How does Turkey’s largest tyre manufacturer maintain continuous operations in the face of relentless cyberthreats? That was the challenge for Brisa, a joint venture between Bridgestone Corporation of Japan, one of the world’s largest tyre manufacturers, and Sabanci Group, Turkey’s leading industrial conglomerate.
Brisa produce five tyre brands (Bridgestone, Lassa, Dayton, Firestone, and Kinesis) at two manufacturing plants – Izmit and Aksaray.
"The firewall between the IT and OT systems is important to us for manufacturing business continuity," says Evren Buyer. "Even one minute of stoppage would seriously impact our revenue pipeline, customer service, and brand value."
Brisa also needed to securely enable their Industry 4.0 transformation, protecting the growing array of IoT and OT devices that underpin modern tyre manufacturing.
Evren Buyer explains, "There are almost 2,500 IoT and OT devices across the organisation, supporting everything from tyre assembly and final finishing to security cameras and heat sensors."
The new strategy also needed to support segmentation: groups of devices working on different layer protocols where data transmission is addressed to a group of destination computers simultaneously.
Evren Buyer and his team began searching for an alternative network security approach to underpin this Industry 4.0 transformation while maintaining uptime and maximising efficiency.
The new network security requirements would be to:
Although Brisa were long-term advocates of the legacy firewall vendors, Palo Alto Networks quickly changed that opinion. "I fell in love with the Palo Alto Networks portfolio soon after I saw it," says Evren Buyer. "I have 25 years’ experience in network security, and I’ve never come across such a cohesive portfolio. Everything connects, everything is best-in-class, and everything is proven."
Brisa have deployed ML-Powered Next-Generation Firewalls (NGFWs) in two high-availability clusters in each manufacturing site. Network segmentation enables Evren Buyer and his team to control traffic flow between multiple segments based on granular policies. "Manufacturing, the business, and other teams all use different VLANs to reach the internet. Palo Alto Networks ML-Powered Next-Generation Firewalls enhance Brisa’s security, improve our monitoring, and optimise performance," he says.
The IoT Security service on top of the Palo Alto Networks NGFW uses machine learning to discover Brisa’s unmanaged IoT/OT devices, detect behavioural anomalies, and automate policy enforcement without the need for additional sensors or infrastructure. "Palo Alto Networks NGFW with IoT Security ensures all the devices are seen and secured from zero-day threats," he adds.
Other cloud-delivered security services are deployed in this single coordinated network security stack, including Advanced URL Filtering, Advanced Threat Prevention, and DNS Security.
As Brisa continue to modernise the factory floor – introducing new digital manufacturing platforms and adding additional IoT/OT devices – Palo Alto Networks are at their side, providing the visibility and control needed to grow the business.
Zone-based segmentation, for example, enables Brisa to segment their network into different zones and layers. In the unlikely event of a threat, the incident is isolated to that zone and doesn’t impact the entire network.
"The comprehensive Palo Alto Networks security portfolio can be modularly configured to dynamically meet Brisa’s manufacturing needs. We trust Palo Alto Networks to protect the entire manufacturing enterprise – across the plant floor, manufacturing execution systems, corporate IT, and IoT," says Evren Buyer.
By moving to a single, unified portfolio of Palo Alto Networks technologies, Brisa have reduced the cost of OT/ICS/IoT security by 30%.
“Palo Alto Networks ML-Powered Next-Generation Firewalls with natively integrated Cloud-Delivered Security Services automate OT/ICS/IoT device and application discovery and granular segmentation, and stop zero-day web-based and DNS-layer threats,” says Evren Buyer. “This is significantly less expensive than buying separate solutions. When you factor in the reduced day-to-day security administration overhead, the 30% platform cost saving we’re already seeing rises even further.”
With automated visibility and control over security, Brisa’s Security Operations team are 20% more productive than they used to be. When the IoT Security service was turned on, for example, it was a “plug and play” operation, immediately empowering the team to see, assess, and secure thousands of devices with no increase in the workload.
"Now, with Palo Alto Networks cloud-delivered IoT Security service, our IoT visibility is 100%," says Evren Buyer. "Automation and end-to-end security visibility allow us to work faster and focus on strategic security issues, not everyday alerts."