Eczacibasi has partnered with Palo Alto Networks to create modern, agile manufacturing operations in 12 countries. A complete, unified cybersecurity strategy is helping this Turkish industrial group deliver an effective, coordinated defence against sophisticated attacks. Segmentation, for example, secures operational technology (OT) digital connections, minimising the attack surface to help protect Eczacibasi’s critical infrastructure. Complete cloud-delivered security enables more than 1,000 people across six countries – figures that are set to rise – to work remotely with confidence.
One of Turkey’s leading industrial groups
The Turkish word Eczacibasi translates as ‘chief pharmacist’– a title given to the group’s founder 80 years ago, in recognition of his efforts to improve health in his community. Today, Eczacibasi is one of Turkey’s leading industrial groups – comprising 46 companies, more than 12,000 employees, and US$1.08 billion in revenue (2021).
Core sectors range from construction, consumer goods, and healthcare, to technology, natural resources, and property development – all of which need protection from a wide range of advanced security threats.
One of Eczacibasi’s initial challenges was to ensure mobile users could connect safely to their internet, cloud, and data centre applications. For example, until recently, users in more than a dozen Eczacibasi sites were connected by POP location services to a data centre in Germany – a complex, inflexible, and risky process. “Users had access to the Web with limited controls. It was not so easy to tell who was accessing which site in detail,” says Omer Erdem, Cybersecurity Manager, Eczacibasi.
Eczacibasi is deploying digital technology at pace across its 12 European factories, and having found its operational technology (OT) to be in cyberattackers’ cross hairs more and more frequently, had to quickly secure the OT controlling industrial assets, processes, and events.
The challenges didn’t end there. The firewall platform used for web access at the Istanbul headquarters and remote offices was nearing end of support/life. “Old-fashioned network security solutions have limited application controls,” says Erdem. “It was not a next-generation firewall platform, so we had deployed another IPS solution to complete the picture. Although these two different solutions complemented each other, both brought some security and operational risks.”
So why choose Palo Alto Networks? Erdem explains: “Palo Alto Networks outperformed all the shortlisted vendors in almost many respects. It was better in terms of security features and functions. Top in terms of traffic throughput and operations. And of course, great references in so many analyst reports.”
"The OT environment was not properly segmented and did not have OT-aware security solutions, which created new attack vectors for cybercriminals to exploit critical production lines. Conventional security solutions and other prevention techniques we previously used were no longer adequate to combat OT cyberthreats."
–Omer Erdem
Cybersecurity Manager, Eczacibasi
A collaborative partner for the long term
Eczacibasi established that its enterprise-wide security modernisation program must:
- Provide secure access for every user and office location in Turkey.
- Implement modern, centralised security controls for every user, regardless of location.
- Secure and segment production line OT environments.
- Contain OT attacks with granular network segmentation and access controls.
Visibility, trusted intelligence, and automation
Eczacibasi has deployed the connected Palo Alto Networks portfolio across clouds and networks to enable secure digital transformation. Visibility, trusted intelligence, and automation help this complex manufacturing organisation advance securely.
- Network security for a hybrid workforce: The initial implementation was a cloud-delivered security platform. Prisma Access Cloud Secure Web Gateway provides Eczacibasi employees with remote access to all privileged web- and non-web-based applications and data, while reducing the risk of data breaches and providing an exceptional end-user experience. Prisma Access protects the hybrid workforce with the superior security of ZTNA 2.0 while providing exceptional user experiences from a unified, cloud-native security product. In addition, Panorama network security management centralises policy management across all Palo Alto Networks Next-Generation Firewalls (NGFW) and Prisma Access. Panorama saves time and reduces complexity by managing network security through a single pane of glass.
“Prisma Access transforms the security of our web accesses,” says Erdem. “More than 1,000 people in six countries are benefiting from consistent, easier cloud-delivered security. Also, for operations, we use Panorama network security management to centralise policy management, saving time and reducing complexity.” - OT security: Eczacibasi factories in Turkey are now live on a Palo Alto Networks ML-Powered NGFW network security platform. A firewall in each factory analyses all traffic within a VLAN, significantly reducing the ability of malware to move laterally across the network. This microsegmentation provides the OT network with the level of security that it needs, without impacting network performance. It also gives them visibility and control of every application and function of the OT controls – unlike traditional port-based firewalls. Being able to restrict a particular application to ‘read only’ gives unprecedented control in OT environments.
“OT traffic is different to the usual traffic you see on the standard network, but using the application-aware NGFW, we can identify and easily segment the network based on OT application protocols,” says Erdem. - Internal operational security: Eczacibasi also uses the Palo Alto Networks ML-Powered NGFW with CloudDelivered Security Services (CDSS) to underpin web security at headquarters and subsidiaries. More than 5,000 users rely on the network security platform to provide broad threat coverage at the internet edge.
“There are two standout features on our firewall deployment,” says Erdem. “First, Threat Prevention – which stops known threats, like exploits, malware, and command and control (C2). Second, The Application Command Control (ACC) with App-ID gives our team a complete view of all applications and services accessing the internet, regardless of the port or protocol.”
"Prisma Access transforms the security of our web accesses. More than 1,000 people in six countries are benefiting from consistent, easier cloud-delivered security. Also, for operations, we use Panorama network security management to centralise policy management, saving time and reducing complexity."
–Omer Erdem
Cybersecurity Manager, Eczacibasi
Secure digital business growth
Eczacibasi benefits in many ways from this forward-thinking security strategy, which:
- Drives digital business growth: This cybersecurity transformation is improving Eczacibasi’s operational resilience. This in turn helps the organisation connect and share data more easily, accelerating trusted decision-making. Employees can work from anywhere, boosting productivity – and continuous visibility, control and protection of every OT asset supports reliable, uninterrupted manufacturing processes.
- Accelerates innovation: Intelligent automated cybersecurity helps Eczacibasi innovate faster, despite an expanding attack surface and increased network complexity. Employees can collaborate and share ideas remotely all across Turkey and elsewhere, free from threats.
- Safely enables daily business operations: Features such as natively integrated CDSS, intelligent OT network security automation, and secure access at the service edge safely enable applications and prevent cyber breaches for thousands of staff.
- Reduces cost: By replacing a disconnected group of legacy security systems with the Palo Alto Networks portfolio, Eczacibasi is driving down cost. For example, Prisma Access unifies previously separate firewall and IPS controls in the data centre, and Panorama streamlines security management, liberating resources to focus on value-add tasks. Having a common management console with Panorama to manage hardware firewalls as well as Prisma Access allows even more simplicity.
"Palo Alto Networks is among Eczacibasi’s most trusted partners. Their innovation, complete security portfolio, and future roadmap are helping our manufacturing group to grow in the face of an ever-changing threat landscape."
–Omer Erdem
Cybersecurity Manager, Eczacibasi
For more customers stories visit our website.