Automotive
From Garage to Grid: How Cato Networks Connects and Secures the TAG Heuer Porsche Formula E Team
The IT leadership of TAG Heuer Porsche Formula E Team shares insights about the value of a platform, Cato XDR, Cato DLP, and more.
“I’d definitely give Cato the pole position. I can honestly say Cato does a remarkable job making networking and security much, much better.” — Michael Wokusch, senior IT product manager for Porsche Motorsport.
Moving at speeds up to 320 Km/h, sleek, aerodynamic Gen 3 Formula E racecars slice through city circuits, combustion engine roar replaced by the high-pitched whine of arguably the most advanced electric motors in the world. The vibrant, thrilling spectacle that is Formula E is taking center stage yet again as the industry hurdles into Season 10.
Last season, Cato was selected to secure and connect the TAG Heuer Porsche Formula E Team with their cloud and on-premises applications and race engineers in Weissach, Germany. This season that relationship has only matured and includes even more Cato capabilities.
With a season spent running Cato SASE Cloud, where would the IT team behind the TAG Heuer Porsche Formula E Team place Cato? “I’d definitely give Cato the pole position,” says Michael Wokusch, senior IT product manager for Porsche Motorsport. “I can honestly say Cato does a remarkable job making networking and security much, much better.”
“Depending on your stack, mid-size enterprises easily have two full-time people doing only networking and network security. Or, you can run Cato and have one person handling the network and doing security on the side,” he says.
Formula-E: The Ultimate IT Challenge
Behind the thrilling speeds and split-second race decisions of Formula E lies an enterprise security and networking stress test like no other. There’s the security challenge: An event as high-profile and technology centric as Formula E with a brand like Porsche Motorsport makes for an enticing cyber target. The attack doesn’t need to penetrate defenses; disrupting communications with a denial of service (DOS) would be disastrous. But with only one IT person at a race event, TAG Heuer Porsche Formula E Team needed a security platform that was powerful, smart, and simple to operate.
Then there’s the logistics challenge. Formula E races (16 events in season 10) happen globally, often in remote regions with limited infrastructure. Shipping lots of equipment isn’t an option. “Every kilogram saved on freight saves on costs and reduces emissions,” says Friedemann Kurz, Head of IT at Porsche Motorsport. “It’s like a race car. The lighter the race car, the more agile it can be. So, too, with IT. The less equipment we ship, the more agile we can be.”
“It’s like a race car. The lighter the race car, the more agile it can be. So, too, with IT. The less equipment we ship, the more agile we can be.”
Kurz and his team rely heavily on the cloud to reduce local footprint. “Less equipment means lower shipping costs, faster deployment time, and less emissions. Every kilogram we save in shipped equipment saves on carbon emissions,” he says.
The teams arrive at the location 2-3 days before the event. They only have a few hours to build the race garage and IT infrastructure before the cars arrive. “It’s why it’s so important to have streamlined IT infrastructure and operation. Onsite at the racetrack is just one person, and that person needs to monitor the deployment, pack it down, and do it all over again,” says Kurz.
If parts need to be changed, that also needs to happen within those initial hours. All to get the cars on the track to collect as much information as possible so the race engineers can optimize the car software and, more specifically, its energy consumption. “Calculations need to be done in a very short time frame, and a stable network is essential to that goal,” says Kurz.
“Calculations need to be done in a very short time frame, and a stable network is essential to that goal,”
Finally, there’s the networking challenge. Race regulations restrict Formula E teams to 50 Mbps Internet connections. Across that narrow connection, the IT department supporting TAG Heuer Porsche Formula E Team had to run application sessions carrying telemetry data during testing, file synchronization between the local NetApp server and the cloud, video sessions for remote race engineers to see what’s happening at the track, and voice for communications.
Quality of service policies are essential for ensuring applications get the necessary throughput, which is made all the more critical given the Internet connection. The high packet loss and unpredictable public Internet routing limit the connection’s throughput. (For example, at 200 milliseconds of latency and 1% packet loss, theoretical TCP throughput would drop to about half a megabit.)
“If you’re on the other side of the world, well, you can imagine the user experience. It was terrible when we ran over the Internet,” says Wokusch. “File synchronization between servers and racetrack alone could occupy the local bandwidth.”
Cato Answers the TAG Heuer Porsche Formula E Team Security Challenge
To meet those challenges, the IT department behind the TAG Heuer Porsche Formula E Team turned to Cato. At each race event, the team deploys a Cato Socket, Cato’s edge SD-WAN device. The half-u Socket is so small it can sit on a shelf. With the Socket and cloud resources, IT travels light. “This season was the first time that we traveled without a server rack,” says Kurz. “Everything we needed is built into our [garage] walling. It’s super slim.”
During season 9, the team ran Cato in hybrid mode, connecting their local equipment to a Cato Socket and a dedicated connection for an IPsec tunnel. After seeing the reliability of Cato, the TAG Heuer Porsche Formula E Team has gone 100 percent Cato. “It’s looking good. We are more than happy,” says Wokusch.
All traffic from the TAG Heuer Porsche Formula E Team is sent through the Cato Socket to the Cato PoP, where networking and security policies are applied, and the traffic is forwarded either across the Cato backbone to the Cato PoP closest to the traffic’s destination or onto the Internet. Every Cato PoP runs the Cato Single Pass Cloud Engine (SPACE), the core security engine of Cato, converges multiple network security functions for flow control and segmentation (NGFW), threat prevention (SWG, IPS, NGAM, DNS Security, RBI), application and data protection (CASB, DLP, ZTNA), and threat detection and incident response (XDR and EPP) into a cloud-native software stack. Cato has autonomous systems and processes sustaining the evolution of service capabilities, resiliency, optimal performance, scalability, global reach, and security posture, requiring no additional customer IT involvement.
