ÖAMTC: automobile club with over 2.3 million members

As Austria’s largest automobile club, ÖAMTC focuses on providing services for almost 2.3 million members. The club is the contact point for all questions relating to driving – both in everyday life as well as emergency situations – and it promotes the interests of its members. The ÖAMTC operates 115 bases, eight driving technology centres and 17 emergency medical helicopter locations throughout Austria. In 2019, the mobile breakdown service recorded almost 680,000 call-outs, the Schutzer emergency service helped more than 60,000 people in emergency situations at home and abroad, and Christophorus emergency rescue helicopters took off more than 18,900 times to save lives. In total, around 115,000 people completed training courses at the driving technology centres, where almost 4,000 employees are committed to supporting people and driving. In terms of IT, approximately 5,000 endpoints are used, with the majority of employees working on terminal servers, i.e. shared systems. One of the most important things for the ÖAMTC is ensuring that their endpoint solutions save resources, are platform-independent, can be combined with a network-based solution, and can talk to a platform such as FireEye Helix.

Complex IT challenges

The ÖAMTC is a very diverse association. Apart from the breakdown service, which is classically associated with the automobile club, it also encompasses many other areas such as air rescue, driving technique centres, insurance services, damage assessment, and even the Austrian camping club. These departments naturally have very different requirements in terms of their IT infrastructure, which means that all the different circumstances and possibilities have to be taken into account. Nevertheless, it is important to establish clear minimum standards within a common framework and to monitor them. IT systems for core services – such as the breakdown service, operations and deployment control, and the administration of the entire membership – are provided centrally, in addition to local IT infrastructure in the regional associations.

Christoph Pertl – IT Security Officer – ÖAMTC

Extensive IT security tasks

The tasks relating to IT security are divided into project-related and daily business. A  typical task for the operational area is evaluating security incidents that arrive via various systems. In most cases, these are not too problematic and many things are automated. In respect of the business side of things, most of the work is consulting services for specialist departments. The ÖAMTC also offers a number of modern services and relies on digitization: “Innovation and security must complement each other here, without creating the perception that IT security is a hindrance,” reports Christoph Pertl, based on his own practical experience.

As a result of the many available online services and the website, which regularly ranks among the top 15 most visited in Austria, as well as the high level of awareness surrounding the ÖAMTC brand, there is “background chatter” in the IT security sector. Christoph Pertl: “As with many companies, the main gateway into the company is e-mails that have dangerous attachments and links. We have been exposed to both phishing and direct attacks containing malicious code.”

The ÖAMTC attaches a great deal of importance to the training of its employees: “Every employee goes through a step-by-step programme that starts with the onboarding procedure and continues with awareness training, e-learning and targeted training for specialist departments, such as human resources or finance. “Targeted attacks are rare but “our absolute asset is the member data. For us, the great feeling we get from being at the club naturally also includes the safe and conscientious way in which we handle the data entrusted to us and protect it in the best possible way“ explained Christoph Pertl.

Desire for increased transparency and visibility

The general objective in the ÖAMTC IT Security sector was to improve options  based around response and visibility, even if the preventive approach used so far has worked satisfactorily. “That’s why I have long tried to bring together the possibility of a response and the topics of SIEM and services, which could be used as a basis to be built around, as well as looking to the possibility of a response and searching on the market for solutions”, said Christoph Pertl about his mission to find a suitable solution. However, classic SIEM (Security Information and Event Management) solutions have proven to be overkill for an association like the ÖAMTC. Many systems on the market offer services that include alerts, but no response. Ultimately, he found the advantages of FireEye’s portfolio of endpoint security, network security and the Helix security platform to be impressive: “In the end, the decision was made, knowing that the comprehensive know-how of the internationally active group FireEye was combined with IKARUS as a regional partner for implementation and service“, summarises Christoph Pertl. The idea of using an Austrian company in the security environment as part of the overall concept was viewed positively, especially since there are regional differences compared to the larger global world. Christoph Pertl describes his idea from a philosophical point of view:

“From an IT security point of view, the available environment should meet modern requirements for innovation, flexibility and stability. This only works if you can see what is happening so that you can take targeted measures. In terms of a purely preventative approach, I have to block what is dangerous, but if I invest in visibility, I can allow more, take a closer look, and therefore maintain control”.

With FireEye, you know that you have an international company behind you, which is equipped full of resources if necessary. We also find that cooperating with the IKARUS Service is very positive and reassuring because of their availability and flexibility. “To be able to have a direct contact person just a few hundred metres away, if necessary, is great”, explains Christoph Pertl.

Initial experience

Recently, we did actually have an incident. Through a previously used endpoint security solution that was planned to coexist and be in use, we analysed a file and received a warning that a Trojan was detected. Before the new solution was in place, we would have totally believed that the incident existed and manually tried to find out from other log sources where it came from. We wouldn’t have known if any damage had been done before and what that damage might have been. We would have had to manually scan affected systems using additional engines, and look at network log files to check whether connections to the outside world had taken place etc. This would have taken a long time and the result probably wouldn’t have been good”. As it was, some of the systems already had the FireEye Endpoint Client installed and so we were able to tell exactly whether any register keys were changed or processes were streamlined, and we quickly found out that there weren’t any issues reported a very happy Christoph Pertl.

Future plans

“It will be exciting,” concludes Christoph Pertl. “A lot has been invested in the last few years. Now all companies have to make savings depending on their situation, but especially given the current situation, we are hugely dependent on IT infrastructures. Otherwise, if you think about it, the ‘home office’ scenario wouldn’t have worked out so well. “Due to the current crisis, it is impossible to predict whether digitization will continue as rapidly after the crisis as it did before. But what is certain, is that the security of data, devices and production systems is more relevant than ever.