Forward-thinking companies with long histories embracechange to grow their businesses, moving from brick-and-mortar to e-commerce.Incentives are compelling, but they?re transacting more and more business in anincreasingly dangerous environment in which cyber-criminals use sophisticatedattack tools to circumvent defenses.
Brady Distributing is one of these companies: A family-ownedbusiness since 1944 and the second largest seller in its market, it servescustomers such as homeowners who have arcade-style game rooms, along withstreet operators and large family entertainment centers.
We faced a conundrum: how to safely grow our online businesswhile our users and networks were continuously compromised by malware andstressed by attacks. Incessant malware infections, botnets and the growingspecter of distributed-denial-of-service (DDoS) attacks threatened our data,operational efficiency and business continuity.
We concluded that investing in an intrusion preventionsystem (IPS) would be critical to protect our business as we continue to growour Internet presence. We face a familiar problem: a relatively small companyin terms of employees (about 80), a modest IT staff, and a significant,expanding online business to maintain and protect.
Our three remote offices in Memphis, Tenn., Orlando, Fla.,and Miami connect back to our Charlotte, N.C., headquarters through aMultiprotocol Label Switching (MPLS) network and Citrix gateway. So, we have asingle point of policy enforcement and security control. That?s the good news.
The bad news is that our security investments, oncesufficient, were falling short. The firewall on our MPLS network is severelylimited in its ability to detect attacks that ride into the network withlegitimate traffic on port 80 (HTTP). Our URL content filtering has value foruser productivity and enforcing acceptable use policies, but is limited as asecurity tool. It?s a game of whack-a-mole: There are far too many malicioussites.
We have antivirus protection, but our computers continue tobe infected by malware, particularly in our remote offices, where we havelimited visibility and less control over how our users interact with email,Websites and social media. Antivirus tools can fail against malware that usesadvanced obfuscation, polymorphic techniques and sheer numbers: 20 millionunique malware samples in 2010. Malware also eats up IT staff time that shouldbe focused on tasks that enable the business.
We are committed to protecting customer data as a bestpractice. The damage to our brand reputation and the cost of a major databreach (an average of $7 million per breach, according to the PonemonInstitute) would be enormous.
We knew that an intrusion prevention system on our MPLSnetwork would provide strong protection against these threats, so weestablished evaluation criteria to determine which IPS best met ourrequirements for strong, automated security. We eventually chose and deployedthe Corero IPS. Each organization?scriteria may vary based on its IT andbusiness environment, but these standards should be fundamental for mostcompanies:
? Effective detection and blocking of malware and botnets:Malware is our most significant security issue.
? Protection against known vulnerabilities: More than 4,000new vulnerabilities were assigned to the common vulnerabilities and exposures(CVE) database in 2010.
? DDoS defense: We?ve mostly seen the traditional Syn(synchronize) floods (a form of denial-of-service attack), but are alsoconcerned about the hard-to-detect application-layer attacks. In addition tocriminal extortion, ?hacktivists? are using DDoS as a response to whateveraffront they perceive.
? High throughput and low latency: An IPS sits in-line?a?bump in the wire??so it must be completely transparent on the network, andmust in no way affect online transactions and traffic to remote offices.
? Reliability: We cannot afford a network security systemthat fails?nor the time and staffing to deal with failure.
? Strong support: We require demonstrable expertise, resourcesand commitment to the customer in order to respond immediately and effectivelyin case of attacks or product issues.
? Easy deployment, minimum management overhead: We haveneither the time nor the IT resources to engage in prolonged installation and ?tweaking?for our environment. The IPS tool should need minimal management time once itis deployed.
? Visibility: We need the ability to easily monitor attackactivity and verify that it has not spread through the network.
? Audit and reporting: We need reports that enable us tocommunicate with management, address operational/security issues, conductforensic investigations and meet audit/compliance requirements.
? Our decision to deploy an IPS has resulted in far fewerinfections: On average, we?re down to only one every two months, compared withfour per month in the past. Plus, we invest only one hour a month on themanagement effort. We?re now preparing to expand our online presence, withconfidence, knowing that we?re well-positioned to protect our business and ourcustomers.
Rick Baird is manager of Brady Distributing?s IT department.
