Comprehensive Security Solutions Deliver Enhanced Protections

The Sophos solution offers enhanced visibility compared with its previous solution, which didn’t reliably provide alerts about potential viruses. Sophos also automates some work that would otherwise need to be performed manually.

“You don’t have to do a lot,” says Kaiser. “The MDM goes through and grabs the latest definitions, and it’s one of the things that’s reported on the back side. That’s one thing that’s by far easier: If you added an update with the previous system, you’d have to actually go into the system, push it out through the cloud client to people and hope they had it installed.”

The solution also provides ­capabilities that OmniTel, which receives some government funding, felt would resonate with auditors.“Every year, the auditors get more in-depth about how you protect customer data,” explains OmniTel Systems Administrator Trent Parker. “If we just say, ‘Oh, we installed three anti-virus programs,’ that doesn’t go so well. That was a big piece of why we wanted to go with a new solution.”

MORE FROM BIZTECH: Read how to avoid a security breach from the inside.

The Value of Combining Security Features

Opting for a combined security platform instead of separate firewall, endpoint protection or other products can provide some intuitive a­dvantages, says Christopher Kissel, a research director in IDC’s security p­roducts group.“There is so much that can be used to find indicators of compromise: packet entropy, role and rule violations, data loss, file integrity corruption, user behavior analytics such as unique port activity,” Kissel says. “Even if you can knit a fabric that pulls open-source and point products together, platforms give you a single pane of glass to work with and have internal algorithms that sift through the multiple indicators of compromise to try to produce a single version of truth, or at least reduce redundant or false positives.”

Incorporating services such as managed detection and response can help organizations meter any issues that might hinder full utilization of the tool, says Frank Dickson, program vice president in IDC’s cybersecurity products research practice.

“Especially in smaller businesses, companies are taking a solutions approach,” Dickson says. “They increasingly want vendors to own the problem.”

Sophos’s cryptolocker technology was of particular interest to OmniTel’s IT team, due in part to concern about ransomware.

“If it sees a bunch of files are changing, it automatically takes files back to the previous version,” he says. “It has caught things. We had a user download something malicious, and right away it scanned and stripped 20 files off the download.”

MORE FROM BIZTECH: Read what Microsoft CISO Bret Arsenault has to say about protecting organizations.

Implementing a Proactive Cyber Defense

When fantasy sports company DraftKings decided to replace the traditional anti-virus solution it had been using several years ago, it was determined to find a tool that would look for abnormalities in machine and user behavior.

“We didn’t want something that was just a traditional, signature-based anti-virus solution,” explains Brian Harris, DraftKings’ CISO and vice president of technical operations. “If something malicious comes out, it could be a couple of days before it has totally deployed across the enterprise.”

DraftKings vetted nearly 100 different products over a six- to eight-month period, Harris says. In the end, it selected Carbon Black’s CB Defense.

According to Harris, CB Defense p­rovides a broad view of what the DraftKings’ network looks like and what traffic to watch for, aiding in cyberattack prevention.

The system autogenerates tickets the company’s IT team can respond to, providing documentation in nearly real time.

“URL monitoring had a very proactive approach, versus reactive, because you’re looking for traffic anomalies ahead of time,” Harris says. “Once it detects an anomaly of any type, our IT department locks that machine down, and it can only talk back to the Carbon Black server. It can’t do anything on the network.”Administrators can also quarantine a machine remotely, which for Harris is one of the offering’s most important advantages. “For example, if someone leaves a laptop in a cab, we can immediately go into CB Defense and quarantine it to only talk to the Carbon Black cloud instance,” he says.

Remote Access Makes Security Easy

DraftKings wanted a product with an “as a service” structure, due to the company’s configuration. With employees based all around the U.S., Harris says it’s a big advantage for them to be able to receive alerts without having to be logged on to a VPN: “That way, we have real-time monitoring, as long as people are on the internet.”

The company has also been pleased to find the product can run without employees experiencing any of the drags its previous anti-virus solution could cause, which impacted endpoint and computer usability.

“Usage of internal computing resources, memory and CPU are something we’re always worried about,” Harris says. “In Carbon Black’s case, it has been minimal. We see CPU spikes of 30 percent or higher when we’re doing anti-virus scans with a traditional product.”

The transition to CB Defense has essentially been a seamless experience for DraftKings employees. Although the IT team told users about the solution after it had been added, employees likely didn’t notice any difference during the installation process, which took less than a week, according to Harris.

“It was actually rolled out quietly using automation; it was all in the background,” he says. “That’s a measurement of success, that it didn’t impact their lives. They have no idea it’s there, but the IT security team thinks it’s a great tool. It’s a win-win all around.”