CASE STUDY Fitas Flax Brazil, a well-known manufacturer of adhesives tapes and packing materials, migrated its firewall security from Microsoft TMG to Sophos UTM for more comprehensive protection, better management and control, and greater flexibility for remote users. Customer-at-a-Glance Fitas Flax Indústria e Comércio Ltda. Brazil Industry Manufacturing Sophos Solutions Sophos UTM Software Appliance for 250 users with FullGuard (Rio de Janeiro Factory) Sophos UTM Software Appliance for 25 users with FullGuard (Manaus Factory) Sophos Access Points AP50 (3) and AP10 (5) distributed company-wide Sophos Remote Ethernet Device (RED50) remote office in Rio de Janeiro Sophos Remote Ethernet Device (RED10) remote workers at fixed locations Sophos Endpoint Protection for 100 users Sophos Mobile Control for 30 users
Founded in 1992, Fitas Flax is a leading Brazilian manufacturer of adhesive tapes and other packing materials. The company is based in Rio de Janeiro with a separate manufacturing site in Manaus, Brazil in addition to another smaller remote office in Rio de Janeiro. Sophos UTM makes it easy for our employees to use network services anywhere and at any time over a variety of links. Users benefit from greater productivity and an uncomplicated process. WILLIAM REDIG IT Manager Fitas Flax Brazil Business Challenge Previously, Fitas Flax relied on Microsoft Forefront Threat Management Gateway (TMG) to provide firewall security for 100 end users in Rio de Janeiro and another 25 in Manaus. Fitas Flax needed the ability to control multiple internet uplinks and report on user activity, all on a very tight budget. With the announcement that Microsoft would no longer support TMG, Fitas Flax sought a replacement that could be more than a secure firewall. In addition to firewall security, we also needed better controls on Internet usage and improved protection for our network and users, explains William Redig, IT manager. It was important that we had a firewall solution that could easily manage multiple internet uplinks, and that could efficiently interconnect all our locations. With a reduced budget for security and a scaled-down IT staff, the company required a unified firewall solution that could be easily managed. Fitas Flax also wanted to avoid the high cost of Internet links for interconnecting the two factories. Our limited resources do not allow for the use of multiple point products, each with their own training requirements, or a solution that would require an on-site security expert. A solution that could be realistically utilized by our current resources would generate the most productivity we have 2 IT guys supporting around 150 endpoints in 3 physical locations and approximately 30 smartphones or tablets, and 10 notebooks connecting directly to our network and services. Consequently, a security solution that could utilize our existing resources would allow our organization to take a proactive approach to security, Redig remarks.
Technology Solutions To address these challenges, Fitas Flax chose the software version of Sophos Unified Threat Management (UTM) with FullGuard, which includes the complete set of security subscriptions consisting of Network, Web, Email, Web Server, VPN, and Wireless. Through the centralized UTM interface, the company is able to manage two other key components of the firewall solution: Sophos Wireless Protection uses UTM as a wireless controller to centralize security and manage users of the company s three Wi-Fi networks. In addition, Sophos Remote Ethernet Device (RED) provides secure access from the company s remote locations to the LAN over a reliable VPN link and using standard ADSL uplinks. The main reasons for selecting Sophos were the RED devices, the easy-to-establish VPN, the intuitive dashboard, and the ability to use and manage multiple internet links. Being able to test everything using existing hardware was also a huge benefit because Fitas Flax did not have to spend any money to test the solution. With Sophos security, we found it much easier to get the job done! declares Redig. With Sophos UTM, Fitas Flax was able to create a set of network objects and user profiles based on the firewall rules and policies in place from its previous TMG deployment therefore reducing typo errors, while speeding deployment and eliminating re-work. Deploying Sophos UTM was extremely simple, and we didn t have to change the way we managed our firewall security, Redig notes. Since we did not have to manually re-create groups, add users, or maintain another subset of configuration objects, we were able to migrate our firewall almost immediately to UTM. Following the migration, the flexibility afforded by Sophos multiple configuration options enabled us to tweak and fine-tune the UTM to provide the optimal protection for our users and network assets. Available reports and online monitoring make it easy to discover configuration errors, look for inadequate user activities, and observe the internet use practically in real time, being an enormous aid. Business Result Flexible and Secure Remote Access Like many companies with distributed operations, Fitas Flax has approximately 30 smartphones or tablets and 10 notebooks and about 10 users needing access to the corporate network via their laptops or mobile devices from remote locations. The Sophos UTM solutions have provided the ideal security platform for the company to improve connectivity between the manufacturing plants and remote office, and to control remote access via Wi-Fi or VPN. Sophos UTM makes it easy for our employees to use network services anywhere and at any time over a variety of links. Our employees even have the ability to access our telephone system over VPN using VoIP clients on their smartphones, Redig adds. Users benefit from greater productivity and an uncomplicated process. As an organization we re able to protect the network by ensuring that employee access is controlled by set policies and established user profiles. We were able to accomplish all these enhancements to our network using our very small IT Staff and, on a daily basis, there is less work to do, while accomplishing far more.
