Reduce the attack surface, complexity, and cost
- Modernise the infrastructure: Following its demerger from CNH in 2022, Iveco Group sought to modernise its MPLS-based network security architecture to reduce attack surface, complexity, and cost.
- Increase security: Reliance on complex proxy/VPN infrastructure across four global internet egress points had resulted in reduced security visibility, controls, and coverage.
- Scale a simplified user experience: The move to hybrid working among 16,000 users had created a huge demand for fast, easy internet break-out services.
- Reduce cost: Existing on-premises network security infrastructure and VPN/proxy devices were expensive to source, deploy, and manage.
“Our vast proxy and VPN infrastructure lacked the security visibility, scalability, and performance to drive vehicle manufacturing growth. Direct-to-app connectivity was the way forward.”
Mimmo Lo Tesoriere
Cyberprotection Technologies Manager,
Iveco Group
Simplicity - and a superb user experience
Despite being a satisfied customer of Palo Alto Networks Next-Generation Firewalls (NGFWs) powered by Precision AI®, Iveco Group undertook a rigorous vendor evaluation before choosing Prisma Access. “The SASE integration with the firewalls was a big plus point for us, together with the simplicity of the platform and the superb user experience. Prisma Access also consolidates ZTNA 2.0 and other capabilities into a single, cloud-native global services edge. It’s a game-changer for Iveco Group,” says Mimmo Lo Tesoriere, Cyberprotection Technologies Manager, Iveco Group.
Delivers a robust security framework
Palo Alto Networks Prisma Access is the Security Service Edge (SSE) component of Prisma SASE. It provides a secure internet gateway for Iveco Group’s application traffic spanning 19 manufacturing sites, 30 R&D centres and commercial offices, collectively comprising 36,000 users (16,000 of which are mobile). It also protects third-party providers that have access to the network, such as maintenance support technicians.
Unlike the previous proxy/VPN set-up, the AI-powered Prisma Access SASE solution gives Iveco Group complete coverage, protection, and visibility. It also connects seamlessly with Iveco Group’s SD-WAN project.
Simplified and cost-effective security
Previously, Iveco Group had devoted significant time, investment, and resources to synchronising the proxies and VPNs across the four different infrastructures. With only basic antivirus controls as guides, breaches were a consistent concern.
By contrast, Prisma Access provides a single, unified configuration across the entire infrastructure, resulting in highly resilient security. Strata Cloud Manager handles Iveco Group’s entire network security infrastructure – including NGFWs and the SASE environment – from one cloud management interface, providing consistent best-in-class protection everywhere while simplifying the security stack.
Increases operational efficiency
In the past, Mimmo and his team were regularly asked to physically add proxies and VPNs to support new users and locations. By switching to the cloud-native Prisma Access architecture, the team were able to deploy Prisma Access to 36,000 users worldwide - in just four months.
Moreover, by consolidating security on a single platform, Iveco Group requires fewer resources to manage its infrastructure.
Drives innovation
Iveco Group recently deployed Prisma Access to help securely transfer in-vehicle telemetry data from ISPs, including engine maintenance schedules and infotainment. Data from the devices is used to monitor vehicle reliability, perform predictive maintenance, and optimise the Iveco Group customer experience.
On the road to further success
Looking ahead, Iveco Group plans to evaluate and possibly adopt additional natively integrated Prisma Access functionality, including CASB, DLP, and Prisma Access Browser to prevent data leakage and manage unsanctioned browsers. The organisation has also deployed Prisma Cloud, for security posture management and workload protection.
share this story
