Fortune 500 Manufacturer Encrypts Global MPLS Network

Customer Situation

A U.S.-based Fortune 500 chemical manufacturing company realized their intellectual property, including new product schematics, formulas for new compositions, and other sensitive information was exposed to attack, compromise and theft. The Company was sending this information in clear text as it traversed multiple carrier networks to reach their facilities in China, Germany, Hong Kong, India, Japan, Singapore and the United States.

The Company leases a fully meshed MPLS network from a major U.S.-based service provider. However, given the global scale of the Company’s network, they were forced to utilize various third party carriers in each country to connect to their remote facilities. Because of the inconsistency in, or complete lack of, regulatory standards governing international data transmissions, these third party service providers introduced additional vulnerabilities to the data flow.

In order to eliminate these vulnerabilities and remove the risk of industrial espionage, the Company decided to encrypt their data across the entire network.

Solution Requirements

The Company required network-wide data protection without compromising performance. They specifically required a solution that could:

    • Encrypt the global network without performance degradation
    • Avoid network or router upgrades or re-architecting of any kind
    • Scale as the Company’s encryption needs grow
    • Be easily managed without being resource-intensive
    • Provide the U.S. headquarters with control over encryption policies and key generation and distribution

Network performance was a major concern for the Company as they run multiple real-time applications on an accelerated WAN. The Company also sends large volumes of data across their network to redundant sites within their multi-national network. These real-time communication applications are latency sensitive, where even a small amount of delay can disrupt them.

Due to the size of the network itself, upgrading routers was not an option for the Company. They required a solution that would fit within the existing architecture. The solution also needed to be flexible enough to grow in stages, from an initial deployment of approximately 30 sites to an eventual deployment of almost 300 sites.

Additionally, the solution had to address the need for centralized management and simple operation. The Company has several sites in remote locations that operate without technical resources or support. The solution needed to be straight-forward, so that successful installation and start-up could be completed with minimal support at each location.

Lastly, the Company required that the U.S. headquarters have complete control of the generation and distribution of the encryption policies and keys throughout the entire network. This would remove the risk of the keys falling into the wrong hands.

The Bidding Process

The Company researched the available encryption solutions and selected four vendors to evaluate. First, they considered a router-based solution. However, a router-based encryption solution would require network-wide router upgrades. In addition, they found that a router-based solution would add an unacceptable amount of latency into the network, disrupting real- time applications. The Company realized they needed a stand-alone encryption solution.

The stand alone approach utilized by the three remaining vendors offered similar encryption capabilities. The determining factor proved to be the requirement for ease of operation and management. Certes Networks offered the only product that met all of the Company’s requirements. Their policy and key management solution, along with their wire-speed encryption appliances, offered the ability to manage the Company’s network-wide encryption, as well as the following key benefits:

      • Simple encryption policy and key management
      • Intuitive interface for centrally managing net-work-wide policies and keys
      • Separation of security and networking functions
      • Scalability without complexity

No other vendor could deliver the flexibility, the manageability and the scalability offered by Certes Networks.


The Certes Networks solution was selected for the Company’s network. Each appliance was quickly configured at the Company’s U.S. facility and then shipped to its final destination. Once there, each appliance was placed in a rack, plugged in and turned on. From that point forward, all configuration and management was performed remotely from the U.S. facility.

When it came time to create the policies that would govern the encryption, the security administrator defined and deployed fewer than 10 encryption policies in the centralized management portal. The policies secured 30 nodes at 20 sites, protecting 50 subnets and nearly 12,000 IP addresses. The entire process took only a matter of hours.

The Company eliminated the risk of intellectual property theft and industrial espionage by deploying Certes Networks’ network-wide encryption solution.

The Results

The Certes Networks encryption solution is in place and operating as designed. The policy and key management solution and the encryption appliances are protecting the Company’s highly sensitive data throughout the fully meshed MPLS backbone network.

The Company was impressed by how easily the entire solution integrated into their existing network. The encryption appliances integrated transparently, without affecting the network applications, topology or performance. It allows their security personnel to manage the fully-meshed encrypted network from a centrally located workstation, without introducing complexity into the network.

The end result is one of the largest encrypted full mesh networks in the world. The Company no longer worries about the security of its business critical information as it travels over their multi-national network.

Want to learn more?

One of our team members would be happy to help!

Resources to help you learn more


Case Study

Multinational Manufacturing
Fortune 500 Manufacturer Encrypts Global MPLS Network.