<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us
search
close

Use case: footprint mapping at ifm electronics

by Sebastiaan Bosman Use case 28 May 2020

Interview with Kevin Kampeter, IT Security Specialist at ifm electronic gmbh.

Kevin, can you start by introducing yourself, and tell us about ifm?

“Yeah, sure. I’m a real techie. In previous jobs, I worked as a programmer for virtual reality features in construction projects and as an IT Security Consultant.

KKampeter

 I’ve always had in interest in the possibilities of technology, how to program it correctly, and the different ways to keep that secured.

 “I joined ifm two years ago as IT Security Specialist, the role I still fulfil today. Ifm electronic gmbh is a German producer of industrial sensors. Founded 50 years ago by two friends, the ownership has since changed to their respective sons. Despite the size of the organisation (7300 employees in 95 countries), the essence of a family-business is still embedded in our corporate culture.

“The sensors we produce can be found in a wide variety of industries, branches and machines, e.g. in (space) aviation, the automotive industry, household appliances, automated car wash, in race cars, and many more.”

From your perspective, how do ifm’s operations reflect on your tasks?

“As ifm services numerous markets, our online reach and presence is wide-spread as well. That includes the country-specific web pages for all business units, along with their local suppliers and other third parties. I’m responsible for the IT security of the entire organisation and all subsidiaries.  

“I try to stay in control over as many aspects of our digital environment as possible. This means I try to tackle challenges myself and with the right colleagues. Next to that, my responsibilities include creating awareness campaigns among employees, SOC-related tasks such as preventing and mitigating data leaks and other incidents, and monitoring and directing our online assets. Finally, I also take care of the reporting of our security development, including any event management, to top management.”

When you started at ifm, what were your first experiences and priorities?

“My team didn’t really exist yet when I started. We wanted to get an overview of our online footprint and set a benchmark for our cyber-security, but that was easier said than done. With so many employees, people from different teams had been adding to the online environment for their own jobs. As this activity wasn’t always reported to IT teams, our biggest challenge was making an inventory of ifm’s online assets with the corresponding servers, and determining who’s responsibility said assets were. However, considering the size of the organisation and the shadow IT, mapping our online footprint by hand would be too time-consuming and ineffective.”

What did you do to get the job done?

“We couldn’t tackle the challenge with the resources at hand. We needed a tool to detect our assets automatically, and quickly too. The starting point was to determine our online footprint, where security needed improvements, and who was in control of those assets.

“That’s when we came across Cybersprint. We chose their Digital Risk Protection platform because it could give us the means to what we needed to achieve. And as we needed it sooner rather than later, we were happy that the platform didn’t require any installation. As the software operates via the cloud, it was up and running in minutes. I had never experienced similar software working so fast before.”

What is your experience with Cybersprint’s platform and service?

“As I prefer to stay in control over the assets myself, I am happy with the 24/7 accessibility of the platform. It clearly shows me what assets are part of our footprint, what their individual security rating is, and how any vulnerabilities can be mitigated – without taking over the process.

“At first, the results were a little overwhelming. When we started working with the platform, it found considerably more assets than we thought we had. Over a thousand to comb through. However, the security risk rating per asset enabled us to determine which parts of the footprint we needed to fix first. We combined these insights with our view of the most vital parts of ifm’s infrastructure. As a result, we set out to secure our main domain ifm.com first, then our sales platform, and worked our way down from there.

Looking back, did you discover any hidden challenges or solutions along the way?

“In the initial stages of adaptation, Cybersprint’s personal assistance was particularly valuable. I had regular video calls with my contact, who helped me analyse the data and offered tips and tricks in the platform. They showed me how several assets were actually part of one URL, written in four different ways: http, https, with www. and without www. This helped us discover a solution to a problem we didn’t realise we had before.

“Furthermore, when we formulated our primary tasks, we wanted to determine the next steps based on the scan’s results. Which assets would we manage ourselves, or what additional information would we need? However, as a new employee, I didn’t know which parts of the organisation the assets belonged to, or in what stage of the mitigation process certain vulnerabilities were. Instead of having to contact different teams and business units, I could structure the results myself using the detailed information per asset and give each one a custom tag. I still use that feature today. I have created about 25 tags, such as ‘reviewed’, ‘to be shut down’, etc. As the platform keeps monitoring our assets 24/7, I can change the tag depending on the latest scan.

“Overall, the platform and service Cybersprint provides has helped me greatly in mapping ifm’s online footprint and gaining the insights I need to do my job every day. I can build on the technical analyses of the platform to strengthen our cyber-resilience, and isolate the required information when building a report.”

Are you interested to see how Cybersprint's DRP platform can help secure your organisation? Contact us for a demo. 

 

More resources

 


pasfoto001Sebastiaan Bosman is Content Marketeer at Cybersprint.
With a background in Communications and Linguistics,
he is responsible for the creation and editing processes of most internal and external communication. He writes content such as blogs, whitepapers and case studies, primarily based on Cybersprint’s own research data. Previously, Sebastiaan worked as Content & Communications Advisor at ING Global.

 

Cybersprint 5-year anniversary

2020 marks our five-year anniversary! To celebrate, we will publish five video interviews about our journey so far. One video every Thursday in the month October. 

read more

Hâck The Hague: From council questions to a unique hacking competition

The Hague Municipality’s Council, Monday 30th of September 2019 at 10:25 AM. On this location 3 years ago, the idea for the first edition of this event was established. Today, as chairman I have the pleasure to initiate its third edition, Hâck The Hague 2019. For the third year in a row, the municipality of The Hague and Cybersprint are working together to test the digital security of the city along with its inhabitants.

read more

Use case: Provincie Overijssel

For governmental organisations, it is important to have a clear overview of their digital footprint and risks. They need to ensure the right policies are in place when it comes to cybersecurity. To illustrate their challenges, and the benefits of digital footprint management, we've interviewed one of our customers from the governmental sector. Rick Verkade, Security and Privacy Specialist at Provincie Overijssel shares his experiences in this interview.

read more

Do you have a question?

Our experts have the answers

Contact us