“We knew there was a problem, but we were blind to it,” says John Dickson, director of IT infrastructure at Republic National Distributing. “Suddenly, our vision was restored.”

Mar 08 2016

New Security Threats Require Deeper Network Visibility

With cyberthreats evolving, businesses must adopt network solutions to monitor suspicious traffic.

Networks face constant threats. Now more than ever, networks carrying important billing, sales and communication data are coming under attack in an increasingly unpredictable threat environment.

For some small and medium-sized businesses, adequately protecting the network might seem too complex or expensive. But reality dictates that SMBs increasingly face cybercriminal attacks as larger enterprises build less penetrable defenses.

Unfortunately, some business leaders may not truly appreciate the value of a secure network until after an attack occurs and operations grind to a halt.

Call the IT Worm Exterminator

John Dickson, director of IT infrastructure for wholesale beverage distributor Republic National Distributing, still remembers the fastest purchase approval he’s ever received.

In 2009, the Conficker worm had been wreaking havoc on the company’s IT systems for weeks. “It wasn’t shutting us down, but it was really hampering production,” Dickson recalls.

Among other problems, the virus was attacking warehouse automation systems, locking up conveyers and causing multihour delays. Dickson and his team were able to put out the virtual fires as they popped up, but they weren’t able to determine which systems were generating the attacks. They couldn’t adequately predict what the worm would do next or stomp it out.

Dickson needed to find a product that could identify the sources of the infection. After testing multiple vendors, few offered tools that gave Dickson the level of network visibility he wanted. Then, he demoed Trend Micro’s Threat Discovery Appliance (the predecessor to Trend Micro Deep Discovery, which Republic National uses now). The product allowed Dickson to see into the furthest reaches of his network.

“I had all of the sources of the attack identified within an hour,” says Dickson. “Within a couple of hours, we had Conficker under complete control. People had been literally working around the clock, and it was just like this sudden weight was lifted off of us.”

That purchase approval took about 10 minutes. “We knew there was a problem, but we were blind to it,” Dickson says. “Suddenly, our vision was restored.”

The Bigger Picture for IT Security Success

Before the attack, Dickson says, Republic National had “a lot of perimeter controls,” but very little in the way of network visibility.

“Conficker really proved that was just inadequate,” he says. “We thought we were doing a pretty good job of keeping machines up-to-date and patched, but the virus found machines that weren’t, and it really caused a lot of mayhem.”

Since the event, Dickson has strived to implement a more robust and well-rounded set of security systems that, taken together, provide the visibility missing before.

Hayes el punto

“We started building a technology security infrastructure around visibility and control,” he says. “There’s a lot more intelligence in the system, it isn’t just signature-based security, but intelligent systems that can spot anomalous behavior in the network. We also deployed more managed services, where we have more eyes and ears on the security situation, rather than relying solely on an 8-to-5 staff.”

The Deep Discovery appliance has sandboxing capabilities that help Republic National identify malware.

In one case, the appliance detected a botnet that breached the company’s next-generation firewall. The company used information about the botnet’s activity to create a custom block list that prevented additional unwanted traffic from getting into the network.

Security Integration and Coordination Matter

Robert Westervelt, a research manager in IDC’s Security Products group, advises companies to take a comprehensive approach to network security. Perimeter security alone isn’t enough, he says. “You need a firewall, but you also need to have some kind of endpoint security solution in place,” he says. “We’re talking about solutions in addition to a signature-based approach. There are reputation-based approaches. There’s blacklisting and white listing.”

Even organizations with a strong network security system may have trouble detecting and responding to threats if the different pieces aren’t integrated well, Westervelt says.

“The biggest issue right now is we have siloed security systems that aren’t talking to each other. Organizations need to pull those pieces together, and that’s what some of the modern solutions coming to market are doing.”

Small Business Security Concerns

The budgets of many small organizations prevent large investments in cybersecurity, but there are also advantages to working in an environment with fewer assets to protect, says Dennis Reist, who helps small businesses with cybersecurity and other IT efforts as owner of D&J Consulting in McKeesport, Pa.

One of his clients, Skyline Pittsburgh, which creates trade show displays, protects its network with Symantec Endpoint Protection, a WatchGuard Firebox firewall and other software.

Even with those few solutions in place, Reist says, malicious traffic coming into the company’s network is “pretty limited.”

“Any malicious document that comes in, the firewall says, this is from a bad site, or it’s coming in an abnormal way, or they’re trying to hack in,” Reist says. “Then, Symantec Endpoint Protection says, we’re scanning this document, there’s something wrong with this email.”

While small and medium-sized business can protect their networks without the resources of larger organizations, they still must deploy resources strategically and regularly update equipment.

Nick Pannoni, IT director for Ophthalmic Consultants of Boston, has seen firsthand how difficult it can be to glean meaningful security information from a hodgepodge of older, non-integrated systems.

When he started with the company eight years ago, he says, the security infrastructure was “a nightmare.”

“There had been no cycling of network security devices in any of the nine locations,” Pannoni says. “We were using anything from off-the-shelf hubs to a mish-mash of different firewalls. We had no way, because of the multiple vendors, to be able to monitor them.”

Pannoni upgraded the company’s security, and ultimately opted for Fortinet FortiGate 60 firewalls to replace the out-of-date and mismatched existing firewalls.

When it was time to replace those, he stayed with Fortinet, upgrading to FortiGate 200s. He says he likes the easy-to-use interface, and the security partner monitors product performance.

“The user interface is a big piece of it,” he says. “At a small company, you want to be able to make changes quickly and do it with ease.”

Ryan Gibson

Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.