Starting point. 

As a market-leading, international manufacturing company, CLAAS takes information security—and especially protection of customer data—very seriously. That’s why they have an IT security department and a security information and event management system that’s been in place for many years. This system had proved itself indispensable for many years, but through the company’s growth and internationalisation it was reaching its limits. What they needed was a powerful, growth-oriented solution for use worldwide. Flexibility was also important, because CLAAS expects to have to integrate many different systems in the future. There were also production and maintenance facilities all over the world and the increasing digitalisation of agricultural machinery to consider. In choosing a partner, it was key that CLAAS could build a long-term, trusting relationship.


Project objectives. 

The new system needed to be flexible and be able to quickly integrate other areas of application. The existing production facilities, global maintenance facilities and increasing digitalisation of agricultural machinery alone pose demanding requirements on such a system.


Against this backdrop, CLAAS was looking for a partner that could reliably work together with them in the long-term. As an existing partner that had worked with CLAAS for many years on their IT infrastructure and operation, Bechtle embraced this opportunity. CLAAS opted for the IBM QRadar SIEM system because QRadar is the market leader in security information and event management. IBM is also a leader in innovation due to the increasing integration of artificial intelligence with IBM Watson and the expansion of IoT devices. Together with IBM, Bechtle is able to provide the long-term partnership CLAAS had been looking for—with both local and global commitment leading to the partners IBM and Bechtle alongside service provider pro4bizz creating a scalable architecture that is based around the company’s current needs while offering a secure basis for future growth.



The IBM QRadar SIEM-System with event and flow monitoring is the heart of the new system. With its hundreds of Device Support Modules (DSMs), QRadar supports connection of many data sources out of the box, greatly reducing the work required to get them up and running. Many of the IBM QRadar SIEM System prefabricated reports are supplemented with individual evaluations. This fulfils the requirements of the GDPR, among other regulations. Any anomalies found are automatically expanded upon with further information and context. This information comes from the included QRadar Vulnerability Manager, the existing Vulnerability Management, and IBM X-Force Exchange*.


In order to meet the high correlation requirements of the millions of events and flows as well as the desire for longer retention times, Bechtle uses components from two appliances—the powerful, particularly quick QRadar 3148 in combination with the memory-rich 1429, enabling the console (GUI), event and flow processors to provide optimal service. An agile consultation, introduction and adaptation project with turnkey delivery in a manageable time-frame means that the system is ready-to-use quickly plus increased security for CLAAS.

Business benefits. 

With targeted in-house training for security employees,CLAAS is less dependant on outside influence. And with good preparation, the many out-of-the-box features from QRadar and the agile approach, the QRadar system replaced the old system on just the fourth day of the project (“Big Bang”). CLAAS now has a far more highly-performing, stable SIEM system that works in accordance with their wishes and will support future growth. The additional system performance plus the large storage space enable all events and network information to be created and evaluated. The security analysts now have a complete picture,


making CLAAS well prepared for future IT security management requirements such as protecting the production systems (SCADA) and machine data. The SIEM architecture implemented is scalable and can be expanded internationally. Events and netflows can be collected and evaluated locally with respect to any relevant local legislation and correlated and evaluated internationally.


CLAAS consciously manufactures in the countries their customers are based in—Germany, France, Hungary, the USA, India, Russia, and China. With the CLAAS E systems, CLAAS is paving the way for yet another important future-oriented field—the digitalisation of agriculture, bringing with it more IT security challenges.