The Value of Multiple Security Partners
“There’s a benefit to having multiple vendors and different technology and sources of threat intelligence,” says Mike Bowen, the bank’s vice president and senior technology officer. “This kind of strategy provides multiple lines of defense to prevent data breaches.”
The eight-branch bank, known as OlyFed, must secure a data center with up to 100 virtual servers that house customer information.
The bank standardized on the PA-800 Series next-generation firewall by Palo Alto Networks, which provides multiple security features, including intrusion prevention, web content filtering and malware protection. It also subscribes to Palo Alto Networks’ WildFire service, which updates the firewall regularly with the latest threat protection.
The FireEye Network Security appliance analyzes suspicious network traffic and blocks malware. “It’s essentially anti-malware and anti-virus at the network level,” Bowen says. “It constantly scans the network, looking for any kind of malicious traffic that’s made it past the initial security layers.”
So far, the strategy has worked. The bank has not suffered any major cybersecurity incidents.
“A key component of our customer service commitment is keeping our customer information secure,” Bowen says.
MORE FROM BZTECH: How to improve employee cybersecurity compliance.
Businesses Need a Layered Defense
Heartland Dental, which provides administrative support to more than 1,000 dental practices across 37 states, also combats cyberattacks with multiple layers of protection.
In each office, Heartland Dental installs and remotely manages computers, a server, practice management software, a network, Wi-Fi and a phone system. To shore up security, Ross Petty, senior IT security engineer, deploys endpoint anti-virus software, multifactor authentication, removal of local administrative rights and Microsoft Windows patching.
The company uses several Fortinet security products in each office and at its Effingham, Ill., corporate headquarters. Those include FortiGate 60E next-generation firewalls and the FortiSandbox appliance, which uses artificial intelligence to detect malware and suspicious code and safely isolates them for evaluation.
“With our Fortinet devices, files go east and west across the network,” Petty says. “They can submit files or websites into our sandbox and detonate them to see if they are malicious. This way, we can get ahead of zero-day attacks.”
The company, which manages about 1,500 virtual machines in its data center and over 20,000 workstations across its customers’ offices, also deployed FortiAnalyzer, which correlates the logs from the FortiGate tools, providing greater network visibility.
More recently, Petty installed open-source security information and event management software, a central dashboard that aggregates the logs from the company’s security tools and IT infrastructure. It provides Heartland Dental with full visibility into the company’s threat posture, uses machine learning anomaly detection to uncover threats and sends alerts to the IT staff.
Heartland Dental has written scripts to automatically remediate threats. For example, if a scan discovers a computer has a virus, the tool can cordon the computer off from the network, so it doesn’t affect other devices.
“It’s one central place, so we can automate our response,” Petty says.