VTG Enhances Protection Against Security Risks

VTG operates the largest privately owned fleet of freight wagons in Europe. These assets — combined with a comprehensive portfolio of leasing, logistical, and digital solutions — make it a powerful player in the transport sector. In its 33 locations in 21 countries, VTG’s hundreds of employees enable the company to transport liquids and sensitive goods for numerous high-profile clients across nearly every sector. To ensure a smooth experience for its impressive customer portfolio, VTG calls on Akamai Guardicore Segmentation to maintain a high level of security across its operations.

With ransomware, malware, and similar attacks on the rise across the logistics industry, VTG is committed to reducing the risks associated with such infiltrations. Besides leveraging central firewalls to separate remote locations from its headquarters, the company’s first step was to deploy host firewalls based on an existing endpoint detection and response solution. Although this proved helpful in some cases, it was hard to manage all the network flows for VTG’s expansive and undersegmented network architecture. 

Without a flexible and easy-to-use view into network flows, the infrastructure team struggled to identify misconfigurations. Moreover, the IT security team found it complicated to define firewall rules for new infrastructure and was forced to comb through firewall logs to understand how each of the company’s more than 600 servers and numerous cloud workloads were communicating.

Understanding the risks associated with its open network, VTG decided to separate critical systems from noncritical ones, while also further segmenting the most important of its machines. Different teams of IT employees segmented the network by hand, allocating servers, Internet of Things, printers, Wi-Fi, and clients in different VLANs. 

“Network segmentation by hand with VLANs was very resource-intensive and time-consuming. Frequent changes to the infrastructure in our remote locations became very difficult to manage across our geographically distributed company,” explains Tobias Tiede, IT Security Architect at VTG.

To overcome these challenges, VTG turned its sights to software-based microsegmentation. Based on recommendations, it evaluated Akamai Guardicore Segmentation and two competitive offerings. After conducting proofs of concept of all three solutions, the company was sold on Akamai’s offering. 

According to Tiede, “Akamai’s leadership position in the Gartner Magic Quadrant is impressive and one of the reasons we chose to approach them.”

In fact, Tiede discovered many differences between Akamai Guardicore Segmentation and competitor solutions. According to him, Akamai’s solution works like a typical firewall rule set, but the competitors’ approach and dashboard were not intuitive. “Because [Akamai Guardicore Segmentation] works like our corporate firewall, we quickly felt comfortable using it,” he explains.  

Moreover, Akamai Guardicore Segmentation provides a view into blocked apps directly on the affected system so server admins can easily determine if the solution is causing an issue. The competitors’ offerings did not allow this. 

As Tiede explains, “Akamai’s microsegmentation product with its easy-to-use deception solution fits perfectly in VTG’s IT security strategy on our way to a Zero Trust environment.”

Tiede also appreciates the numerous integrations supported by Akamai Guardicore Segmentation, such as with Azure Active Directory, VMware, and Tenable. “These are valuable for managing our infrastructure,” he explains.

VTG is rolling out Akamai Guardicore Segmentation in a phased approach. Since starting with a small rollout, they have deployed 2,200 agents. The ultimate goal is deploying across 650 servers, 2,000 clients, VDI infrastructure, and 70 Kubernetes instances.

It takes just three members of the IT security team to manage Akamai Guardicore Segmentation. Using the solution, they create granular security policies, manage integrations with other parts of the IT architecture, and can see aggregated data from agents, servers, and endpoints.

VTG is also setting up the solution so every application owner can see their network flows, a map of their applications, and rules and blocked actions, if they so choose. Akamai Guardicore Segmentation “empowers both our IT security and application owners to better ensure uptime,” says Tiede.

With Akamai Guardicore Segmentation in place, the VTG IT security team can more easily understand, troubleshoot, and communicate about system interactions that are taking place across VTG’s infrastructure. For example, the company runs largely on the Windows OS and many users work remotely. With Akamai Guardicore Segmentation, the security team can now better understand what is happening in these home office environments on the network side. 

And, just as important, application and system owners are now empowered to see what’s blocked by a policy within certain time frames. This enables them to pinpoint the true issue rather than guess whether malware, a firewall, or something else is causing the problem. At the same time, the IT team is freed from helping pinpoint root causes. 

Combined, these impacts have vastly improved the way VTG manages and secures its network. “We look forward to our continued collaboration with Akamai in maintaining a high level of security for our company,” concludes Tiede.

Headquartered in Hamburg, VTG is a global asset and logistics company with a strong focus on rail. Besides leasing out rail freight wagons and tank containers, the Group also provides multimodal logistical services and integrated digital solutions. Its fleet comprises around 88,500 rail freight wagons — mostly tank cars, modular freight wagons, standard freight wagons and sliding-wall wagons — plus about 5,000 tank containers. This highly diversified portfolio gives VTG’s customers an excellent platform for the international transportation of goods. The company also develops individually tailored logistics solutions across all industries. Supported by smart technology, it has accumulated a wealth of expertise across the entire transport chain. The Group has years of experience, especially in transporting liquids and sensitive goods. Its customers include a large number of high-profile companies from virtually every branch of industry. Key examples are the chemical, petroleum, automotive, agriculture and paper industries.