Veolia Poland
Veolia Group has been operating in Poland for 25 years and has established itself as a trusted partner for both cities and industries. It stands as one of the foremost service providers in the domains of energy management, water and sewage management, and waste management. Veolia is dedicated to delivering innovative services tailored to meet the unique requirements of its customers while aligning with the Sustainable Development Goals set forth by the United Nations. With a workforce of approximately 4,600 individuals in Poland, Veolia is committed to sustainable practices.
Veolia Poland operates under the umbrella of the Veolia holding company, a publicly traded entity listed on the Paris stock exchange. Globally, the Veolia Group employs around 220,000 individuals. The company specializes in the development and implementation of solutions spanning energy management, water and sewage management, and waste management. In 2021, the Veolia Group reached significant milestones by providing drinking water to 79 million people, offering sewage services to 61 million people, generating nearly 48 million MWh of energy, and processing 48 million tons of waste.
The IT Department of the Shared Services Centre plays a pivotal role in Veolia Poland's operations. This department is responsible for maintaining the teleinformatics infrastructure and communication systems across all Veolia Poland locations. Veolia's network infrastructure is diverse and incorporates a range of devices, including Meraki, Cisco, and CheckPoint. The IT Department is dedicated to delivering a multitude of essential services to support the company's operations.
In order to ensure the availability and performance of applications, it became imperative to implement an efficient solution for monitoring network connections and device performance. The utilization of individual manufacturer-provided software necessitated simultaneous work on multiple consoles, making it challenging to respond promptly to incidents occurring at the technology interface.
The IT Department at Veolia Poland embarked on a quest to find a monitoring solution capable of handling the load of various types of network devices (such as routers, firewalls, and switches) from different manufacturers. An essential requirement was the capability to gather data essential for expediting repairs and optimizing the network. Additionally, the newly adopted software should facilitate real-time network traffic monitoring and evaluation to ensure compliance with the connection matrix approved by the IT security department.
A pivotal criterion considered during the selection process was the solution's flexibility and the ability to independently customize analytical dashboards for quick access to vital information. Furthermore, under the leadership of Maciej Oziembło, the IT department defined additional criteria for the new IT infrastructure monitoring system, including:
- Analysis of network device load to detect "bottlenecks" and network segments responsible for a decrease in transmission quality.
- Identification of the causes of slow application performance.
- Analysis of link saturation levels during specific periods (dates and hours).
- Ease of configuration and usage, recognizing that IT department employees may have limited involvement in the implementation and learning of the new system.
- Integration with the SIEM (Security Information and Event Management) system
After a thorough evaluation of available market solutions, the Sycope system was chosen for testing within Veolia's production environment. Following three months of rigorous testing, during which prototypes of dashboards were developed, security rules were parameterized, and integration with the SIEM application was verified, Veolia decided to acquire two modules integral to the Sycope system.
The first module was the Visibility module, responsible for monitoring the load of network devices and traffic between devices in the network. The second module was the Security module, tasked with analyzing network traffic, detecting security threats, anomalies, and unwanted communications. This was achieved through the utilization of advanced security rules and constantly updated external white and blacklists, as well as threat signatures.
The implementation process took place in December 2022 and included:
- Installation of a virtual machine within the client's environment.
- License installation.
- Initial system configuration, encompassing network addressing, integration with Active Directory for user login, and integration with the SIEM system.
- Configuration of dedicated dashboards for monitoring network device status and verifying network traffic against a compliance matrix developed by the IT security department.
- Creation of a mechanism for exporting audit logs to the SIEM system, allowing monitoring of access to the Sycope system.
"We were looking for a solution that would enable us to monitor the entire network while also serving as a data source for our SIEM system. The Sycope system perfectly met our needs, allowing us to optimize the operating costs of our current SIEM as well." - Maciej Oziembło, Data Centre Area Manager
By analyzing network flows, the IT department gained access to comprehensive information regarding user-generated traffic, server-to-server communication, devices, and applications employed within the organization. This empowered them to make informed decisions regarding resource allocation and the implementation of security measures, thus reducing the risk of unplanned outages due to IT infrastructure failures and proactively detecting security incidents.
The dashboards provided quick access to critical information from the client's perspective, enabling the visualization of communication between individual devices, port filtering, traffic table creation, load verification on specific devices and ports, and calculation of the percentage load on individual interfaces. Improved visibility of network anomalies and security threats at the organizational level was a crucial advantage of this implementation.
"Working with Sycope has been a smooth experience. They have an organized approach to product implementation, and their team communicates effectively to ensure the project progresses as planned." - Jan Rześny, Support engineer, Passus S.A
The Sycope system served as a valuable data source for IBM's SIEM software, correlating logs from various sources. By monitoring network flows from all significant organizational devices, all network communications were made visible. To send security alerts from the Sycope system to SIEM, only the IP address and Syslog server port configuration were required.
Network flow analysis took place within the Sycope solution rather than directly in the SIEM engine. This resulted in significant financial benefits by eliminating the need for SIEM licenses required to analyze billions of network flows daily.