Introduction
Customer overview
Founded in 1866, Barrett Steel Ltd. is a leading force in the UK steel industry. Barrett Steel is the UK’s largest independent steel stockholder, with its own distribution fleet and sites across the UK. The company operates through four divisions—General Steels, Engineering Steels, Tubes, and International—providing its customers with access to more than 100 kilotons of steel stock. Proven expertise and advanced specialist skills have enabled Barrett Steel to succeed in a diverse range of high-profile projects around the globe, cementing its reputation as the number one supplier in the steel stockholding industry.
Summary
The UK’s largest independent steel stockholder, Barrett Steel has positioned information security as a core business enabler, preventing operational disruption due to cyberattacks and opening doors to new opportunities in information security-conscious markets. Challenged by performance limitations in its legacy security infrastructure and seeking a more robust, easier-to-manage solution, Barrett invested in the Strata™ network security suite and Prisma™Cloud as the foundation for its Zero Trust security posture. This provides Barrett with granular traffic segmentation capabilities to control traffic based on application type and user role, along with the ability to intelligently detect and disrupt cyberthreats, such as phishing attacks, in real time. GlobalProtect™ network security for endpoints also proved key in enabling the company to quickly shift to a secure work-from-home model during the COVID-19 pandemic. All of this is managed centrally through Panorama™ network security management with the same intuitive user interface as the PA-Series and VM-Series Next-Generation Firewalls (NGFWs). Moreover, as Barrett begins running critical applications in Amazon Web Services (AWS®), Prisma Cloud delivers visibility into third-party applications running in the cloud to ensure they conform to the company’s security policies.
Prioritizing information security as a business enabler
For more than 150 years, Barrett Steel has been supplying the UK with steel—the literal and figurative foundation of nations. Whether for municipal projects or commercial construction, organizations of all types and sizes put their trust in Barrett. Why? Consistent high product quality and outstanding service are the hallmarks of this successful company. However, if you ask Barrett’s head of IT operations and chief information security officer, Sam Ainscow, there’s another reason.
“More and more, customers are looking at the supply chain, concerned about information security,” Ainscow says. “One of the reasons we’re able to participate in more security-aware markets is because of the investments we’ve made in information security. For a lot of businesses, security is seen as a compliance tick-box. But at Barrett Steel, we’ve made it a business enabler. It’s opening markets and actually moving the business forward.”
Palo Alto Networks solutions protect Barrett’s assets on-premises and in the cloud. The company evaluated several major players, ultimately selecting Palo Alto Networks due to the technical advantages of its unified security offerings and the collaborative spirit of the Palo Alto Networks customer care team.
Ainscow explains, “We wanted a security solution that could do the hard work for us; that’s what you’re paying for. Palo Alto Networks has built a well-integrated solution that doesn’t require us to have an army of engineers to run it. Whether it’s our firewalls in the cloud or the ones on-prem, we have a single point with Panorama to manage the entire security estate.”
He continues, “From a care and concern perspective, the Palo Alto Networks team demonstrated that they were invested in our success from the beginning. That’s something I expect in a strategic vendor: that you have skin in the game. Palo Alto Networks put in the time and resources up front, holding detailed design sessions with us to make sure we got the right solution. They understand that it’s about mutual success, not just selling me a couple of boxes.”
“More and more, customers are looking at the supply chain, concerned about information security,” Ainscow says. “One of the reasons we’re able to participate in more security-aware markets is because of the investments we’ve made in information security. For a lot of businesses, security is seen as a compliance tick-box. But at Barrett Steel, we’ve made it a business enabler. It’s opening markets and actually moving the business forward.”
Palo Alto Networks solutions protect Barrett’s assets on-premises and in the cloud. The company evaluated several major players, ultimately selecting Palo Alto Networks due to the technical advantages of its unified security offerings and the collaborative spirit of the Palo Alto Networks customer care team.
Ainscow explains, “We wanted a security solution that could do the hard work for us; that’s what you’re paying for. Palo Alto Networks has built a well-integrated solution that doesn’t require us to have an army of engineers to run it. Whether it’s our firewalls in the cloud or the ones on-prem, we have a single point with Panorama to manage the entire security estate.”
He continues, “From a care and concern perspective, the Palo Alto Networks team demonstrated that they were invested in our success from the beginning. That’s something I expect in a strategic vendor: that you have skin in the game. Palo Alto Networks put in the time and resources up front, holding detailed design sessions with us to make sure we got the right solution. They understand that it’s about mutual success, not just selling me a couple of boxes.”
"The fact that we have been able to run and grow our business without any major issues is in large part because of the strong security posture we’ve taken by investing in solutions from Palo Alto Networks."
