Through its three business areas Kalmar, Hiab and MacGregor, Cargotec develops and delivers solutions that help cargo flow smoothly by road, on sea, and through ports. With annual revenues of around €3.3 billion, Cargotec employs more than 11,000 people in 138 countries worldwide.
More than ever, businesses and consumers expect real-time information on the status and location of their assets. To meet the new demands, Cargotec is making significant investment in data-driven services, including real-time condition monitoring via internet-of-things (IoT) sensors.
Kevin Williams, Technical Lead Cyber Security at Cargotec, explains: “The long-term goal is to strengthen our leading position in the logistics space. To get there, we aim to offer greater visibility and choice to our clients. Technology innovations will play an important role in our customer-centric transformation. For example, the company has set out a cloud-first strategy and begun migrating services to public cloud."
Why they chose Qualys CloudView:
While its move to cloud is gaining pace, a significant number of Cargotec’s ITassets are hosted on-premises in data centers worldwide. The asset base includes approximately 11,000 workstations and around 1,600 servers, distributed across dozens of countries.
“As we move to cloud, we’re gradually migrating and decommissioning legacy IT systems,” continues Kevin Williams. “From an information security perspective, one of the challenges we faced was limited visibility of our on-premises assets. Although we were using some open-source pentesting tools, they weren’t designed for enterprise information security use cases—making it difficult to perform comprehensive vulnerability assessments.”
He adds: “Because we didn’t have good enough visibility on where the severe vulnerabilities in our environment were, we didn’t know where to concentrate our remediation efforts to deliver the biggest improvement in our overall security posture. To protect the business on its digital transformation journey, we were keen to find a more structured and effective approach to vulnerability management.”
“Thanks to Qualys, we can identify vulnerabilities with pinpoint precision, which helps us to take prompt action to protect the business better.”
Technical Lead Cyber Security, Cargotec
After considering offerings from leading solution providers, Cargotec chose Qualys VMDR® with integrated apps for asset identification and management, vulnerability management, threat detection and prioritization and response. As part of the Enterprise TruRisk Platform, the solution enables organizations to automatically discover all assets in their environments, and perform thorough scans for potential cyber threats.
Kevin Williams comments: “We had two main requirements. First, we targeted a solution that would enable us to start with small use cases and scale out in complexity and volume as our internal capabilities matured. Second, we wanted an experienced partner that could show us industry best practices and help us get up and running quickly."
“From the outset, we were impressed with the attitude of the Qualys team—they took the time to listen to our requirements, understood exactly what we were trying to achieve, and suggested effective ways to reach our goals. We also see the modularity of the Qualys offering as a big benefit. With the Enterprise TruRisk Platform, we can start with Qualys VMDR for vulnerability management and add new capabilities as we go: from automated patching to cloud security assessments and more.”
After working with Qualys on a proof of concept for VMDR, Cargotec decided to deploy the solution into production across the global business.
Today, the company uses VMDR to scan 11,000 workstations and around 1,000 of its on-premises servers. Using a combination of scanning appliances and Qualys Cloud Agents, the company gains accurate information on the security status of its assets every four hours.
“Qualys VMDR revealed a significant number of potential security threats,” comments Kevin Williams. "Based on these findings we can now prioritize the remediation work and close the gaps in our security.”
Using Qualys VMDR, Cargotec has created dashboards to surface security insights across a number of key areas: including end-of-life applications, clients and servers, and severity five, four, and three vulnerabilities.
"For the first time, we now have actionable intelligence on where the biggest risks are in our environment, which means we can put together a targeted plan to deal with them,” explains Kevin Williams. “Because the information is near-real time, we can get an immediate overview of our security posture at any given moment.”
Kevin Williams adds: “The good thing in Qualys Cloud Agents is that they cause no impact on the network or the host. During the COVID-19 pandemic, we switched many of our office-based teams to home working. Qualys Cloud Agents proved absolutely invaluable—they helped us ensure all employee laptops remained fully patched and up to date, even though they were outside the corporate network.”
Cargotec engages a third-party provider to provide dedicated IT support, including the application of patches.
“In the past, we didn’t have good enough benchmarks to measure the performance of our IT support team,” comments Kevin Williams. “With Qualys VMDR [Vulnerability Management, Detection and Response], we can validate that our provider has deployed patches correctly. The solution also enables us to have more productive conversations with our provider—for example, to identify systems that cannot be patched successfully, determine the reasons, and find a solution to protect the business.”
Kevin Williams elaborates: “the last four months, we’ve made huge strides in our vulnerability management program. We have reduced the number of active vulnerabilities significantly, and cut the average number of issues detected per asset from 100 down to just 35.”
Based on the positive experience, Cargotec is planning further improvements and exploring how to further develop its security capabilities.