Business Result Centralized Management and Control Sophos UTM provides a central dashboard for Fitas Flax to control remote users access to email and other internal applications using reverse proxy. Through Sophos UTM s HTML5 VPN Portal, we re able to configure everything the remote users need and that can be triggered from a single location the User Portal. Access to remote desktops, corporate web-mail, security cameras, and terminal servers are all there, available via a single mouse click and from a single location, Redig explains. And with Sophos Wireless Protection, we have total control over how the network s being accessed via Wi-Fi and by whom. With Sophos centralized security management, the Fitas Flax IT team is able to configure and troubleshoot each remote site from headquarters with minimal involvement from satellite employees. We definitely require some flexibility. We may need a remote employee to unplug and then re-plug a power adapter or to read display lights. Everything else can be configured by the IT staff from anywhere, using the UTM s single Web-based admin interface. With Sophos this is easy. With other solutions we previously used, we frequently had to ask non-technical users to log on to routers, execute commands, and perform other procedures that were always extremely time-consuming and complicated for the average user. Sophos provides us comprehensive security with simplified deployment and management without placing any burden on our users, states Redig. Redig discloses that Sophos UTM s reporting and online monitoring capabilities have greatly increased the information available to the IT team and Fitas Flax management. The system automatically routes regular usage reports to department managers, removing the burden of controlling and managing user behavior from the IT group. The multipath rules in Sophos UTM make bandwidth management effortless. By creating browsing groups linked to MS Active Directory, Fitas Flax is able to determine which Internet link will be used by a group of users or computers, and for what services. If an Internet link is slow or not working properly, we simply have to select another WAN link and assign it to the rule, Redig asserts. We can also view, in real time, all traffic going through the firewall to determine which services are using the most bandwidth. Viewing traffic in real time is definitely valuable to us. Business Result Comprehensive Security and Scalable Firewall Protection For Fitas Flax, Sophos UTM has proven to be an ideal replacement product for Microsoft TMG. In fact, the capabilities of Sophos UTM go far beyond the previous solution that Fitas Flax had in place. The ability to support multiple WAN interfaces and to control and protect our users Web usage were our primary goals. With Sophos UTM s Web-based management interface, we are now able to fully cover the security needs of our growing infrastructure in both size and complexity, Redig concludes. Additionally, Sophos is continually adding features to UTM and improving the UTM solution with each new release. There is no doubt that Sophos is helping us keep up to date with current threats. Most importantly, we re able to access these new versions at no additional charge through a simple software upgrade, which is completely different from Microsoft. Furthermore, Fitas Flax runs Sophos security on the company s endpoints and mobile devices. With Sophos, Fitas Flax sees the value of comprehensive security that can scale to the company s business requirements. With remote users and information becoming increasingly more mobile, security that fits the company s needs are key. Considering our satisfaction with Sophos UTM, we decided to use additional Sophos
With Sophos UTM s Web-based management interface, we are now able to fully cover the security needs of our growing infrastructure. WILLIAM REDIG IT Manager Fitas Flax Brazil solutions with Endpoint Protection and Mobile Control. Once we deploy version 9.2 of Sophos UTM, we will be able to control web security on smartphones and endpoints using the same Web-based admin console, keeping users protected everywhere, and with every device, conveys Redig. The ease of management with increased functionality only enforces the fact that Fitas Flax and Sophos are a natural fit. In summary, Fitas Flax knows Sophos is the ideal solution for the needs of the organization. To outline all the effects, Redig states, With Sophos UTM, we can now say that our network traffic and connectivity is completely under control. Our employees can use the Internet safely and workstation deployments are more sustainable because they are completely protected from Web- or email-transmitted threats. Sophos UTM has had a significant and positive impact on our organization. See how we can protect your organization with a free 30-day trial. Visit www.sophos.com/free-trials United Kingdom and Worldwide Sales Tel: +44 (0)8447 671131 Email: sales@sophos.com North American Sales Toll Free: 1-866-866-2802 Email: nasales@sophos.com Australia and New Zealand Sales Tel: +61 2 9409 9100 Email: sales@sophos.com.au Asia Sales Tel: +65 62244168 Email: salesasia@sophos.com Oxford, UK Boston, USA Copyright 2014. Sophos Ltd. All rights reserved. All trademarks are the property of their respective owners. 14.04.RP.cs.simple