National Restaurant Association Serves Up Security

As the world’s largest advocacy group for the food service industry, the National Restaurant Association’s high profile puts it at risk for cyberattacks. With an eye on the future, the nonprofit, which supports nearly 500,000 restaurant businesses, is adopting top-tier technology to grow and safely serve its members.

The National Restaurant Association is a leading provider of food safety education to the food service industry through its ServSafe Food Safety Training Program. The program, which has recently gone online, has certified more than 4 million food service professionals through its Food Protection Manager Certification Exam. Activity on the association’s e-learning platform has been growing by 9 percent annually. In 2014, nearly 1 million students used the online system.

When CIO Ed Beck decided it was time to take IT security to the next level, he won immediate support from the association’s top executives.

“Everything we do with technology is wrapped around our business and better serving our customers,” Beck says, noting that the organization handles (but does not store) credit card numbers, personal identifying information and confidential member data. “How do we ensure a consistent flow of customers to our websites? By ensuring that people and the businesses they work for feel safe interacting with us. We’re always going to do everything we can to give them that peace of mind.”

The association has long met the industry standards for network security, but Beck became alarmed by recent attacks on major retailers. He decided that the increasingly aggressive threat environment required that his organization proactively upgrade to a security solution based on the framework set by the National Institute of Standards and Technology.

“Ultimately, we were looking for a way to better defend against advanced persistent threats [APTs],” Beck says. “Beyond viruses and malware, these are things that can compromise and take down a network.”

Beck and his IT team decided to make a significant investment in a top-tier, enterprise-grade solution that included three FireEye NX4000 security appliances and the IBM QRadar security and information event management (SIEM) system.

Setting a Foundation

When Beck took the helm of the IT team at the National Restaurant Association in 2012, upgrading security topped his to-do list. Before he could move forward, though, he needed to bolster the organization’s underlying IT infrastructure.

The National Restaurant Association’s first step was to set up a new colocation facility to bolster its disaster recovery capabilities. They then upgraded the association’s networks in Chicago and Washington, D.C., adding Cisco UCS blade servers, Check Point firewalls, Cisco Catalyst switches, Nimble storage and additional bandwidth in order to better serve the growing number of online customers.

In early 2014, Beck and his team began researching options for a beefed-up security solution. Their requirements were specific: Not only did the tools need to detect, locate, manage and secure APTs, but they also had to be compatible with VMware and easy to use.

Beck chose what he considered to be a strong one-two punch: FireEye and IBM QRadar. The FireEye Network Detection System is a game changer in network security because it prevents, detects and responds to network-based, zero-day exploit attempts. It also defends against web drive-by downloads and advanced malware attacks.

These types of attacks can easily and silently bypass conventional defenses, which detect threats only by their signature. By contrast, FireEye relies on routinely updated virtual data analyses to identify and block new types of malicious threats — the first time it detects any abnormal code or process.

“FireEye is as close as you can get to removing all doubt that you’re fully protected, from a malware perspective, because it’s beyond firewalls and all the conventional defenses most people usually have,” says CDW Security Specialist Chad Morris. “It’s really the industry standard today.”

The QRadar SIEM system complements FireEye by providing Beck and his team with real-time visibility into log data from servers, firewalls and other components, and includes alerting capabilities. “QRadar allows us to quickly respond if FireEye finds a problem, and it also helps us improve our ability to shift and adjust performance,” says Beck, noting that he chose QRadar from several leading products because its interface works well in a VMware environment.

Gaining Business Benefits

Morris characterizes the new security solution as “forward thinking” and “full-bore.”

“The two products together provide them with a far more effective threat management capability because they can see everything for all different egresses, from all aspects of their environment,” he explains. “Each magnifies the value of the other.”

Reducing Risk

Last summer, the National Restaurant Association installed a FireEye NX4400 appliance at each office and at the colocation facility, or as Beck describes it, “each point of the perimeter.”

The FireEye appliances were almost plug and play, but the QRadar system involved a steeper learning curve, “mainly because there’s so much data now being collected,” Beck notes.

“Obviously, the well-publicized IT security issues throughout industry were of great concern to us,” says Marvin Irby, the National Restaurant Association’s chief administrative and financial officer. “Our members and customers expect that their information is managed with the highest degree of integrity. I was pleased to enhance our capabilities in that area.”

Since putting the new solution in place, the National Restaurant Association has enjoyed a marked reduction in risk, while gaining an understanding of how pervasive security threats are today.

“You can’t fight what you don’t know, and hidden threats are, in my opinion, the single largest threat to everyone,” Beck says. “But from the moment we installed this solution, it began to highlight more than just the threats we need to react to — it also helped us to proactively seek out and go after potential threats.”

The solution also helps the IT team train employees and customers about the risks inherent in working online. Beck cites an example: Employees see and decide to click on an ad promising a free cup of coffee; the ad probably is a phish, but it could also contain an APT.

“The moment they click on it, the system automatically alerts us and quarantines their system,” Beck explains. “Now, we can go in and talk to them: ‘Look at what could have happened if FireEye had not caught this.’ So hopefully, they’ll learn from that and modify their behavior in the future.”

Reassuring Members

The association’s decision to invest in a top-tier security solution is already providing returns. An enhanced security solution also acts as a differentiator in the marketplace. Although the National Restaurant Association is a high-profile nonprofit organization, it still competes with other associations and food safety certification firms for customers.

Security is fast becoming a top criterion for every major service and retail business employing the association’s services, says Beck.

“More and more, if your partners and customers want to know about your total security level, and if you’re not where they think you should be, they do not want their employees on your system,” Beck says. “They’re not only looking for a product that gives them the best value but also the least risk.”

With its new security solution now in place, the National Restaurant Association can assuage any concerns its customers may have. “We can say to a very large customer, ‘Not only are we PCI secure, but we went beyond that to put in place a top-tier security solution and processes,’ and then talk about what we do and how we do it,” Beck explains. “This helps them see the value we bring to the table from a security standpoint.”