Talus Informatik

Monitors all network traffic using Trend Micro Deep Discovery Inspector and Analyser

Overview

Talus Informatik AG has been providing customers with comprehensive IT solutions for more than 20 years, from analysis and consulting to conception, implementation and support. The diversified IT portfolio includes leading industry and individual software solutions.

In addition to being a general contractor in their own geo-redundant data centre, Talus is responsible for the outsourcing of customer IT, web and email hosting, and offers software as a service.

Services are tailored to public administrations of cities and municipalities, energy suppliers, and subject matter experts (SMEs) in the service sector. Given the diverse offerings for clients, one of the biggest challenges for Talus is to maintain the availability and integrity of an immense amount of critical client data, such as, city administration social services and registration data.

Challenges

The security of IT systems and applications is ensured by firewalls and email relays, which are maintained and monitored around the clock by an external partner. Trend Micro™ Antivirus, including ScanMail™ for Exchange and OfficeScan™ solutions, run on servers and terminal servers, monitored internally by IT staff. All services are integrated into a monitoring software solution, reporting to the CIO.

Given the increasing number of attempted attacks, especially via email, the existing security infrastructure was not enough for the CIO. “The ever-increasing threats to the data centre, including ransomware, and limited online visibility across all existing services, such as email flow or traffic, illustrated the need for better analytics and an early warning system to detect anomalies, threats and weak spots,” explains Michael Weissbach, CIO, Talus Informatik AG. Talus looked for a solution which, in addition to the features of the firewall and intrusion prevention system (IPS), offered more functionalities to detect irregularities, and indicators of other threats that might have escaped the perimeter protection mechanisms. As well, Talus wanted to have a second view of the incidents in the network and the endpoints.

"With Deep Discovery, we have a tool that is completely in our hands and that gives us a second view of the systems. The solution now provides us with metrics such as increased traffic or abnormal behavior that provide us with insights we did not have before."

Michael Weissbach,
CIO, Talus Informatik AG

 

Why Trend Micro

“That’s exactly what Trend Micro’s Deep Discovery™ Inspector and Deep Discovery™ Analyser do,” says Talus CIO. “We knew Trend Micro and its products for some time, and a reference customer convinced us even more.” In a two-month trial, the Talus team familiarised themselves with Deep Discovery and tested its suitability for the specific needs of the business. The patched configuration was then exported and adopted. With support from Trend Micro, the Talus team set up interfaces, thresholds, exceptions, and whitelists. This was particularly important, as the solution had significant results in the initial phase, which had escaped the other solutions - especially incoming email.

Solution

Deep Discovery monitors all network traffic on the LAN, DMZ, and entire data centre server network, including the second site (geo-redundancy) at Talus. Every morning there is a system check across the entire data centre, which also includes Deep Discovery. Email alerts have been configured to continuously send critical notifications to the responsible person’s mailbox, so they can take necessary action.

"The protection of IT in our business is on the right track with Trend Micro Deep Discovery, and there are hardly any critical alerts left!"

Michael Weissbach,
CIO, Talus Informatik AG

 

Results

In addition to protecting firewalls and email relays under the responsibility of a partner, Talus now has additional in-house security with Deep Discovery Inspector and Deep Discovery Analyser. “We have a tool that is completely in our hands, giving us a second view of the systems,” explains Weissbach.”The solution also provides us with better analysis capabilities.”

Deep Discovery has emerged as an early-warning system for detecting threats and vulnerabilities, e.g. proven for high spam volumes or other irregularities. With an email volume of more than 300,000 emails per day, it is essential to be able to quickly recognise a sudden increase in spam volume and initiate countermeasures. An example of an instance where the solution proved to be beneficial was when there was an attempt at a Distributed Denial of Service (DDoS) attack, which could be blocked quickly. “The second online view was important, because the attack was understandable and the interruption of the operation took only one hour,” says the CIO.

Detection of vulnerabilities is very important for the security of Talus’ IT systems, as the service provider runs a variety of software solutions. It is important to identify weak points that the mechanisms at the gateway cannot find. “With Deep Discovery, we now have metrics on increased traffic or abnormal behaviors, that provide insights we did not have before,” explains Weissbach. The CIO particularly appreciates using Trend Micro’s Connected Threat Defence to keep track of all the suspicious objects found in Deep Discovery. The experts at Talus have to recognise the threat, and understand where a spam mail came from. The sandbox environment, which tracks the behavior of threats in completely detached instances across different operating systems, keeps detailed logs; providing a unique “behind the scenes” view of what happens when an infection occurs. “The protection of IT in our company is more relaxed because we are on the right track with Deep Discovery,” Weissbach’s concludes.