HARTMANN Trusts Infoblox to Stabilize and Secure Networks across Continents
“We saw how other companies had to struggle with downtime due to malware. We definitely wanted to avoid that, which is why we looked into Infoblox’s BloxOne Threat Defense security solution.” — Stefan Staub, Senior Manager for Security & LAN, HARTMANN
HARTMANN has locations in over 35 markets around the world. To ensure
secure and stable IT operations, the company relies on network management
and security from Infoblox.
Summary: An Incremental Journey to Comprehensive DDI Network Management
A global player with subsidiaries and production sites in every region, HARTMANN is a long-established leader in medical device manufacturing. With its sprawling facilities footprint and worldwide workforce, HARTMANN faces the challenge of making its IT infrastructure as uniform and organized as possible. Whether users are in Heidenheim, Germany or Shanghai, China, the user experience for HARTMANN executives and staff should be of identical quality whenever possible. To prevent a proliferation of local differences, HARTMANN decided 15 years ago to harmonize its IT infrastructure, which until that point had been managed locally. That project was implemented with Microsoft DNS and DHCP solutions. But this approach left Stefan Staub, Senior Manager for Security & LAN at HARTMANN, and his team unsatisfied over time.
Customer: HARTMANN
Industry: Manufacturing, medical devices, healthcare and hygiene management solutions
Initiative: Improve network reliability to ensure quality user experiences globally, Centralize DNS infrastructure and core network management, Strengthen network security
Outcomes: Increased operational performance for smooth, uniform network performance, Enhanced network reliability and network visibility, Elevated cybersecurity defenses, improved security posture
The Challenge: Lack of Integration in Core Network Services
The problem was that because the implementation was dependent on individual sites, visibility into network operations was limited—the data was outdated and performing system analyses was a slow, time-consuming process. “It wasn’t possible to integrate a backup concept with modern DHCP,” recalls Staub. Therefore, the company began to tackle the issue of IP address management (IPAM) in 2012. That’s where the HARTMANN and Infoblox success story begins.
“The DHCP and IPAM solution with Grid technology from Infoblox was significantly simpler to manage and more mature. By installing a single device, you’ve already set up a grid, and you can manage your network from there.” However, despite its positive experience with Infoblox, it took HARTMANN another six years to implement Infoblox’s entire portfolio of solutions because the company had significant concerns about no longer using Microsoft DNS services.
The Solution: Comprehensive DDI from Infoblox
Infoblox’s solutions consist of DNS (Domain Name System), DHCP (Dynamic Host Configuration Protocol), and IPAM (collectively known as DDI). But when the HARTMANN data center in Heidenheim reached its end-of-life in 2019, the decision was made to build a new state-of-the-art center in Frankfurt. The network team quickly realized that the entire Infoblox DHCP IPAM configuration should be reconstructed there too. HARTMANN took an all-or-nothing approach and decided to use this opportunity to implement Infoblox DNS services as well. Stefan Staub and his small team have no regrets.
Understanding the Importance of DNS Security
HARTMANN now relies on Infoblox for more than network management alone. “We saw how other companies had to struggle with downtime due to malware. We definitely wanted to avoid that, which is why we looked into Infoblox’s BloxOne Threat Defense security solution,” explains Staub.
For Staub and his team, the benefits of BloxOne Threat Defense are clear: the scalable hybrid architecture protects both the company’s existing networks, the cloud and Internet-of-Things applications and appliances, as well as the company’s SD-WAN. Its simple but effective setup lowers the overall costs for defending against threats and significantly shortens the reaction times for security incidents. BloxOne Threat Defense achieves this by providing HARTMANN’s existing security stack, including the SOAR (Security Orchestration Automation Response), with actionable threat intelligence. In addition, the solution automates security measures by comprehensively integrating the entire security ecosystem, providing clear, real-time visibility into all network operations.
This visibility on the front line was an important factor for Stefan Staub. “If attackers manage to infiltrate our system, they can see they’re in a corporate network and could do damage. Sure, you could try to fend them off at that point. But without DNS security, it’s very difficult, if not impossible, to detect whether command and control communication has occurred, data has been exfiltrated, or malware loaded,” he says, explaining the benefit this solution offers HARTMANN.
The company’s complex branching structure ruled out an on-premises approach for this kind of protection, so HARTMANN chose Infoblox’s BloxOne Threat Defense cloud solution. Alongside the Infoblox solution, HARTMANN also uses a solution from ZScaler to scan and protect cloud traffic. Using multiple isolated solutions normally leads to problems in communication among the individual security packets. But the advantage of Infoblox shows up at the DNS level here as well. The individual security solutions don’t need to function in parallel, but can instead work as part of an integrated whole. Data packets from the company are first scanned by ZScaler and then passed on to be checked by Infoblox. Unique mapping via HTTPS ensures smooth functionality. Infoblox can identify the origin of the individual data packets and associate them with the right customer, even if they all superficially appear to be coming from ZScaler.
The Results: A Comprehensive View with Low Overhead
The entire Infoblox ecosystem has now been tried and tested, and works exactly according to plan, as far as HARTMANN is concerned. The Infoblox solution gives the company a comprehensive overview of its IT infrastructure while reducing the overhead this level of functionality would typically require. One example from shortly after BloxOne Threat Defense was implemented illustrates how the security solution provides comprehensive visibility throughout the entire network. A client that had not appeared in any previous analysis suddenly became visible. This device had flown under the radar the whole time and had attempted to contact a domain at regular intervals that Infoblox flagged as malicious. This insight made it possible to identify the client quickly and replace it with a clean device. The Infoblox solution also signals any malware problems, Tor connections, and other threats during everyday operations. It protects HARTMANN’s infrastructure precisely and comprehensively.
“We can track everything to show what happened where and when, without exception. We can know if our network has been misused for malicious activity and can take the necessary countermeasures immediately,” Stefan Staub says with confidence.
This deep insight into the company’s network is just one aspect of HARTMANN’s success in working with Infoblox. Like many other companies, HARTMANN needs to get an overview of its network. Besides the actual work in security and the network, the solutions also have to be administered. For example, you don’t want a solution to reach its end-of-life and cause problems because you were unprepared. In this regard, Staub and his team saw the great simplicity of the Infoblox implementation process. For instance, a site can be connected to the corporate network within five to ten minutes. If hardware needs to be swapped out on premises, that can be done in minimal time with the help of Infoblox support. And the support Infoblox provides doesn’t end there.
“Continuous support from Infoblox has also been positive. It gives us confidence that the solutions and products we have will remain in use in the long term. We also have regular contact with the Infoblox team, who are responsive to our requests and feedback. Because of this, their products are always oriented towards solving new problems,” reports Staub. One thing is clear for him, “Infoblox makes things so much easier for our team. Infoblox was, and remains, a very good choice for us.”