Stolt-Nielsen Limited is a global service provider of integrated solutions for the transportation industry. The company has more than 120 ships, 5,000 tank containers and 21 terminals. Six business units fall under the umbrella organization Stolt-Nielsen Limited (SNL) and three business units are represented in the Netherlands: Stolt Tankers, Stolthaven Terminals, and Stolt Tank Containers. Because SNL works with hazardous substances, security has always been important. With the connection of the vessels to the corporate network, new challenges arose. To protect the OT networks (ICS / SCADA) on the ships against malicious code and attacks, SNL uses Trend Micro TippingPoint. In addition, the company has outsourced the security operations center (SOC). Part of the security services in the SOC consists of cloud workloads which are protected by Trend Micro Deep Security.
We work with chemicals, so security and safety are always very high on the agenda“, explains Paul Sloof, Fleet Support Manager for Stolt Nielsen. Paul is responsible for IT management and infrastructure within Stolt Tankers. This includes network, data transport, and all applications, such as office automation on ships.
“With the arrival of the internet of things (IoT) and the connection of our ships to the network, new security challenges suddenly appeared. For us this was the starting point to delve into endpoint security. Devices are connected to the network, and we have to take into account a lot of practical challenges and rules. The search for a new solution had a very concrete reason for us”, says Paul.
The shipping industry has significant regulatory and compliance rules, with which a ship must comply. Paul explains, “For example, a virus scanner cannot be connected to the navigation software; the ship would not be compliant and would not be permitted to sail. A chemical tanker has a complex structure using many IT components, however, the fact that they are now connected to the corporate network has significant impact. With the arrival of IoT, new network components are being added, while some legacy devices are 25 years old, some running on Microsoft® Windows® XP. At the start of this project, we assumed this could be accommodated, but that we would come across a number of black boxes. Since direct endpoint protection was not an option, we had to look for a new solution to contain potential threats. This led us to search for an intrusion prevention solution”.
"With the arrival of IoT and the connection of our ships to the network, new security challenges suddenly appeared. The search for a new solution had a very concrete reason for us."
Fleet Support Manager, Stolt-Nielsen
Why Trend Micro
Sloof and his team determined the specific requirements, “We have assumed network security. We have had to be ‘agentless’ and required 24/7 global support, from a globally operating vendor for whom intrusion prevention systems solutions (IPS) was also an important part of the portfolio. Moreover, we did not want a vendor lock-in and we were looking for a solution that works with all underlying servers. Gartner™ mentions three to four players in their Magic Quadrant. Once we determined our vendor requirements and criteria, we compared these parties and entered into a discussion. Trend Micro TippingPoint quickly emerged as the winner,“ he says.
After several meetings on different designs and a successful Proof of Value (PoV), Stolt-Nielsen decided to implement Trend Micro™ TippingPoint™ 2200T in its data centers. This filters all the network traffic, looking for any harmful code that can get to the ships. “After the choice was made, we immediately started a pilot, and a number of ships were connected. For this, we only had to adjust the IP routing. Perhaps the best thing about the process is that we have invited a TippingPoint expert and a hacker at the same time to see if and how Trend Micro TippingPoint could ward off the hacker. As soon as the hacker started an attack, you saw that come up in the control panel. That was very educational and entertaining at the same time“.
Sloof explains how Trend Micro TippingPoint protects the OT/SCADA networks of SNL. “All data must go through the data center. Trend Micro TippingPoint views this traffic, recognizes data patterns, and checks whether they meet the characteristics that they should. So if a system normally only communicates with ‘the neighbor’ and then contacts other external devices, it indicates that something is wrong. As soon as there are deviations, a notification will appear. You can choose between the ‘detect and report’ mode or you can block the threat immediately and then report it. In the beginning we also did not know internally why a report came in. The experts at Trend Micro were able to explain why something is seen as a threat by the system”.
It soon became clear to SNL that Trend Micro TippingPoint met their expectations and the system was fully rolled out. “The IT service provider has actually implemented Trend Micro TippingPoint 2200T. Then the experts from Trend Micro started working on the configuration of the system. That all went very smoothly,” says Sloof.
Because all security events are monitored individually, and because there was no time and space within the IT management team to make connections, SNL started looking for a solution that would in fact make these connections. Says Sloof, “That is specialist work, so we consciously choose not to build this knowledge ourselves. That is why we have outsourced our Security Operating Center (SOC) to Tata Consultancy Services (TCS). Part of these security services is Hybrid Cloud Security - mainly for Microsoft® Azure® workloads - that is based on Trend Micro™ Deep Security™ solution.
"We had had to be ‘agentless’ and required 24/7 global support from a globally operating vendor. Once we determined our vendor requirements and criteria ... TippingPoint quickly emerged as the winner."
Fleet Support Manager, Stolt-Nielsen
Between making the decision and putting Trend Micro TippingPoint into production, there was a period of one and a half to two months where a total of 103 ships are connected. “We have identified a number of risks since the connection. In one system—where no virus scanner is allowed to run—there were 40 viruses. All events are now stopped with Trend Micro TippingPoint. Naturally, the necessary virus scanners are also running. At the same time, the new system also creates new challenges because everything that was not visible before is now visible. We are 80 IT staff, half of whom are in charge of management. The IT world is becoming increasingly complex and more threats are being added. It is therefore impossible for us to correlate all those threats at different levels, while this is really necessary,“ explains Sloof.
“The reports that Trend Micro TippingPoint gives are fairly rigid. The moment the system does not recognize things, they are classified as undesirable. If the activity is known, then nothing is wrong. Trend Micro Deep Security is integrated into our SOC to be able to add a shade of gray to all events that we come across. This system reads in all events and then the link between these events is made by a person. Then the event goes to ‘deep inspection’, after which it becomes clear whether it is ‘good or evil’”.
Developments in the shipping industry evolve extremely fast. Technology plays a driving role in this. “We think innovation is very important, but only if we don‘t have to add water to the wine in terms of safety”, says Sloof. “We are therefore pleased that we have found in Trend Micro a party that has a lot of experience in our sector and develops solutions that are safe, intuitive, and future-proof. This allows us to focus our attention on the core business and on our customers“.