Case Study

Ensuring hundreds of Italian scientific researchers work securely and with confidence


CNR-IMAA is confidently spearheading environmental and geophysical research with Palo Alto Networks. Machine Learning (ML)-Powered Next-Generation Firewalls (NGFWs) intelligently and proactively detect threats across multiple fronts, safeguarding research and administrative data used by thousands of scientists. Incident response time is now less than 20 minutes, compared to one day using the legacy firewalls.


In brief

Customer

Consiglio Nazionale delle Ricerche (CNR) – Istituto di Metodologie per l’Analisi Ambientale (IMAA)

Industry

Education

Organisation Size

Two research centres, 12 laboratories, and 200 people

Products and Services

Scientific research

Country

Potenza, Italy


Challenge
    Hundreds of researchers and administrative staff of the CNRIMAA, one of the institutes of Italy’s largest public research organisation (CNR), require secure, uninterrupted access to science data. Using the incumbent network security solution, it typically took one day to respond to incidents— exposing CNR-IMAA to risk.
Requirements
  • Prevent credential theft and abuse.
  • Provide dynamic security policies for dynamic virtual workloads.
  • Manage the NGFWs using simple, intuitive, and complete tools.
  • Use automation to integrate security and prevent fast-changing threats.
Solution
    Palo Alto Networks ML-Powered NGFWs in high availability configuration, along with GlobalProtect and Panorama centralised management.
Download PDF Share

CHALLENGE

Researching ‘from the stars to the water’

Consiglio Nazionale delle Ricerche (CNR), or National Research Council, is Italy’s largest government-funded research institution. CNR conducts research all the way ‘from the stars to the water,’ discovering leading-edge scientific insights in biomedicine, the environment, engineering, life sciences, and other disciplines. CNR comprises more than 8,500 people, 63% of whom are research scientists.

CNR operates across a network of more than 100 research institutes and 224 branch laboratories. One of these institutes is Istituto di Metodologie per l’Analisi Ambientale (IMAA), which undertakes research on satellite, airborne, and groundbased earth observation technologies. The aim is to study changes in environmental and geophysical processes.

Technology underpins almost every aspect of CNR-IMAA’s activities—and this, in turn, demands a high-speed, scalable, and flexible network security infrastructure configured as high availability in the CNR-IMAA data centre. CNR-IMAA’s participation in the pan-European ACTRIS research program studying ‘short-lived climate force’ atmospheric conditions, for example, reflects this need for best-in-class network security. CNR-IMAA’s data centre is the focal point for the collection, analysis, access, and provision of ACTRIS aerosol remote sensing data from more than 30 sites across Europe, with insights available through a research portal. Additional data is also directly provided in near-real time as a service to CAMS, the Copernicus Atmospheric Monitoring Service.

‘ACTRIS is just one of the many research services exposed to the internet,’ explains Ermann Ripepi, Head of Infrastructure and Networks, CNR-IMAA. ‘My mission is to protect the data centre infrastructure from external and CNR-IMAA | Case Study 3 internal attack. Our network infrastructure is based on an IP fabric EVPN-VXLAN, and all our services run on a VMware virtualised environment. For this reason, we need to protect both north-south traffic and east-west traffic between different security zones.’

In terms of technology infrastructure, CNR-IMAA maintains more than two petabytes of storage and 2,000 computer cores, interconnected by a high-speed, scalable, low-latency resilient network (2x100 Gbps for each link).


REQUIREMENTS

Combat every type of cyberattack

To counter successful cyberattacks in the data centre, CNR-IMAA established multiple requirements for its new network security platform. These included:

  • Prevent credential theft and abuse.
  • Provide dynamic security policies for dynamic virtual workloads.
  • Manage the NGFWs using simple, intuitive, and complete tools.
  • Use automation to integrate security and prevent fast-changing threats.

quote

More than a decade ago, we deployed our first Palo Alto Networks ML-Powered NGFW. The technology was as innovative then as it is today. At the time, it was the only device capable of analysing Layer 7 traffic and identifying application signatures. Other features that impressed us were the single-pass architecture and IPv6 compatibility.