The Cato SASE Cloud built-in multi-segment optimization dramatically improves the throughput of the last-mile connection. “Our applications perform better because our network is better with Cato. The average packet loss is now below 1 percent. With the Internet, 5 percent packet loss was normal,” says Wokusch.
With Cato’s application analytics, Wokusch could identify the most popular applications and start by optimizing them first. As a result, users are having a much better experience. “Complaints about the network decreased once we deployed Cato,” says Wokusch. “From an IT perspective, we saw the biggest change by far in file transfer, but applications in general are loading faster and are more responsive.”
“From an IT perspective, we saw the biggest change by far in file transfer, but applications in general are loading faster and are more responsive.”
Cato Answers the TAG Heuer Porsche Formula E Team Security Challenge
Formula E drivers rely on a detailed dashboard of dials and digital readouts embedded in their steering wheels to drive their cars. “Cato is the steering wheel for our infrastructure,” says Wokusch. “At a glance on the Cato management console, I can understand everything I need to know to drive my network and security infrastructure.”
To keep an eye on security threats this season, the team relies on Cato XDR. “The great thing about the Cato XDR dashboard is the visibility to trace events end-to-end,” says Wokusch. “Cato already showed us two potential threats and blocked them, threats that would have been missed otherwise by the rest of our security measures. That was excellent.”
But what most impressed Wokusch was what Cato XDR didn’t do. “I’m amazed about the lack of false positives. I haven’t seen a single one.”
“Cato accurately identified and classified typical Internet security scans as ‘low impact,’ he says. “We also had two events where somebody tried to download a legitimate application from a non-official mirror on the Internet, and, on one occasion, the application contained a bot. Cato immediately recognized it and flagged it for us.”
Cato XDR makes security simple for IT pros to work with. “It’s super easy to follow up. You don’t need to be a security expert to follow the dashboard and stories, so that’s cool. And when you need to deep dive into a topic, you can still do it because you have every event stored,” he says.
“It’s super easy to follow up. You don’t need to be a security expert to follow the dashboard and stories, so that’s cool. And when you need to deep dive into a topic, you can still do it because you have every event stored,”
Cato Makes Restricting Access Policies Possible and Easy to Implement
Intuitive and granular event filtering enables IT to improve security posture by creating precise ZTNA policies. “Now, we can easily generate access policies that open applications to users based on facts and not just on our instinct,” he says.
A TAG Heuer Porsche Formula E Team user wanted to run a particular software package. “We looked up the application in the Cato Application Library and got an excellent summary of the compliance and security measures that needed to be taken,” he says.
“We could see the application gave users two options for connecting the software client to the backend. One approach is SSL encrypted, which was fine, but a second option allowed the software client to establish an unencrypted connection. If the user makes a mistake and doesn’t click the SSL checkbox, they could share credentials in the clear. For us, that would be absolutely a no-go.”
Wokusch defined a very granular firewall rule that only allowed encrypted transfers. “It was fast. It took us about 10 minutes to see the communications flow and then build the firewall rule,” he says. “With some of the other solutions we’ve seen, it would not have been so easy. We would have had to allow or block the whole service entirely.”
Better security doesn’t just reduce risk. It also changes the IT posture towards the enterprise. With Cato DLP, for example, Wokusch says IT can be more accommodating and flexible because of Cato’s improved controls. “We can say to our users, “Okay, we do have our sanctioned online storage apps, and we prefer to use them, but if you want access to your online storage app, that’s fine. I can let them access them and download files knowing that with Cato DLP, I can block any sensitive uploads.”
Empowering Local Teams Without Compromising Corporate Policies
Empowering drivers to make decisions helps them be nimbler and win races. Empowering local IT teams to make their own decisions is no different. With Cato, the TAG Heuer Porsche Formula E Team IT department is more agile and addresses new challenges faster while adhering to Porsche IT policies.
“If a router rule needed to be configured, we needed our counterpart in central IT to take that action. With Cato, we can add the firewall rule ourselves. We do more in less time without more people.”
Another example is remote access. “Previously, we would need to request an official Porsche remote access setup with a Porsche laptop, a PKI card, and the whole end-to-end toolchain. It could take months.” Now, we can connect them with Cato and restrict their access to the two applications they need to use, and once they’re done, easily remove them.”
Winning the Formula E Car and IT Race
Many sectors may lack the allure of motorsport, but the lessons from Formula E remain. Everyone needs to improve security posture without increasing headcount. Everyone needs a reliable, predictable network for mission-critical data and cloud transformation. Supporting drivers hurtling around a track at heat-stopping speeds may not be every IT team’s call, but that doesn’t take away from meeting the demands of executives and users in any business. “Sure, our business might be higher profile than some, but our IT challenges aren’t all that different,” says Wokusch. “If you’re facing anything like we’ve seen, all I can say is give ‘Cato a shot.’ You won’t regret it.”
“Sure, our business might be higher profile than some, but our IT challenges aren’t all that different,” Give ‘Cato a shot.’ You won’t regret it.”
To see how you can take Cato for a test drive, click here.
