Quality ■ Chocolate ■ Squared.
Chocolate manufacturer Ritter Sport secures its network with macmon secure
The long-standing company known for its squareshaped chocolate has grown steadily over the years. More than 1,000 employees work in the company headquarters alone, with a total of around 1,700 people working across nine locations. Securely monitoring the endpoints and activities of these employees in the company network is vital to ensuring that production of the popular chocolates runs smoothly.
To ensure network security at Ritter Sport, Michael Jany, Team Leader for Infrastructure and Security, initiated a test run with a competing NAC solution. After unsatisfactory results, Ritter Sport decided to follow the recommendation of Ettlingen-based IT systemvendor BWG, a long-time gold partner of macmon secure, and contacted the Berlin security experts.uf.
Key Facts about Case Study Ritter Sport
Biggest challenges:
- Complex, historically grown infrastructure
- Secure network access for external service providers and BYOD devices
Reasons for macmon NAC:
- Convenient and automatic visualization of all end points
- Guest portal
- Past Viewer
- Technology partnerships
Successes through macmon NAC:
- Identification of previously unknown end points in the network
- Implementation of granular guest ticketing system and BYOD solution
Thomas Zeller, BWG, explains: “We specialize in IT security in small and medium sized enterprises (SMEs). Our consulting services and concepts are completely tailored to the security requirements and the budget of our customers. Working to the principle "As much as necessary, as little as possible," we have developed a needs-based and custom IT security strategy for Ritter Sport. We also recommended the macmon Premium Bundle to meet their network security requirements, since we have had very good experience with this manufacturer in the past."
Within a day, a test version was quickly set up at Ritter Sport, and the core functionality of macmon NAC quickly won over users, providing a convenient and automatic visualization of all endpoints.
macmon NAC provides a visual representation of the network and simplifies administration
The existing infrastructure of the traditional enterprise founded in 1912 became more and more complex and confusing in the course of the company's growth. Thanks to “Topology” from macmon, the network team received a graphic display of the entire network, and thus an overview of all connected devices at all times.
This was a major advantage, given that, like most networks, the infrastructure was subdivided into virtual networks and the task of carrying out error analysis then becomes very complex. For the network team, this transparency helped them to avoid making mistakes in their network planning.
A light bulb moment for Michael Jany
“The first scans quickly showed us endpoints on the network that we didn't know about and that we had never seen before. We were really quite surprised."
Employees and guests receive individual access authorizations, while unwanted guests are kept at bay
After initial discussions it became clear that Ritter Sport had some specific requirements with regard to access authorizations in the guest portal. The Berlin-based development team promptly adjusted the development to the needs of the customer.
The functionality of the "Guest Service" module enabled Ritter Sport to intelligently and flexibly manageany third-party device through a granular guest ticketing system for controlled, temporary access to LAN and WLAN. As well as employees who bring their own endpoint into the office and expect to have unobstructed Internet access from a mobile device such as a tablet or iPhone, there are also
mobile workers, service providers, suppliers and customers who often need more extensive access to certain resources in the company network.
In this situation, delegated authorizations (sponsor functionality), which can also be issued by the individual departments or by reception, for example, can help to reduce the workload of the internal IT team. The accessible resources as well as the duration of the access can be stored when creating the access data, so that every “visitor” is only able to access the specific resources approved for that user. As well as being quick and easy to set up, the intelligent BYOD solution provides an up-to-date and complete overview of all guest devices at all times.
It leaves you with always wanting more
Who doesn't know the feeling? You only intend to eat one piece of your favorite chocolate, but then you have a second, and a third, and so on. It was exactly the same with Michael Jany and the macmon secure modules. The implementation of a module to improve visibility and control was followed by the addition of the guest portaland the subsequent addition of Past Viewer, which records and prepares historical data for audits and certifications. For each endpoint, you can see when and where the device was operated in the network, its IP addresses and names, and which VLAN it was on. A long history can be a great asset when carrying out a forensic search in the event of security incidents, but it can also provide general information that is vital for audits and certifications in food production.
Further projects in the works:
The guest portal has significantly reduced administration for temporary network access. The next step in the project is to use VLAN Manager, an effective management component for the introduction and automated operation of static and dynamic VLAN concepts. We are also talking about how we can better protect our production network in the future. There are plans for a collaboration between macmon and Rhebo; a company that develops and markets innovative industrial monitoring solutions and services for industrial companies. In general, macmon is very open to cooperation with other solutions. Our recent technological partnership with baramundi enables direct data exchange, both for automated maintenance purposes and to allow automated responses to devices that do not meet the company's security requirements.
Alfred Ritter GmbH & Co. KG
is a German food manufacturer from Waldenbuch in Baden-Württemberg, which is best known for its chocolate brand Ritter Sport. In 1912, Clara and Alfred Eugen Ritter founded a chocolate and sugar confectionery factory in Stuttgart-Cannstatt. In 1930, the company moved from Cannstatt to Waldenbuch. The Ritter Sport brand was launched two years later. In 2012, 40 percent of sales were generated outside of Germany, compared to 35 percent in the previous year.
The factory produces around 3.5 million bars of chocolate every day. In 2020, the company achieved a turnover of 470 million euros. The square bars are now available in more than 100 countries, and 70,000 tons of chocolate are sold every year. In the 100 gram bar sector, Ritter Sport has a share of 22.4 percent in the German market. In 2020, the company bought the former Mars production facility in Breitenbrunn in Burgenland, Austria. This became the first factory outside of Germany.
IT and network data from Ritter Sport
✓ 9 locations (including 2 production locations)
✓ Approx. 1,000 PC/Citrix users
✓ Client mix (notebooks, PCs, thin clients, tablets)
✓ 400 switches
✓ 170 access points
✓ 40 logical networks
✓ Approx. 3,000 endpoints in the network (+ guests)
✓ 10 international branches: Nicaragua, Italy, Austria, Russia, Netherlands, UK, Singapore, China, Denmark and USA