Case Study - Tecumseh Products

 

WatchGuard Helps Tecumseh "Cool" off Hackers and Safeguard IP

Background

Leftovers.

An icy drink.

A comfortable, temperature-controlled commute while sweltering heat waves emanate off the pavement.

A cool, restful night's sleep protected from the hot summer mugginess.

While you may not often give these simple pleasures and conveniences a second thought, Tecumseh Products Company may just be the reason we can all enjoy them.

Founded in 1934, Tecumseh Products Company grew up to become the world's largest independent producer of refrigeration compressors.

Tecumseh revolutionized the industry with the first hermetically sealed compressor, significantly increasing appliance longevity and reliability, and later, it was a Tecumseh compressor powering the first window air conditioning unit. By the 1960s, Tecumseh compressors powered 70 percent of all freezers, window air conditioners, non-GM automobile air conditioners, and 30 percent of all refrigerators in America.

Today, Tecumseh engineers hermetically-sealed compressors for residential and specialty air conditioning, home refrigerators and freezers, and commercial refrigeration around the globe.

The Challenge

With 4,800 employees worldwide, including in the U.S., Mexico, Brazil, Canada, France, India, and China, Tecumseh has a large, diverse workforce with demanding networking needs. Along with engineering excellence, innovation has always been a cornerstone of the company's success, so keeping the lid on the next "breakthrough" technology is high on the list of security concerns.

According to Wes Barron - CEH, CHFI, ECSA, CEI, CISSP, Global Network Manager at Tecumseh, "Botnets are an increasing concern, but the top challenge for Tecumseh has always been end user behavior. The balancing act is putting up barriers without acting like the Internet police. We wanted ease of use, availability, and mobility without sacrificing network security."

Detour with Cisco Meant Bumpy Ride, Setbacks, Security Issues

From 2001 until about 2007, Tecumseh relied on WatchGuard for network security. However, as Mr. Barron tells it, "Once we started using Cisco for our infrastructure, they put pressure on us to go with Cisco security too. Cisco wowed us with talk about their security capability, but once we made the switch, it ended up being four tumultuous years. It was terrible. Cisco excels at networking and wireless, but it leaves much to be desired as a security company," Mr. Barron added.

"Soon after removing WatchGuard and replacing it with Cisco, we started having problems," recounted Mr. Barron. "An Internet service provider (ISP) caught a botnet within our network—it was pretty serious. Now, how did an ISP catch it, but we didn't? The ISP said 'fix it or we'll have to shut your Internet down in 30 days'."

"Cisco MARS is a poor device—it can take literally days of combing through logs to find anything. After spending considerable time and resources—we finally zeroed in around the botnet infection. We had to initiate a system-wide virus scan. This scenario was replayed five more times over the duration we had Cisco! Cisco Gold Partners installed these devices—so they should have been correctly configured. With Cisco, we were getting serious infections over and over again," lamented Mr. Barron.

Why WatchGuard?

The tipping point was fallout from a surprise government audit at Tecumseh's Brazilian facility. "The auditors plugged into our network to do the audit, but there was a virus outbreak that literally brought our entire network to its knees," recounted Mr. Barron. "ERP and payroll weren't working—it was a mess. Our Cisco Systems didn't even generate an alert—the infection was not even logged!"

Tecumseh began vigorously evaluating alternate solutions, including SonicWall, Fortinet, Juniper, and Barracuda. "Barracuda lacked a true UTM solution," Mr. Barron assesses. "To get what we needed would require a bunch of different point solutions and tons of licenses. None of the other vendors provided as flexible a solution as WatchGuard. WatchGuard really shines in letting you configure and customize your network to the idiosyncrasies of your user-base and the threat landscape. In an enterprise environment such as ours, it was essential to have the WatchGuard solution."

Working with their vendor, Trivalent Group, Tecumseh demo'd the WatchGuard XTM 810 with all the security services enabled. "Once the demo security services expired, just the base WatchGuard firewall with its application proxies and packet filtering policies did a better job of protecting our network than the $90k/year Cisco solutions [MARS, ASA, NIPS, IronPort]) that included the Cisco security suite," marveled Mr. Barron. "Getting WatchGuard was a no-brainer."

WatchGuard Delivers Bulletproof Security and Protects IP

"Since we've implemented WatchGuard, we haven't experienced any issues or virus activity," remarked Mr. Barron. That hasn't happened since 2005, which is when we last had WatchGuard security. WatchGuard has been so set and forget. I hope the end users don't forget I'm here! It's a nice problem to have."

Tecumseh has deployed WatchGuard XTM 810s at their major Internet pipes (Ann Arbor, France, Brazil, India), and Mr. Barron uses the XTM 25 for wireless protection at his home office. Tecumseh uses all of the WatchGuard XTM Security Subscriptions, but Mr. Barron appreciates WatchGuard's best-in-class WebBlocker and Applicaton Control the most.

