The Boston Celtics' New Malware Point GuardBy Doug Bartholomew | Posted 2008-01-03 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
The franchise that won the most nba championships was getting beaten by viruses punching through its defenses. The solution? A gateway appliance that double-teams malware without impacting network or client performance.The franchise that won the most NBA championships, the Boston Celtics, was getting beaten by viruses punching through its defenses. The solution? A gateway appliance that double-teams malware without impacting network or client performance.
The Problem: With malware and spyware infecting the team's laptops and causing cascading problems across the network, the Boston Celtics needed a way to protect coaches' and scouts' laptops as well as the overall infrastructure.
The Details: The team's coaches and scouts are on the road at away games 40 or more times each season, signing onto the Internet and connecting to the sports organization's network from hotels, airports and other public sites. Managing these road warriors' laptops became a constant headache, especially when trying to stop unseen enemies from penetrating their defense.
"We have a lot of machines on the road, and when our people are in hotels their machines pick up all sorts of nasties," says Jay Wessel, the team's vice president of technology. "When they brought their laptops back to the office the things they picked up would drag down our network."
Wessel and one other IT professional manage a fleet of about 100 laptops issued to staff, including coaches, scouts, and sales, marketing and finance employees. Spyware was affecting the accessibility and performance of the Celtics' proprietary statistical databasecreated with Microsoft SQL Serverwhich the coaches use to prepare for each game. What's more, Wessel and his colleague were overwhelmed with requests to detect and remove spyware from employees' PCs.
The Celtics previously had used an Aladdin eSafe security gateway, along with Webroot Spy Sweeper, but PC performance had been impacted to the extent that a video-editing suite used for scouting new players could only be employed after the antispyware solution had been temporarily removed. The system also "blocked things it shouldn't be blocking," Wessel says. "People don't have to be doing anything particularly bad to pick up this stuff, but to stop it we needed something less intrusive that would still do a good job."
The Context: Most organizations face the same problemthey just haven't done much about it. "It's a big problem and not many organizations have protection against it," says Peter Firstbrook, research director at Gartner Group. Complicating matters is the fact that many antivirus solutions tend to slow users' ability to swiftly browse the Web, effectively degrading their experience and productivity.
The Solution: The Celtics elected to go with Mi5 Networks' Webgate security appliance. The device sits between the sports organization's corporate firewall and network, where it detects and reports both inbound and outbound spyware. Webgate stops spyware from getting into the network and infecting other staff members' machines, while machines already infected are quarantined for remediation by the IT staff.
A Web security gateway, Webgate uses signatures and heuristics to perform multilayered traffic inspection. Wessel can use the system's executive summary screen to view a list of infected machines, internal botnet activity, remote attacks and spyware phone-home attempts. "Most malware authors evade detection by hopping ports," Firstbrook says. "Mi5 is a spanning port, and it looks for the characteristics of these threats as it monitors traffic."
"Our system stops malware at the edge of the network," says Doug Camplejohn, CEO and co-founder of Mi5 Networks, based in Sunnyvale, Calif. Webgate acts like a high-end network switch, he notes, passing good traffic through quickly but performing a deeper set of inspections on anything that could have a malicious payload. It not only stops an infected machine from connecting to the network, it also will block machines already infected with keyloggers and other nefarious data-gathering malware from "sending home" any data.
If a coach or assistant's laptop is infected at an away game, for instance, the staffer can continue to use the machine until he or she returns to the home office. "Infected machines aren't quarantined, but the machines will be blocked from sending any sensitive information outside to the spyware's home address," Wessel explains.
Webgate isn't the only security system in the Celtics' arsenal. Wessel also uses SurfControl (acquired by Websense) for Web filtering to block known malicious URLs. "It makes sure the machine cannot go there," he says.
The Results: Coaches and scouts on the road still occasionally pick up computer viruses, Wessel says, but this system blocks them. "If there is a problem with a laptop, it shows up as an infected client, and then I can take care of it," he explains. "It does a really good job on malware and spyware."
One of Wessel's goals was blocking out spyware before any of the infected laptops could introduce it to the team's network and affect other systems. Since installing Webgate, the Celtics' network has been free of spyware. Moreover, PC and laptop performance is up, and the network has become noticeably faster. Another benefit: calls to the IT help desk have fallen off sharply.