Ermann Ripepi, Head of Infrastructure and Networks, CNR-IMAA

SOLUTION

Guaranteed high availability

CNR-IMAA now relies on a comprehensive Palo Alto Networks network security solution, comprising two ML-Powered NGFWs in a high availability cluster with a twin 40 Gbps uplink for each device. ‘Our firewalls are configured in active/ passive mode, which guarantees high availability,’ says Ripepi. ‘In the unlikely event of a fault on one of the active devices, or during maintenance, traffic automatically switches to the passive device, ensuring business continuity.’

Owing to Layer 7 and application visibility, Ripepi can also identify and filter through the policies, services, and applications. ‘The ML-Powered NGFW gives us full visibility into traffic, across all users and applications, at all times. This complete insight across the network ensures that all attacks, even those that try to evade detection by masquerading as legitimate traffic, are seen and stopped,’ he says.

CNR-IMAA is using almost the entire suite of Cloud-Delivered Security Services (CDSS) to automatically discover, monitor, and protect sensitive research and other data across the network. They use GlobalProtect™ as a VPN gateway to confidently protect remote access. In addition, AutoFocus™ is used as a cloud-based threat intelligence service, and they integrate the AutoFocus External Dynamic List with the firewall policies.

The network security platform is centrally managed by Palo Alto Networks Panorama™. Ripepi adds, ‘Using Panorama, we have a single point of management and orchestration for all the devices. Integration with our other monitoring and alerting systems—like Elastic and Prometheus—also accelerates incident response.’

CNR-IMAA is also sharing critical insights with Unit 42. Data extracted by the AutoFocus threat intelligence system is run through a detailed threat analysis process that includes not only automated systems to correlate incoming data but also expert human analysis to interpret the data.


quote

We use most of the CDSS, but the stand-out one for us is GlobalProtect. We use this as a VPN gateway to confidently protect remote access. Another useful feature is AutoFocus. We use this as a cloud-based threat intelligence service, and we can integrate the AutoFocus External Dynamic List with the firewall policies.

Ermann Ripepi, Head of Infrastructure and Networks, CNR-IMAA

BENEFITS

This powerful, high availability network security solution is transforming the way CNR-IMAA manages research, delivering business value in multiple ways.

Delivers secure, continuous research

CNR-IMAA researchers can confidently work on their complex geophysical and environmental research, safe in the knowledge that the data and processes they rely on are safe from known and unknown threats. Intelligent and proactive features like inline ML, zero-delay signatures, and automated policy recommendations detect threats across multiple fronts.

Ensures agile and efficient incident response

Seamless integration between the ML-Powered NGFWs and CNR-IMAA’s own monitoring systems shrinks the time to respond to incidents. The incident response time is now less than 20 minutes, compared to one day using the previous legacy firewalls.

Ripepi comments, ‘With the Palo Alto NGFWs, we benefit from a high throughput network with short latency. We have fewer alerts generated from false positives, and this reduces the human resources needed to monitor the network.’


Moves CNR-IMAA closer to a Zero Trust strategy

By standardising on the connected Palo Alto Networks platform in the data centre, CNR-IMAA is moving closer to a Zero Trust strategy. In time, the research institution will be protected against ransomware and cybersecurity threats by assigning the least required access needed to perform specific tasks. ‘This is the only real way to protect data from external and internal attacks,’ says Ripepi.

Powers a response-ready organisation

The indicators of compromise (IoCs) shared with Unit 42 help identify patterns, formulate hypotheses, and evaluate them against Unit 42’s entire data set. The team can put threats into context and help CNR-IMAA and like-minded organisations determine how to best defend against future attacks.

Read this case study to learn how KHIPU Networks uses Cortex XDR, Cortex XSOAR, Strata Logging Service (formerly known as Cortex Data Lake), and ML-Powered Next-Generation Firewalls to provide Extended Managed Detection and Response.