Protecting an Online Business Investment
Forward-thinking companies with long histories embrace change to grow their businesses, moving from brick-and-mortar to e-commerce. Incentives are compelling, but they’re transacting more and more business in an increasingly dangerous environment in which cyber-criminals use sophisticated attack tools to circumvent defenses.
Brady Distributing is one of these companies: A family-owned business since 1944 and the second largest seller in its market, it serves customers such as homeowners who have arcade-style game rooms, along with street operators and large family entertainment centers.
We faced a conundrum: how to safely grow our online business while our users and networks were continuously compromised by malware and stressed by attacks. Incessant malware infections, botnets and the growing specter of distributed-denial-of-service (DDoS) attacks threatened our data, operational efficiency and business continuity.
We concluded that investing in an intrusion prevention system (IPS) would be critical to protect our business as we continue to grow our Internet presence. We face a familiar problem: a relatively small company in terms of employees (about 80), a modest IT staff, and a significant, expanding online business to maintain and protect.
Our three remote offices in Memphis, Tenn., Orlando, Fla., and Miami connect back to our Charlotte, N.C., headquarters through a Multiprotocol Label Switching (MPLS) network and Citrix gateway. So, we have a single point of policy enforcement and security control. That’s the good news.
The bad news is that our security investments, once sufficient, were falling short. The firewall on our MPLS network is severely limited in its ability to detect attacks that ride into the network with legitimate traffic on port 80 (HTTP). Our URL content filtering has value for user productivity and enforcing acceptable use policies, but is limited as a security tool. It’s a game of whack-a-mole: There are far too many malicious sites.
We have antivirus protection, but our computers continue to be infected by malware, particularly in our remote offices, where we have limited visibility and less control over how our users interact with email, Websites and social media. Antivirus tools can fail against malware that uses advanced obfuscation, polymorphic techniques and sheer numbers: 20 million unique malware samples in 2010. Malware also eats up IT staff time that should be focused on tasks that enable the business.
We are committed to protecting customer data as a best practice. The damage to our brand reputation and the cost of a major data breach (an average of $7 million per breach, according to the Ponemon Institute) would be enormous.
We knew that an intrusion prevention system on our MPLS network would provide strong protection against these threats, so we established evaluation criteria to determine which IPS best met our requirements for strong, automated security. We eventually chose and deployed the Corero IPS. Each organization’scriteria may vary based on its IT and business environment, but these standards should be fundamental for most companies:
• Effective detection and blocking of malware and botnets: Malware is our most significant security issue.
• Protection against known vulnerabilities: More than 4,000 new vulnerabilities were assigned to the common vulnerabilities and exposures (CVE) database in 2010.
• DDoS defense: We’ve mostly seen the traditional Syn (synchronize) floods (a form of denial-of-service attack), but are also concerned about the hard-to-detect application-layer attacks. In addition to criminal extortion, “hacktivists” are using DDoS as a response to whatever affront they perceive.
• High throughput and low latency: An IPS sits in-line—a “bump in the wire”—so it must be completely transparent on the network, and must in no way affect online transactions and traffic to remote offices.
• Reliability: We cannot afford a network security system that fails—nor the time and staffing to deal with failure.
• Strong support: We require demonstrable expertise, resources and commitment to the customer in order to respond immediately and effectively in case of attacks or product issues.
• Easy deployment, minimum management overhead: We have neither the time nor the IT resources to engage in prolonged installation and “tweaking” for our environment. The IPS tool should need minimal management time once it is deployed.
• Visibility: We need the ability to easily monitor attack activity and verify that it has not spread through the network.
• Audit and reporting: We need reports that enable us to communicate with management, address operational/security issues, conduct forensic investigations and meet audit/compliance requirements.
• Our decision to deploy an IPS has resulted in far fewer infections: On average, we’re down to only one every two months, compared with four per month in the past. Plus, we invest only one hour a month on the management effort. We’re now preparing to expand our online presence, with confidence, knowing that we’re well-positioned to protect our business and our customers.
Rick Baird is manager of Brady Distributing’s IT department.