Sam Ainscow
Head of IT Operations and Chief Information Security Officer, Barrett Steel
The sensible security posture for Barrett Steel: Zero Trust
For Ainscow, a Zero Trust posture is central to making information security a business enabler. As he points out, “We live in a world today where attackers, even without much skill, can be quite menacing. You have to operate in a state of assumed breach. Therefore, it makes sense for everyone to embrace Zero Trust. If you’re an IT manager or security engineer and think your network is clean, you’re living in fantasy land. You just can’t trust anything.”
Ainscow’s approach to Zero Trust at Barrett starts at the subnet level, meaning all traffic routed on the network passes through the company’s core Palo Alto Networks NGFWs for inspection. It’s an “all doors closed” policy for internet traffic, and servers can only communicate if there is a business need. Traffic flow is controlled using App-ID™ and User-ID™ technology on the NGFWs. This applies Layer 7 rules to filter traffic at the packet level, and users are restricted to accessing servers based on their role and level of authority.
With the NGFWs deployed in the network core and at the edge, Barrett has multiple layers of protection against cyberattacks. Ainscow considers this another important part of enabling the business.
“One of the jobs of information security is to keep the company functioning without disruption,” he says. “From a business perspective, our biggest issue is people clicking links in emails. We had a recent incident where a customer’s email system was breached and the attackers were sending us legitimate-looking emails with a link to a supposed sales order. Of course, the links were malicious, but the emails made it through our cloud-based email filters and Microsoft Office 365 ATP. However, our Palo Alto Networks edge firewalls caught them.”
All phishing attacks depend on some kind of external communication, either to download malware or enable command and control. With the full portfolio of security offerings enabled and constantly updated by Palo Alto Networks, when Barrett users clicked on the link, the NGFWs detected that it was malicious and prevented it from executing.
Ainscow notes, “When we got the alert, we just jumped into Panorama and saw that the firewall reset both the server and the client connection, so there was no immediate danger being posed by that endpoint. Palo Alto Networks did what was needed.”
Ainscow’s approach to Zero Trust at Barrett starts at the subnet level, meaning all traffic routed on the network passes through the company’s core Palo Alto Networks NGFWs for inspection. It’s an “all doors closed” policy for internet traffic, and servers can only communicate if there is a business need. Traffic flow is controlled using App-ID™ and User-ID™ technology on the NGFWs. This applies Layer 7 rules to filter traffic at the packet level, and users are restricted to accessing servers based on their role and level of authority.
With the NGFWs deployed in the network core and at the edge, Barrett has multiple layers of protection against cyberattacks. Ainscow considers this another important part of enabling the business.
“One of the jobs of information security is to keep the company functioning without disruption,” he says. “From a business perspective, our biggest issue is people clicking links in emails. We had a recent incident where a customer’s email system was breached and the attackers were sending us legitimate-looking emails with a link to a supposed sales order. Of course, the links were malicious, but the emails made it through our cloud-based email filters and Microsoft Office 365 ATP. However, our Palo Alto Networks edge firewalls caught them.”
All phishing attacks depend on some kind of external communication, either to download malware or enable command and control. With the full portfolio of security offerings enabled and constantly updated by Palo Alto Networks, when Barrett users clicked on the link, the NGFWs detected that it was malicious and prevented it from executing.
Ainscow notes, “When we got the alert, we just jumped into Panorama and saw that the firewall reset both the server and the client connection, so there was no immediate danger being posed by that endpoint. Palo Alto Networks did what was needed.”
Helping keep business running during pandemic
During the COVID-19 pandemic, Barrett’s Palo Alto Networks security infrastructure proved especially beneficial to the business. Under normal operating conditions, the company may have 40 or 50 people working from home. When the pandemic struck, that number jumped to more than 300 virtually overnight.
Ainscow explains, “We were able to transition nearly our entire staff to working from home without breaking a sweat because of the investment we made in Palo Alto Networks. We had deployed virtual Next-Generation Firewalls to run GlobalProtect, which is our standard configuration on all endpoints. So, when the lockdown orders were issued, we simply told all our people to pack up their desktops and take them home. With GlobalProtect, we know they will be as equally protected at home as they are in the office.”
He adds, “Once again, Palo Alto Networks was an enabler for us, and this time, the key was GlobalProtect. Being able to shift people to work from home so seamlessly allowed us to maintain operations and enable our sales people to continue servicing customers. While a lot of our competitors closed, at least temporarily, we were able to do everything as normal from home and even acquire new accounts. That’s what maintaining a good security posture was able to do for this business.”
