knew it was the product for us,” Michele Rusconi continued. “Trend Micro was the only company to provide analysis of flows of the entire network, and we also very much appreciated Trend Micro’s support of and focus on us, and this continues to today.” Subsequently, in order to achieve full integration, AIL also chose to adopt the Trend Micro suite for endpoint protection.

"The greatest benefit so far is something we experienced recently when we were the targets of an attack that took advantage of a vulnerability in our systems. The Trend Micro solutions detected it immediately, and in just half a day we were able to apply the right patches. Most likely, without Deep Discovery Inspector, we would have lost an entire day without getting a clear idea of what had happened."

Michele Rusconi
Head of ICT & FO Infrastructures for AIL

Solutions

In order to meet AIL’s security needs, Trend Micro came up with a custom protection strategy that monitors the IT and utilities networks and controls the endpoints. The networks are now protected by Deep Discovery, specifically Deep Discovery Inspector for detection and Deep Discovery Analyser for remediation. For the endpoints, Aziende Industriali di Lugano use the Enterprise Security Suite. These solutions communicate with each other in real time and are managed centrally by the Trend Micro Control Manager.

The cornerstone of this project is Trend Micro Deep Discovery, the most complete solution of its category in combating APT attacks. Not only does Deep Discovery have the tools it takes to detect zero-day exploits and other threats throughout the network and during all phases of an attack, it has also been designed to provide in-depth analysis tools to prevent future attacks. Deep Discovery’s network detention capabilities and custom sandbox analysis can detect the spear phishing email messages that are often at the heart of the attack, identify the malware, and discover the external command-and-control (C&C) sites used by the cybercriminals. Deep Discovery Inspector, in particular, is a network device that provides full control over all network traffic in order to detect any aspect of a targeted attack. Deep Discovery Inspector monitors all network ports and more than 100 protocols to provide the broadest protection available. Specialised detection engines and custom sandboxing identify and analyze malware, C&C communications, and the evasive actions of attackers that are invisible to standard security solutions. Deep Discovery Analyser, in turn, provides analyses in custom sandboxes, thereby increasing the value of security products, such as endpoint protection, web and email gateways, network security, and other Deep Discovery products.

The Benefits

“The greatest benefit so far is something we experienced recently when we were the targets of an attack that took advantage of a vulnerability in our systems,” said Michele Rusconi. “The Trend Micro solutions detected it immediately, and in just half a day we were able to apply the right patches. Most likely, without Deep Discovery Inspector, we would have lost an entire day without getting a clear idea of what had happened.” As the head of ICT & FO Infrastructures, Rusconi is greatly satisfied with Trend Micro, especially, as he says, “for the convenience of having a complete view over all that transits over the network, not just in relation to threats, but also to protocols that may not always work properly and the ability to make fixes.”

Future Developments

At Aziende Industriali di Lugano, they have a great many ideas for development. “From an anti-spam project based on Trend Micro solutions to an assessment of our protection in relation to SCADA,” Michele Rusconi concluded, “[with the goal] of having increasing levels of integration and collaboration between the solutions we use in order to ensure maximum security for our company’s critical infrastructures and, in turn, for our customers.”