Proactively detect and respond to cyberattacks on servers and workstations across geographically distributed business facilities.
Palo Alto Networks Security Operating Platform with Traps for endpoint protection and response as well as GlobalProtect network security for endpoints.
Bringing fresh produce to retailers, wholesalers, and food service providers around the world is no small feat. The operative word here is “fresh.” It takes global reach with a local touch to put ripe, healthy fruits and vegetables in a consumer’s market basket. Total Produce—one of the world’s largest and most accomplished fresh produce producers—understands this as well as any company in the business.
Based in Dublin, Ireland, Total Produce has operations in 39 countries and reaches many more with its wide range of produce from the commonplace to the truly exotic. More than 260 facilities, including farms, processing plants, cold storage warehousing, and pack houses, all must work in concert to keep the harvest fresh and tasty on its journey from field to table.
Naturally, as in any modern business, information technology plays a central role in enabling Total Produce to achieve operational excellence and deliver its customers the product quality and service they expect. Also, this being the digital age, the company is susceptible to cyberattacks. Such attacks can come from anywhere and may take many forms, but the principal target is almost always endpoints—any one of the thousands of desktops and servers connecting the company’s horticultural experts, procurement specialists, sales professionals, operations personnel, and others to the applications and data that keep the business running.
For years, Total Produce relied on traditional antivirus software to protect its endpoints. However, as cyberthreats became more stealthy and sophisticated, the signature-based product was no longer effective, which put the company’s endpoints at risk.
A representative from Total Produce explains, “Our previous antivirus solution just wasn’t up to the task anymore. It was a lot of work to keep the software up to date, very messy from an administrative point of view, and it slowed down our machines. When it came up for renewal, we started looking for a more advanced solution.”
It turned out British Telecom was hosting a local security day, which featured a demonstration of Palo Alto Networks Traps™ service for endpoint protection and response. It caught plenty of attention at Total Produce. “The proactive, intelligence- based approach that Palo Alto Networks takes to endpoint protection really steered us toward Traps. WildFire integration was an important part of that—the way WildFire looks for an executable that could be suspicious and checks it before allowing anything through. That gives us protection against even unknown threats. I had to ask, why aren’t all antivirus companies doing it this way? It just makes sense.”
Total Produce has since deployed Traps on more than 1,400 endpoints across Total Produce, from the UK to the US, including physical and virtual servers as well as end-user workstations. As a result, the company has seen a dramatic drop in the number of infected systems.
“Palo Alto Networks Traps is worth its weight in gold. When we were using traditional antivirus software, there was always something that got in through email. But once we deployed the ESM [Endpoint Security Manager] server and Traps agents, we could immediately see everything the old solution was missing— Word macros, ransomware, crypto-viruses, and other threats like that. None of them were getting through with Traps.
“Our timing was good. It was around the time of the WannaCry outbreak when we first installed Traps, and we saw it stop the ransomware attack. Things could have been very bad for us otherwise. Knowing that Traps is there and seeing it proactively prevent threats from getting through—that’s huge peace of mind for Total Produce.”
Total Produce has since moved to the cloud-based Traps management service, which further simplifies deployment and ongoing administration of endpoint protection and response for the company. “Now, all we do is install the Traps agent when deploying a new server or workstation and it’s protected. It’s as simple as that. There’s no mollycoddling or looking after it like our old solution. We don’t have to worry about Traps. It just works, which is how it should be.”
In the past, an antivirus scan would drag system performance to a crawl, but those performance issues disappeared after adopting Traps thanks to its small footprint on the endpoints.
In addition to Traps, Total Produce relies on GlobalProtect™ network security for endpoints to secure devices used by remote users. Running on a Palo Alto Networks VM-300 virtualized next-generation firewall hosted by Total Produce’s private cloud provider, GlobalProtect ensures that every time remote users attempt to log on to the network, they’re subject to the same security policies as those working on-site. To further enforce compliance, Total Produce takes advantage of host information profiles (HIPs) to verify that any device connecting remotely to the network meets the company’s security standards as defined in the profile. If not, the device won’t be granted access even if it is running the GlobalProtect app.
“GlobalProtect is now the standard for all our remote users. It’s great knowing they have the same high level of protection whether they’re working from a coffee shop or sitting in the office.