Ainscow explains, “We were able to transition nearly our entire staff to working from home without breaking a sweat because of the investment we made in Palo Alto Networks. We had deployed virtual Next-Generation Firewalls to run GlobalProtect, which is our standard configuration on all endpoints. So, when the lockdown orders were issued, we simply told all our people to pack up their desktops and take them home. With GlobalProtect, we know they will be as equally protected at home as they are in the office.”
He adds, “Once again, Palo Alto Networks was an enabler for us, and this time, the key was GlobalProtect. Being able to shift people to work from home so seamlessly allowed us to maintain operations and enable our sales people to continue servicing customers. While a lot of our competitors closed, at least temporarily, we were able to do everything as normal from home and even acquire new accounts. That’s what maintaining a good security posture was able to do for this business.”
Extending a consistent security posture to the cloud
While Barrett Steel continues to run the bulk of its production operations out of an on-premises data center, the company is exploring opportunities in the public cloud. Most recently, it deployed a cloud-based e-commerce application in AWS to give customers an online option for selecting and purchasing steel products. With this move, however, came the need to ensure security for these important cloud assets. Prisma Cloud provided the perfect answer.
“Because we’re upping the ante in the cloud, we needed a way to look at the security posture of what we have running in AWS,” Ainscow says. “The e-commerce application is provided by a third party, and we otherwise would have no idea what they’re doing. They could create security groups or add other things that aren’t configured to our standards. Prisma Cloud gives us oversight of what is happening with applications in our AWS environment, and it provides assurance that they are conforming to our policies. In one screen, I can see exactly what our security posture is in the cloud. It’s visibility we never had before.”
Ainscow further points out, “If the business decides to run another application in a different cloud platform, Prisma Cloud will give us that same visibility. That’s really important to me. Wherever we go in the cloud, I’ll be able to see all those issues in one place.
“Because we’re upping the ante in the cloud, we needed a way to look at the security posture of what we have running in AWS,” Ainscow says. “The e-commerce application is provided by a third party, and we otherwise would have no idea what they’re doing. They could create security groups or add other things that aren’t configured to our standards. Prisma Cloud gives us oversight of what is happening with applications in our AWS environment, and it provides assurance that they are conforming to our policies. In one screen, I can see exactly what our security posture is in the cloud. It’s visibility we never had before.”
Ainscow further points out, “If the business decides to run another application in a different cloud platform, Prisma Cloud will give us that same visibility. That’s really important to me. Wherever we go in the cloud, I’ll be able to see all those issues in one place.
"Prisma Cloud gives us oversight of what is happening with applications in our AWS environment, and it provides assurance that they are conforming to our policies. In one screen, I can see exactly what our security posture is in the cloud. It’s visibility we never had before."
Sam Ainscow
Head of IT Operations and Chief Information Security Officer, Barrett Steel
Continuing to evolve with greater automation and orchestration
Looking toward the future, Barrett Steel is continuing to evolve its security strategy, including evaluating additional investments in security with Palo Alto Networks. Ainscow foresees additional phases in his Zero Trust model, next closing client-to-client communications on the same network, only allowing clients with a specific business need to connect based on User-ID.
“Lateral movement on clients is one of the biggest security holes you can have,” Ainscow says. “If someone clicks on a malicious link and our tools don’t pick it up, we don’t want that client to talk to anyone else and spread the problem.”
Ainscow is also evaluating ways to enable greater automation, particularly for detection and response—both in the cloud using Prisma Cloud and across the enterprise—with Cortex™ XSOAR, Palo Alto Networks extended security orchestration, automation, and response offering. It all comes back to recognizing security as a key business enabler, preventing cyberattacks from disrupting the business, and strengthening the company’s competitive position when pursuing business and expanding into new markets.
Ainscow concludes, “We’ve seen a number of our competitors suffer really serious issues. The fact that we have been able to run and grow our business without any major security issues is in large part because of the strong security posture we’ve taken by investing in solutions from Palo Alto Networks.”
“Lateral movement on clients is one of the biggest security holes you can have,” Ainscow says. “If someone clicks on a malicious link and our tools don’t pick it up, we don’t want that client to talk to anyone else and spread the problem.”
Ainscow is also evaluating ways to enable greater automation, particularly for detection and response—both in the cloud using Prisma Cloud and across the enterprise—with Cortex™ XSOAR, Palo Alto Networks extended security orchestration, automation, and response offering. It all comes back to recognizing security as a key business enabler, preventing cyberattacks from disrupting the business, and strengthening the company’s competitive position when pursuing business and expanding into new markets.
Ainscow concludes, “We’ve seen a number of our competitors suffer really serious issues. The fact that we have been able to run and grow our business without any major security issues is in large part because of the strong security posture we’ve taken by investing in solutions from Palo Alto Networks.”
Share this story
