NetSecOps: Aligning Networking and Security Teams to Ensure Digital Transformation

The network and security teams at STMicroelectronics (ST), an $10.2 billion semiconductor manufacturer (2020 revenue), use DDI management solutions from EfficientIP to improve their collaboration.

ST originally adopted EfficientIP’s SOLIDServer DDI (DNS, DHCP, and IP address management) solution to unify these core network services. The DIT organization chose EfficientIP after a series of requests for proposals and proof- of-concept implementations.

Aldo De Luca, network security manager for ST’s manufacturing networks told EMA that his company needed a DHCP service that could manage hun- dreds of thousands of IP addresses across its manufacturing networks and its globally distributed enterprise network. “[EfficientIP] was the most scalable for DDI,” he said.

Key Benefits

Streamlining Zone-Based Firewall Rule Creation

ST launched a global initiative to reduce security risk by eliminating manual rules management in the zone-based firewalls that control traffic between the various subnets in the company’s network.

“We are working with EfficientIP to integrate their DDI solution with our [firewall] environment,” De Luca said. “We want to have zone-based security with our firewalls, so we wanted to classify every subnet in our manufacturing network and establish rules for zone communication.”

The integration will allow network administrators, who are the most familiar with the various subnets in the network and the types of devices that are con- nected to those subnets, to classify each new subnet within EfficientIP’s IPAM tool. These classifications will automatically push new rules to the company’s firewalls, ensuring that the zone-based firewall rulesets are accurate and up to date. De Luca said this integration makes it easier to transfer the knowledge of the network team to the security team that is responsible for firewall rules management.

“We plan to apply this integration to other things in the future. It will enable future microsegmentation projects, like network access control,” he told EMA. “It gives the teams a foundation for working together in the future, not just on security, but for network automation, too.”

Expanding EfficientIP Investment with DNS Security

More recently, ST adopted EfficientIP’s DBS Guardian Security solution to help secure the company’s migration to the cloud. DNS is a common vector for malicious attacks in general. When enterprises move services to the cloud, malicious actors can compromise those services via DNS spoofing, DDoS attacks, and other methods.

“We are moving part of our IT to the cloud, and we needed some extra security threat prevention and data leak prevention,” De Luca said.

EfficientIP has been an excellent vendor partner, he said. When ST first began working with EfficientIP, the DDI vendor was an agile, early-stage startup. Over the years, EfficientIP has matured, becoming more structured along presales, sales, customer support, and professional services.

“However, they have kept their initial startup agility while transforming. They have a very high level of quality processes, they listen to our requests, and con- tinuously improve,” De Luca said.