The Cisco security strategy behind the success of Expo Milan 2015
advertisement
The Cisco security strategy behind the success of Expo Milan 2015 Physical security and IT security: at Expo Milan 2015 the protection of people, resources, data and devices was a key factor in the success of the event. From video surveillance to the prevention of cyber attacks, Cisco’s IP network, the pervasive multilevel security and a task force dedicated to monitoring the entire infrastructure allowed the organizers to concentrate on operational tasks knowing that the event was in safe hands. “The Cisco approach to security can be a valuable reference point not just for the Smart Cities of the near future but for any public or private organization. ” Guido Arnone, Director of Technical and Digital Innovation, Expo 2015 During the six months Expo Milan 2015 lasted, Cisco security made it possible to block more than half a million intrusion attempts and over 10,000 attempts to take control of applications and devices, while the Operational Control Center correlated all the events detected by the network-connected cameras and sensors, guaranteeing the complete success of the event. Challenge Protect visitors and pavilions with an advanced, effective and pervasive security system able to manage both the physical and the digital components from a single control platform. Expo Milan 2015 did not take place in one of the most peaceful moments in recent history. Going ahead with an international event of this magnitude and visibility, and making it the success it was, meant adopting appropriate security measures. Because of its importance and broad international participation, the event was a particularly sensitive target during all of the six months it lasted, potentially at risk of protests and boycotts. First off, it was very important to put in place all the tools and processes that could be used to physically protect persons and property. From this perspective, the Cisco multiservice IP network played a crucial role. “We provided the organizers with an infrastructure capable of enabling all the security systems © 2016 Cisco Systems, Inc. All rights reserved. 1 dedicated to the safety of the visitors, operators and pavilions,” confirmed Mirko Berlier, Cisco Systems Engineer & Expo 2015 Architect. “The systems of video surveillance, access control for the Expo area and even the sensors for fire and intrusion detection were all connected to the IP network”. All the information and data collected and correlated in real time was shared with the Command and Control Center, whose team played a decisive role by taking charge of all the systems designed to protect people and property. Cisco designed a network for Expo Milan 2015 that prioritized security with the high levels of protection characteristic of nextgeneration infrastructure Solution The Cisco approach to advanced protection from security threats, across the network and in all phases of an attack in a context of the Internet of Everything. Tightly integrated with the physical security systems, IT security played a leading role at Expo 2015, the first in history to be entirely supported by systems and solutions based on an IP network. All the Expo Smart City services, the heart of the event, in other words, were enabled by digital applications and platforms. “A successful attack could have totally jeopardized Expo,” noted Berlier, “by preventing the turnstiles from opening, for example, or jamming the physical security systems, or blocking the attractions in the pavilions, with serious damage to the event and the reputation of the organizers.” So Cisco designed a network infrastructure that consistently prioritized security, to ensure a level of protection that corresponded to next generation criteria. “The events detected by physical security devices like the video surveillance cameras and the sensors were matched with the protections against attacks and malware,” said Guido Arnone, Director of Technical and Digital Innovation for Expo 2015. “Applying Cisco’s Internet of Everything approach to safeguarding persons and property was a winning move, because the correlation of data and processes enabled the Control Center to make and implement the most appropriate choices.” Results More than half a million intrusion attempts and over 10,000 attempts to take control of applications and devices were blocked by Cisco security, pervasive right across the network. Traditional security policy functionalities were guaranteed by the highperformance Cisco ASA (Adaptive Security Appliance) firewall which served the security needs of the central data centers and the pavilions. “Thanks to this architecture, we were able to control all traffic to and from the public network and the cloud,” said Berlier. © 2016 Cisco Systems, Inc. All rights reserved. 2 To complement these functionalities and implement a next-generation security approach adequate to the needs of a complex infrastructure like the one fielded at Expo, the organization was provided with tools that could detect any abnormal network behavior or intrusion attempts in real time for all application traffic. “ A Cisco Sourcefire architecture with all its dedicated systems, like Advanced Malware Protection, Intrusion Prevention, Application Visibility & Control and URL Filtering, was implemented across the entire Expo network,” explained Berlier. “These tools can analyze up to 40Gbps of traffic.” Upstream, the integration of the Cisco Identity Service Engine enabled secure access management of the entire wired and wireless network for visitors and all personnel employed during the event. “The Cisco Identity Service Engine prevented any unauthorized access to the network while providing highly flexible operational access management, thanks to centralized policy management and automated network management and configuration procedures,” said Berlier. The results achieved at Expo Milan 2015 confirm that a security strategy based on Cisco solutions is a winning move. “During the six months the event lasted, the system enabled us to detect and block over half a million intrusion attempts from all over the world”, concluded Berlier, “not to mention the 10,000+ attempts to take control of applications and systems that were prevented by the security embedded across the IP network.” All to ensure that the organizers could operate in absolute tranquility, thereby contributing to the huge success of the event and the security of people, facilities, data and devices. The security fielded at Expo 2015 is a reference approach, not just for the Smart Cities of the near future, but for any public or private organization. Products and services • Cisco ASA Next Gen Firewalls with FirePower (ASA5585 and smaller platforms) • Cisco FirePOWER Appliances 8370 Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel.: 001 408 526-4000 • Cisco FireSIGHT Management Center • Cisco Identity Services Engine for advanced network admission control and flexible management Italian Headquarters Cisco Systems Italy Via Torri Bianche, 8 20871 Vimercate (MB) www.cisco.com/it Toll Free: 800 782648 Fax: 039 6295299 Rome Branch Office Cisco Systems Italy Via del Serafico, 200 00142 Roma Toll Free: 800 782648 Fax: 06 51645001 There are more than 200 Cisco branch offices around the world. Their addresses, telephone and fax numbers are available on the Cisco website: www.cisco.com/go/offices. © 2016 Cisco Systems, Inc. All rights reserved. The Cisco logo is the registered trademark of Cisco Systems, Inc. in the United States and a number of other countries. All the other trademarks or registered marks referred to in this document or on the Cisco Website are the property of their respective companies.
