Case Study
In brief
Consiglio Nazionale delle Ricerche (CNR) – Istituto di Metodologie per l’Analisi Ambientale (IMAA)
Education
Two research centres, 12 laboratories, and 200 people
Scientific research
Potenza, Italy
CHALLENGE
Consiglio Nazionale delle Ricerche (CNR), or National Research Council, is Italy’s largest government-funded research institution. CNR conducts research all the way ‘from the stars to the water,’ discovering leading-edge scientific insights in biomedicine, the environment, engineering, life sciences, and other disciplines. CNR comprises more than 8,500 people, 63% of whom are research scientists.
CNR operates across a network of more than 100 research institutes and 224 branch laboratories. One of these institutes is Istituto di Metodologie per l’Analisi Ambientale (IMAA), which undertakes research on satellite, airborne, and groundbased earth observation technologies. The aim is to study changes in environmental and geophysical processes.
Technology underpins almost every aspect of CNR-IMAA’s activities—and this, in turn, demands a high-speed, scalable, and flexible network security infrastructure configured as high availability in the CNR-IMAA data centre. CNR-IMAA’s participation in the pan-European ACTRIS research program studying ‘short-lived climate force’ atmospheric conditions, for example, reflects this need for best-in-class network security. CNR-IMAA’s data centre is the focal point for the collection, analysis, access, and provision of ACTRIS aerosol remote sensing data from more than 30 sites across Europe, with insights available through a research portal. Additional data is also directly provided in near-real time as a service to CAMS, the Copernicus Atmospheric Monitoring Service.
‘ACTRIS is just one of the many research services exposed to the internet,’ explains Ermann Ripepi, Head of Infrastructure and Networks, CNR-IMAA. ‘My mission is to protect the data centre infrastructure from external and CNR-IMAA | Case Study 3 internal attack. Our network infrastructure is based on an IP fabric EVPN-VXLAN, and all our services run on a VMware virtualised environment. For this reason, we need to protect both north-south traffic and east-west traffic between different security zones.’
In terms of technology infrastructure, CNR-IMAA maintains more than two petabytes of storage and 2,000 computer cores, interconnected by a high-speed, scalable, low-latency resilient network (2x100 Gbps for each link).
REQUIREMENTS
To counter successful cyberattacks in the data centre, CNR-IMAA established multiple requirements for its new network security platform. These included:
SOLUTION
CNR-IMAA now relies on a comprehensive Palo Alto Networks network security solution, comprising two ML-Powered NGFWs in a high availability cluster with a twin 40 Gbps uplink for each device. ‘Our firewalls are configured in active/ passive mode, which guarantees high availability,’ says Ripepi. ‘In the unlikely event of a fault on one of the active devices, or during maintenance, traffic automatically switches to the passive device, ensuring business continuity.’
Owing to Layer 7 and application visibility, Ripepi can also identify and filter through the policies, services, and applications. ‘The ML-Powered NGFW gives us full visibility into traffic, across all users and applications, at all times. This complete insight across the network ensures that all attacks, even those that try to evade detection by masquerading as legitimate traffic, are seen and stopped,’ he says.
CNR-IMAA is using almost the entire suite of Cloud-Delivered Security Services (CDSS) to automatically discover, monitor, and protect sensitive research and other data across the network. They use GlobalProtect™ as a VPN gateway to confidently protect remote access. In addition, AutoFocus™ is used as a cloud-based threat intelligence service, and they integrate the AutoFocus External Dynamic List with the firewall policies.
The network security platform is centrally managed by Palo Alto Networks Panorama™. Ripepi adds, ‘Using Panorama, we have a single point of management and orchestration for all the devices. Integration with our other monitoring and alerting systems—like Elastic and Prometheus—also accelerates incident response.’
CNR-IMAA is also sharing critical insights with Unit 42®. Data extracted by the AutoFocus threat intelligence system is run through a detailed threat analysis process that includes not only automated systems to correlate incoming data but also expert human analysis to interpret the data.
BENEFITS
Seamless integration between the ML-Powered NGFWs and CNR-IMAA’s own monitoring systems shrinks the time to respond to incidents. The incident response time is now less than 20 minutes, compared to one day using the previous legacy firewalls.
Ripepi comments, ‘With the Palo Alto NGFWs, we benefit from a high throughput network with short latency. We have fewer alerts generated from false positives, and this reduces the human resources needed to monitor the network.’