World-renowned British folding bicycle maker Brompton has completely re-built its security around new equipment from Watchguard after a pen-testing firm uncovered glaring security weaknesses in its legacy network.
For bicycle lovers, of course, London-based Brompton in synonymous with one of the world's finest bicycles designs, known simply by the company's name. Suddenly with a lot of imitators after 40 years in operation, for the purist the pioneering British Brompton is still best of the lot.
Rolled out to the press by Watchguard as a shining example of an old-fashioned firm willing to embrace a completely new approach, what Brompton has undergone in the last year less a case of buying new equipment as almost starting against from scratch.
It’s extremely unusual for any firm to admit to such a reset but by 2013 the firm’s low-end router and switch infrastructure (from a vendor we agreed not to name) was starting to buckle under the weight of bandwidth, management and latterly security issues.
Although there was no specific security incident that spurred change, the pen-testing firm had no problems in penetrating to the core of Brompton’s network at will from unguarded ports within its perimeter, now seen as a major risk. Chastened, newly-appointed network admin and analyst Jamie Stables put the suggestions of his small team to the board and a budget was quickly agreed to upgrade almost everything.
Brompton’s small but potentially complex network supporting 250 users is multi-site, taking in a factory floor, a branded franchise shop in Covent Garden and a US operation, all connected via an MPLS-based WAN and VPN. It has to handle a mixture of applications including CAD/CAM, office software and files of varying sizes up to very large ones streaming from NAS boxes.
Complicating matters, the company is in the process of moving its entire operation to a new and much larger site of up to 100,000 square feet, which also offered a perfect opportunity for the overhaul.
According to Stables, the upgrade had to boost performance, manageability and most important of all, protect the company’s sensitive intellectual property covering its designs and manufacturing processes – the latter being assets attackers would aim to get their hands on.
“My main worry was out intellectual property – our competitors want to get into this market [folding bicycles],” said Stables.
This was going to mean proper VLAN segmentation, encryption, a guest network and a robust wireless network able to withstand the radio interference likely on a factory.
By early 2015, Brompton had replaced its old equipment with a Watchguard XTM 5 Series, a mid-sized UTM firewall capable on between 2Gbps and 5Gbps throughput on copper, supporting from 65 to 600 branch office VPN sessions.
The firm was now looking at supplementing this with Watchguard 3 Series wireless as well as branch-office appliances, said Stables. Why Watchguard? According to Stables it was a mixture of price-performance, support and training. The latter has been a challenge for a company that has to take internal as well as external security seriously.
Meanwhille, Watchguard this week announced the WatchGuard’s new Firebox M200 and M300 which it claims bring big firewall performance within the reach of smaller organisations. Performance has always been a sales issue for firewall makers but it is needed now more than ever, claims Watchguard, to support the layering of complex security to defeat targeted attacks.