Trials and demos
How to buy

Manufacturing

20/20 vision into OT cyber risks

ZEISS protects production integrity with comprehensive visibility into industrial assets, their vulnerabilities, and unexpected behavior indicating a potential threat

Visibility into thousands of industrial devices

Cyber threats can take down production and expose intellectual property. ZEISS protects its industrial assets with Cisco Cyber Vision, Secure Firewall, Identity Services Engine, and a managed security service from Orange Business. 

Carl Zeiss AG

ZEISS is an internationally leading technology enterprise operating in the optics and optoelectronics industries. Headquartered in Germany, ZEISS has ~46,500 employees in ~50 countries. 

Challenges

  • Gain visibility into thousands of industrial devices across multiple sites
  • Increase overall equipment effectiveness (OEE)
  • Protect operations against malicious traffic and unauthorized communications

Solutions

Outcomes

OT security fused into the network

Every asset is detected and profiled without costly bolted-on visibility solution.

Reduced attack surface

Comprehensive visibility into vulnerabilities, communications, and risks helps improve security posture.

Simplified segmentation to protect operations

Visibility documents segmentation policies to help protect against malicious traffic.

    Protecting production integrity and intellectual property

    ​​ZEISS is an international leading technology enterprise operating in the fields of optics and optoelectronics. Known for innovation, the company has more than 7,300 R&D employees and holds more than 12,500 patents. Protecting intellectual property and production integrity are essential to the business. ZEISS also needs to comply with cybersecurity standards like ISA/IEC 62443 and the EU’s NIS2 Directive. 

    ZEISS has thousands of industrial assets in multiple sites. Protecting them from security threats that could interrupt production or result in information leakage has become more complicated over the years. The reason: many industrial devices communicate with each other, IT systems, and cloud services to streamline operations and enhance overall equipment effectiveness (OEE). Protecting the production infrastructure requires understanding each site’s security posture, identifying unauthorized traffic, and spotting anomalous industrial control behaviors. 

    To maintain production integrity, ZEISS wanted a centrally managed industrial security solution. Requirements included deep visibility into industrial assets, maps showing what other assets they communicated with, real-time monitoring, and advanced threat detection.

    Comprehensive visibility into industrial cyber risks

    ​​Today, ZEISS protects its production floor networks with Cisco Cyber Vision, part of a managed security service from Orange Business and Orange Cyberdefense. Cisco Cyber Vision appealed to ZEISS and Orange because it embeds OT security capabilities right into ZEISS’s industrial network, saving the company the costs and management overhead of dedicated security appliances or out-of-band collection networks. Orange uses Cyber Vision to: 

    • ​Automatically discover and profile every OT asset across multiple ZEISS sites. The profile includes the asset’s vulnerabilities, a map of its communications patterns, and risk scores to help prioritize action. Understanding the OT security posture of each site helps ZEISS implement cybersecurity best practices and comply with the security regulations in the countries where the company operates. 
    • ​Generate insights to help ZEISS improve network efficiency and quickly troubleshoot and resolve operational issues. 
    • ​Detect anomalous events and alert the Orange security operations center (SOC), where IT and OT events are correlated for cybersecurity experts to better detect threats and take the appropriate action.  

    Protecting operations with adaptive OT network segmentation

    Comprehensive visibility into the production environment helps ZEISS protect operations from malicious traffic and unauthorized communications. Operations managers use Cyber Vision maps to group devices according to their role in the industrial process, documenting how the industrial network should be segmented. These virtual segments are shared with Cisco Secure Firewall for enforcement, helping ZEISS comply with the ISA/IEC 62443 industrial security standard for industrial automation and control systems (IACS).

    This unified approach streamlines IT and OT collaboration, reduces manual workload, and improves protection by ensuring that only industrial devices that have a legitimate need can communicate with each other—and prohibiting communications not explicitly allowed. 

    Cisco Secure Firewalls are also used to provide secure remote access to the production-floor network in combination with Cisco’s Identity Services Engine (ISE), a next-generation identity and access control policy platform. With this solution, users are given the least privilege needed for their role (e.g., vendor or ZEISS network admin), helping ZEISS comply with the NIS2 Directive.

    Managing OT cyber risks at scale

    ​​Since deploying Cisco Cyber Vision in partnership with Orange Business, ZEISS has reduced downtime, simplified compliance, and enhanced business continuity. The number of security events has decreased, giving security analysts from ZEISS and Orange more time to investigate and respond to real threats.

    ​After a successful, large-scale implementation and more than a year of reliable daily operation with Orange Business, ZEISS is now planning to implement Cyber Vision across the enterprise. A consistent security strategy across all production facilities strengthens cyber resilience and increases operational confidence.  

    Partner Spotlight

    Orange Business and Orange Cyberdefense

    Orange Business is a global digital services integrator, providing secure connectivity and cloud solutions.

    Learn More