Stable OT security

The August Storck company is still family-owned today and is now one of the largest confectionery manufacturers in the world. Storck brand products are supplied to over 100 countries worldwide. Despite all its internationality, however, production continues to take place in Germany: the company, based in Berlin, has four production sites with a total of over 8,000 employees. The technical heart beats at the home base in Halle in East Westphalia: New concepts are developed there and rolled out to all other locations.

To avoid production downtime, the smooth operation of machines in the production halls is essential. Many of these machines have been networked with each other for various reasons, making their OT protection particularly important. Added to this is the growing IT-OT convergence, i.e. the overlap between office IT and production OT. An effective OT defense strategy therefore requires securing this boundary and strictly separating the networks from one another through segmentation.

The main priority was to find a solution suitable for OT that offered a high level of security without increasing complexity and additional operating costs. To minimize the security risk within production, an asset-centric OT security strategy had therefore become essential. This includes requirements for asset and vulnerability management as well as incident response in order to comply with legal regulations in addition to production availability.

The changeover

Storck switched from a traditional anti-virus provider to OT specialist TXOne Networks, a provider of OT-native security solutions. The contact came about via the German system house pco. Following a proof of concept in August 2021, the cyber-physical system detection and response (CPSDR) solution 'Stellar' was launched in January 2022 to protect industrial computers at all sites.

Hundreds of agents could be rolled out relatively quickly without affecting running production applications (ICS applications). No extensive exceptions were required, so that future functions could be implemented directly. In addition to local support, this also resulted in an intensive exchange with the development team in Taipei (Taiwan) in order to transfer further developments directly into ongoing operations and to integrate the solution in the best possible way with the help of support. This is also one of the reasons why Storck is constantly evaluating other solutions in the portfolio in order to achieve synergy effects through the correlation of information, which enables a comprehensive view of the OT security landscape.

The result

At Storck, the Industrial IT department within central technology is responsible for implementing the project and protecting more than a thousand endpoints. Since the introduction of TXOne, the specialists have found their task much easier than before, as the complexity has been significantly reduced and the security of the processes on the endpoints has been increased in addition to the visibility. The support of legacy and new systems enables optimal protection of the heterogeneous OT environment, which is a general challenge within OT, especially due to the long life cycles of individual systems. TXOne, for example, supports Windows 2000 onwards and provides support for well over five years. Finally, 'Stellar' provides extensive functions for anomaly detection and prevention, which can be forwarded to a Security Operations Center (SOC) as basic information.

Another challenge, which is not unique to Storck, is always the protection of purchased systems, such as package units. For this scenario, solutions from the TXOne Edge portfolio are being evaluated that enable simple segmentation and the shielding of vulnerabilities in a straightforward manner. A deep understanding of OT protocols is a matter of course. The entire TXOne portfolio provides important asset information for assessing vulnerabilities and risks that can be correlated within the SageOne platform, which can also be used to centrally manage all TXOne solutions.