For Bühler, IT security is a central factor in ensuring the success of the company. The SIEM solution provides group-wide transparency, helps to identify weak points and increases efficiency in the company.
The Buhler Group employs over 12,500 people and runs subsidiaries and production sites worldwide. The availability of resources around the clock is central to ensuring productivity. IT security on a global scale is a monumental task: hacker attacks, data misuse, or theft are omnipresent dangers for any industrial company. Bühler's design plans and innovation inventions are valuable and must therefore be protected against industrial espionage. This makes IT security and the associated goals of availability, confidentiality, and integrity a key factor for Bühler in ensuring the company's success.
The Bühler Group log service includes a Security Incident and Event Management (SIEM) and also serves as a data lake. It thus enables 360° transparency of logs and events across the Group. The log service collects information from a wide variety of sources in the heterogeneous IT environment of Bühler Group, processes it, and makes it available to the various user groups in near real-time on a dashboard (Kibana).
Many stakeholders, one solution: Multi-layered demands combined
For complex problems, the helpdesk can create a ticket for the 2nd level support directly from the system.
The IT security team can identify potential security issues in a timely manner and respond adequately before any damage occurs.
The compliance and governance team can more easily meet its objectives and successfully manage audits and certifications thanks to the central availability of all data.
The Network Team can analyze the behavior of over 500 network devices and has a troubleshooting tool.
The Automation team can control and manage the access of the sensors of machines or virtual machines that need access to certain network segments.
The infrastructure team can analyze logs when concerns arise and quickly resolve concerns such as Active Directory login issues.
The log service is used by the customer care team of the B2B portal myBühler to improve the customer experience.
With its agile project approach and extensive technological experience, Mimacom created a high-performance log service with a clear dashboard for the Bühler Group in a very short time:
The Bühler Log Service is a highly available and scalable solution which, in addition to SIEM monitoring and alerting, covers a wide range of other requirements and increases productivity. Apache Kafka® serves as the data collector and Elasticsearch for processing the data. The solution is characterized by its easy extensibility and does not cause any additional operational overhead.
The data collected by the log service is made available to employees according to the need-to-know principle and automatically destroyed - of course always in compliance with the GDPR guidelines and Bühler's internal security requirements.
Facts & Figures about the solution
220 GB of data per day
850 different source systems like network devices, routers, firewalls, sensors
100 different log file types
12'000 events per second
< 0.3 milliseconds latency. High performance in real-time.
Network of 18 servers
Elastic stack in combination with Apache Kafka®
Evaluationà The technologies available for selection were Elastic's ELK stack in combination with Apache Kafka® or Splunk as an alternative. Based on a convincing presentation, optimal support during the selection process, and comprehensive know-how in the areas of Elastic and Apache Kafka®, Bühler decided to implement the log service dashboard with Mimacom.
Conclusion & Outlook
Mimacom's log service is an important component of Buhler's IT security. Not only does it contribute centrally to IT security at Bühler, but it also helps to increase efficiency on many levels within the company. In order to enable Buhler to implement simple adjustments without the help of Mimacom, great importance was attached to the training of the personnel involved in the development of the project scope. Because the solution designed by Mimacom is largely based on the standard Elastic stack, it can be easily extended by Bühler at any time or in collaboration with Mimacom as a partner.
Industry: mechanical engineering
Team (number of team members and job roles): 1 Software Engineer, 1 Scrum Master
Users: Security Team, Global Service Desk, Automation Team, Network Team, Infrastructure and Server Team, Consumer Services Team
Technologies used: Elastic Stack (Elastic Search, Elastic Beats, Logstash), Kibana, Apache Kafka, rsyslog, Java, Spring Boot, Jira and Confluence (Wiki)