SARA enhances security via the cloud

CHALLENGE

SARA ASSICURAZIONI SpA is the Italian Automobile Club’s official insurance partner. The company carries out its distribution activity through a network of branches. With over 70 years’ experience in the market, SARA stands out for its transparency, quality and innovative spirit. It is trusted by Italian families, professionals, craftsmen, shopkeepers and the whole SME sector for all needs involving personal and property safety.In line with these principles, SARA has undertaken a project to rationalize and evolve its network infrastructure and security services. Using a powerful bundle of Cisco cloud-based products, Italtel has created a uniform, integrated security solution for SARA – one that employs state-of-the-art analytics and machine learning systems to provide maximum protection against malware and viruses.

SARA is now a full cloud company that aims to become, in line with this strategy, a data-driven organization by adopting a cloud-oriented approach to all its IT services – so much so that last year Amazon rewarded it as one of its first Italian customers to move their applications, including critical ones, directly to the cloud.

SARA’s approach is highly innovative, as companies tend to implement this change gradually, usually by moving their backup copies to the cloud first. Consistent with this vision,

SARA also wanted to move its entire security project to the cloud.

SARA has approximately 650 employees, as well as over 500 branches and 1500 stores across Italy.

SARA Assicurazioni streamlines its cybersecurity services and network infrastructure

BENEFITS

There are many advantages to this solution:
1
improved security for SARA's end customers, thanks to the various element's greater interoperability and homogeneity (all products were designed by Cisco)
2
rationalization and simplification of a complex scenario, previously dominated by a variety of solutions, equipment and software from different vendors (difficult integration); and implementation of state-of-the-art (best of breed) infrastructure and security services, thanks to constant Cisco upgrades, so as to align the solution with state-of-the-art technology
3
design flexibility within the agreed costs; this way, managing changes to meet any needs that might emerge over time does not require new agreement procedures with a significant impact on implementation times
4
optimized management and distribution of devices, thanks to a centralized platform
5
management simplicity, even for the contract itself, with a single platform
The implementation of this solution was faster than expected, thanks to the expertise of Italtel’s engineers. The adoption of Italtel’s internally developed tools/scripts to support the migration of firewalls was key to reducing implementation times and speeding up operations.

AT A GLANCE

Adoption of an holistic security strategy
Perimeter protection
Analysis of abnormal network behavior in the PC
Centralized automatic management with domain policy
Intrusion Prevention System
Firewall rules based on active directory users
Files analysis with ThreatGrid platform
Web Security Appliance
Umbrella as DNS

SOLUTION

SARA Assicurazioni streamlines its cybersecurity services and network infrastructure thanks to a bundle comprising Cisco products and Italtel services. This is a highly innovative project, both for the cloud-based products that have been used and the terms of the agreement, which, for a monthly subscription per user, endows SARA with the entire security suite offered by the Cisco catalog as well as the necessary customizations for its specific context. Italtel provides the solution’s design, configuration and customization services.
SARA’s cybersecurity solutions used to be very inhomogeneous and had complex contracts to manage. SARA had a layered, complex and heterogeneous solution in operation, consisting of a variety of multivendor products with mutual integration problems. For this reason, SARA wanted to homogenize and normalize the situation by signing a five-year agreement with Italtel. Based on the enterprise license agreement model, this agreement aimed to replace the company’s complex layers of multivendor solutions with a bundle of Cisco products and services, as well as to provide additional Italtel technologies and customization services to adapt the whole solution to the customer’s specific needs.
Following the transition to the cybersecurity solution provided by the Italtel + Cisco bundle, the company’s previous system has been replaced with a whole suite of Cisco products – from the client to the infrastructure and the edge of the network within it. The products integrate and interact with one another more easily, and the uniformity of the new solution contributes to achieving higher security levels.
SARA has opted for a hybrid Cloud solution with access to Cisco Cloud management services, in which the ISE solution elements are virtualized in the company’s Data Center at the Rome headquarters.

TECHNICAL DESCRIPTION

The cybersecurity solution created for the SARA network is an all-round package.