"Application Control is crucial to blocking data leaks," explains Mr. Barron. "We have intellectual property to protect and believe we are working on innovations that no one else in the world is. The last thing we want is an engineer using Dropbox to work on something sensitive at home. With Cisco, I couldn't stop that to save my life," asserted Mr. Barron. "Now, I'll hear from users who are blocked from sending data or attachments to themselves. I tell them to talk with HR--because until I am told differently, they have no business using any unapproved applications that are a violation of corporate policies, and we can log those attempts," added Mr. Barron.

Transparent Networks Make for Safer Networks

From the start, Mr. Barron has been impressed with WatchGuard's visibility and reporting tools--included at no additional cost. "WatchGuard's logging and reporting works immediately and provides real-time, actionable access to what is going on. For instance, if our network was being attacked from overseas, we can get instantaneous reports from WatchGuard. And, if need be, in a matter of seconds we can adjust policies to eliminate the risk. With Cisco, we literally had to search through logs for hours and hours, days, or even weeks," says Mr. Barron. "And with Cisco, we would need to pay $16k - $60k to integrate third-party reporting to be able to make use of it. The Cisco MARS appliance is pretty much worthless. I could get more use out of any free syslog server."

"WatchGuard's reporting and visibility tools work great for satisfying auditors and helping with compliance," declared Mr. Barron. "For instance, we can show a report logged an action, and set an alert. Then, I can show the auditor that the email alert was read at a specific date. The read receipt is proof of due diligence and due care, and that shows acceptable compliance."

Service You Can Count On

"There is just an enormous difference between the service I received from WatchGuard and the nightmare I experienced with Cisco. When trying to troubleshoot one issue with Cisco, I was in contact with literally over 100 people—that is not a joke," asserted Mr. Barron. "I was on a conference call for 18 hours with Cisco people!"

"Cisco support is so fragmented. IronPort, MARS, IPS--these were all separate companies that were acquired, but they don't work well together at all," related Mr. Barron. One problem was Ironport's ineffectiveness. It blocks things it shouldn't—and it allows things that you specifically tell it to deny. Cisco said it would cost at least $12k more to correct the problem for one network."

Able to rely on WatchGuard's user forums and Knowledge Base for troubleshooting help, Mr. Barron has only once had to contact WatchGuard's customer service, LiveSecurity.
"The WatchGuard LiveSecurity Rep. called me back sooner than the promised time for my service level," says Mr. Barron. "The Rep. brought an expert in on the call. Within five minutes, my issue had been entirely resolved! Management and end users at my company were ecstatic. Having been accustomed to working with Cisco, I was fully expecting this process to last for days," Mr. Barron recounted. "Instances like this, and the considerable amount of money that the WatchGuard solution saves compared to what we had with Cisco, have made me something of a hero around work."

WatchGuard: Security-First, Excellence, & Value

"When we originally left WatchGuard, I provided some feedback on what their technology needed to be truly great," tells Mr. Barron. "I suppose, as with a lot of companies, I didn't expect my input to matter much. But, when I came back to WatchGuard, they could reference all of my input, and what's more—they had implemented all of the things I had asked about! It was definitely a big mistake leaving WatchGuard in the first place."

"For a fraction of the maintenance cost alone we were paying with Cisco, we got hardware and services from WatchGuard--and the security capabilities and usability are infinitely better than what we could ever achieve with Cisco. With WatchGuard, we get granular control, network transparency, and we don't have to sacrifice availability or ease of use for end users," remarked Mr. Barron. "When it comes down to it, no one does firewall technology as well as WatchGuard."

 

Resources

Download Printable Version

All Case Studies

For a fraction of the maintenance cost alone we were paying with Cisco, we got hardware and services from WatchGuard--and the security capabilities and usability are infinitely better than what we could ever achieve with Cisco.

Wes Barron - CEH, CHFI, ECSA, CEI, CISSP,
Global Network Manager
Tecumseh Products Company

 

 

None of the other vendors provided as flexible a solution as WatchGuard. WatchGuard really shines in letting you configure and customize your network to the idiosyncrasies of your user-base and the threat landscape. In an enterprise environment such as ours, it was essential to have the WatchGuard solution.

Wes Barron - CEH, CHFI, ECSA, CEI, CISSP,
Global Network Manager
Tecumseh Products Company

 

 

About WatchGuard

WatchGuard has deployed nearly a million integrated, multi-function threat management appliances worldwide. Our signature red boxes are architected to be the industry's smartest, fastest, and meanest security devices with every scanning engine running at full throttle. Why buy WatchGuard? Find out here.

 

GET IN TOUCH

  • Global Headquarters
    505 Fifth Avenue South, Suite 500
    Seattle, WA 98104, United States
  • Phone
    1.800.734.9905 US & Canada