How to Integrate Different Security Tools
Before implementing Managed Detection and Response, the bank had an array of industry-standard security tools from Cisco. “Those are great tools that we still use,” says Hale, but there were so many of them, and they had different reporting formats. With just 10 IT staffers, and only two of them handling those middle-of-the-night calls, it was a constant struggle to keep pace.
“We had lots of monitoring tools that would alert us of a downed connection or an outage,” Hale adds. But it was up to him and McBroom to determine what to do about each issue.
“We recognized, as any financial institution probably should, as you grow and expand your footprint, that it doesn’t matter if you’re a $200 million bank or a $50 billion bank; the ability to have your perimeter watched by live intervention is almost imperative these days,” Hale says. “There is a cost to it, obviously, but I’m not sure that you can put a price on customer confidence or on the safety, the soundness and the security of your customers’ data.”
The team started looking into solutions in fall 2019, considering products from several vendors, but since it already had many Cisco tools that it was happy with, Cisco’s MDR made sense.
Use Expert Assistance to Build Security
CDW helped to implement the system and integrate it with the bank’s existing infrastructure, and to roll out a three-year security enterprise agreement, consolidating all licenses under a single anniversary date, which resulted in savings.
CDW also helped First State Community Bank create a playbook so that the monitoring service can act on lower-level items without staff intervention. That has decreased the overall workload, because many of the issues that would have turned into work orders can now be handled automatically.
“The MDR ties all of the tools together and allows for you to have eyes on them all the time,” explains McBroom. “A whole team is dedicated to watching that for you 24/7. It definitely gives you peace of mind.”
The bank consolidated several Cisco products under MDR: advanced malware protection; Umbrella cloud security; Identity Services Engine (ISE), which authenticates devices and handles authorizations and accounting; and AnyConnect, which allows users to securely connect to a VPN. It also added Cisco Secure Network Analytics (formerly Stealthwatch), which analyzes data to detect connections that are out of the ordinary, and Cisco Secure Malware Analytics (formerly Threat Grid), which executes files detected by AMP in a sandbox environment.
“It fundamentally changed the landscape of our security presence within our own network,” says Hale. “It’s not just the perimeter being monitored. It has a lot of what I refer to as tentacles, because it attaches to so many internal systems. It’s given us a deeper insight into our network.”
The solution also includes SecureX, which takes the data from all of the tools and puts it all in a high-level dashboard. “It’s amazing how much you wouldn’t know about your network unless you had these tools,” says McBroom.