The approach chosen by SARA – and implemented by Italtel with Cisco solutions – consists of overcoming the idea of a decentralized security system, in which each element features some countermeasures to thwart any possible attacks or abnormal situations, and adopts a holistic security strategy in which each element applies those countermeasures and then informs the other systems of what it has found; this way, all other systems on the network apply similar countermeasures following a non-direct signaling of that element, which has been distributed by another network element.

In fact, the solution is articulated on several levels, starting with the security of personal computers (the physical clients or end points), on which the AMP – Advanced Malware Protection agent for Endpoint is installed as an evolution of the antivirus.

Besides the usual antivirus features, the AMP for Endpoint (integrated with other Cisco elements) analyzes abnormal network behavior in the PC and carries out several operations, ranging from the deletion of a dangerous attachment to the isolation of the PC in extreme cases.

SARA distributes the AMP for Endpoint across employees’ PCs through an in-cloud platform in which it is possible to implement client customizations (specific to each operating system), which are then installed on PCs, usually through the platform’s centralized automatic management with domain policy.

The AMP for Endpoint integrates with a couple of next-generation firewalls (with a highly reliable configuration); this offers perimeter protection thanks to more advanced features compared to old generation firewalls, which work on simple iIP-port or IP-protocol controls. Thanks to this integration, countermeasures can also be easily implemented at the perimeter level – for instance, blocking traffic from an IP address. These actions do not necessarily originate from firewalls, but also from other elements comprised in this solution. These next-generation firewalls feature advanced control systems against malware at the edge of the network, URL filtering (limiting access to URLs), application filtering (limiting the applications that can be opened by the user), and AMP Network filtering.

The implementation comprises the IPS (Intrusion Prevention System) component, which is always included in Cisco Firepower 2130 devices with FTD software, and was added at the request of SARA and previously implemented by another function. More specifically, it migrated from the old deployment to a single centralized platform, which simplifies the configuration of firewall management rules.

SARA has evolved from a rigid firewall configuration structure (for instance, when changing a network it was necessary to update all the rules that affected that same network) to a more dynamic one. A further evolution consisted of adding networking-based rules (source IP/destination IP) as well as rules based on active directory users. Someone from the Milan office who visits the Rome office no longer needs to integrate the Rome network as their source; that employee will be handled solely on the basis of his/her credentials, thus obtaining simplicity and versatility with regard to the Active Directory group without having to change the entire infrastructure.

User-based configuratibility is made possible thanks to the ISE (Identity Services Engine), a Network Access Control which is integrated with the Active Directory and the Firepower.More specifically, the ISE has been integrated to allow the Firepower to configure the rules on a user basis rather than on an IP basis. The ISE offers many other features; as an NAC (Network Access Control) it controls access to the network, be it wireless or wired. SARA has opted to expand the ISE deployment in order to distribute it (as it is an access control tool for a geographically vast network with a large number of users), thus offering proximity to the end user.

The Cisco WSA (Web Security Appliance) acts as an advanced proxy, replacing the previous McAfee Web Gateway, and integrates perfectly with the solution along with other Cisco elements. The WSA is the element sending DNS requests. In addition to the WSA, and still in the security domain, SARA has also expanded the Cisco Umbrella licenses of 2100 units to integrate its various branches, thereby obtaining greater security because the first security layer that is applied on a network is the DNS level, through the detection of malicious URLs/IPs. In other words, SARA’s infrastructure uses Umbrella as a DNS solution.

Finally, the ThreatGrid platform analyzes files that have been emailed to or downloaded by a user and for which there is no threat-level documentation yet, emulating operating systems, network behavior and user behavior to verify how the file acts (for instance, whether it changes the registry keys) in a so-called sandbox – that is, a secure, closed bubble. Based on the report, the file is classified as malicious or otherwise. This information is then distributed across Cisco’s global system. This platform is of great value as a protection against so-called zero-day threats, that is, viruses that are so recent that they have not yet been identified.

For further information

Your browser is out-of-date!

Update your browser to view this website correctly., Update my browser now

×