Häfele has transformed its 180-site global network and security infrastructure in less than a month with the help of Cato SASE Cloud. Daniel Feinler, CISO, Häfele, discusses how this transformation took place and offers his expert advice to other organisations looking to improve their network and security infrastructure.
Cato Networks, provider of the world’s leading single-vendor SASE platform, has announced that it helped Häfele recover from a well-publicised ransomware attack in record time. By moving to Cato SASE Cloud, the international manufacturer and supplier of furniture fittings, architectural hardware and lighting products rebuilt its 50+ country, 180-site network in under 30 days.
“When your network is down from a cyberattack, every minute counts and you can’t afford to bring back a partially secured network. You have one shot to do it right and fast,” said Daniel Feinler, CISO, Häfele. “The deployment speed with Cato SASE Cloud was a game-changer. By working with Cato Networks, we were able to bring up the entire network with full security in less than a month. It was so fast that a competing SASE vendor didn’t believe us. Cato made it possible.”
“Agility and security are core requirements for every enterprise and especially in times of crisis,” said Shlomo Kramer, CEO and Co-founder, Cato Networks. “We were happy to support Häfele confront such a challenge and we appreciate its trust in Cato SASE Cloud as its new global network and security infrastructure. Our teams collaborated efficiently and professionally, setting a world record in a large-scale SASE deployment project.”
Häfele finds the right SASE partner
In February 2023, Häfele, a German family enterprise based in Nagold, Germany, suffered a severe ransomware attack forcing the company to shut down its computer systems and disconnect them from the Internet. At the time, Häfele was in an RFP process to select a SASE vendor.
“We had finished a proof of concept with Cato and were getting ready to move to the next SASE provider when the ransomware attack occurred,” said Mike Bretz, Global Team Lead of Network, Häfele. Instead, the Häfele team turned back to Cato.
Over the next four weeks, Häfele worked with Cato and restored its IT systems. Häfele installed Cato Sockets, Cato’s Edge SD-WAN device, at 180+ sites across 50+ countries such as Argentina, Finland, Myanmar (Burma) and South Africa. A global, unified security policy was configured to help prevent another attack and 8,000 employees regained secured access to the Internet and enterprise resources, including 4,000 mobile users who now use Cato Client for ZTNA.
With Cato SASE Cloud, Häfele is now benefitting from a global, unified multilayer security stack that inspects all traffic in all directions from all edges and provides consistent and comprehensive enterprise-grade security. Häfele’s new security from Cato includes FWaaS, SWG, IPS, Next-gen Antimalware, CASB and MDR – all targeted towards preventing future breaches and maintaining an optimal security posture anytime and anywhere.
The rebuilding of the network with Cato SASE Cloud was so fast that it even surprised Häfele. “I did not think that we could shut down, rebuild and transition our IT systems in less than 30 days,” said Bretz. “Cato defied the odds and performed admirably during a challenging time and under immense pressure. Cato did exactly what it said it would do. This is how you earn customer trust.”
“The Häfele project gave us an opportunity to demonstrate the agility and strength of Cato,” said Alon Alter, Chief Business Officer, Cato. “We delivered our hardware everywhere Häfele needed without delay and leveraged our zero-touch provisioning to reconnect locations in hours not days. Häfele got back to work faster in part because of Cato, which is exactly what customers should expect from a true SASE platform and provider.”
Daniel Feinler, CISO, Häfele, tells us about the project in more detail, highlighting how it managed to recover from a critical attack and how this shaped its security approach.
Why did you decide to work with Cato on this occasion – how did its solution stand out in a crowded market?
Referring to the proof of concept, I have to say our network team was very enthusiastic about the Cato solution. Especially the easy administration and the fact that everything worked as promised at the proof of concept was convincing. From the hardware, which was easily shipped to all the worldwide locations, to the connection of the box by a non-IT person. From a management point of view, I liked the fact that it really is a one-stop solution for different security areas that we previously had with different suppliers.
Can you shed some light on the ransomware attack you suffered back in February – what did this look like and how did it impact your operations?
The attackers were able to gain access to our network and then encrypted all Windows-based server and client systems. Worldwide, all IT-based processes came to a standstill.
How did you recover from such a detrimental attack and how has it influenced your security approach?
We decided very quickly that we would rebuild ourselves under our own steam. The backup was not compromised and so we were able to restore our systems quickly. However, since we implemented the current security standards during the setup, the rebuild took a little longer. We replaced the firewall and our virus scanner, installed a network segmentation and strictly adhered to the separation of IT and OT.
What did you learn from the recovery process and what advice would you give to other organisations looking to improve their network and security infrastructure?
Invest in cyber defence both in hardware-software (SASE, XDR, SIEM, SOC) and also in your employees. Training for admins as well as security awareness training for your employees. Make sure you have a secure backup (airgap) and test the restore regularly. Implement network segmentation, if not already done and separate IT from OT. Establish MFA for all logins. Try to strike a good balance between security and usability. Look at your organisation and how prepared it is for a cyberattack.
How do you operate holistically across your 180-site global network and are there any varying trends between the different locations?
All locations (and group-based user access) are handled the same way using common generic rulesets. On some locations or for some specific user groups additional rulesets are defined, to e.g. incorporate OT equipment present on these sites or to add privileges, which should not apply to all users. Still, this is all managed on the same admin panels, using the grouping feature for firewall rules.
How would you describe your security posture since the collaboration with Cato and what does the future hold?
I would say that we can sleep much more relaxed. I think with Cato we get the best protection currently. Coupled with the other changes we have introduced we are in a good current state. The important thing now is to maintain this level and always be one step ahead of the attackers.
Click below to share this article
