Jun 01 2021

Why Security Solution Simplification Is Becoming Popular with IT Directors

Many businesses manage today’s threat landscape with a jumbled mishmash of solutions. Here’s how some respond more effectively by decluttering their environments.

When the phone rang at 3 a.m., Brandon Hale and Shawn McBroom weren’t surprised. It happened several times a week.

Whenever First State Community Bank’s IT security tools picked up a potential threat, it would trigger an auto-dialer that would notify Hale, the assistant vice president and IT general manager at the Farmington, Mo.-based bank, and McBroom, the information security administrator.

The calls were most often false alarms. They dropped precipitously this year when the bank installed Cisco Managed Detection and Response, which ties together disparate security tools the organization uses and adds live, 24/7 monitoring.

“I don’t think I’ve been woken up in the past two weeks,” says Hale. “It’s just nice at the end of the day to be able to fall asleep and know that our network is actively being monitored. If some malicious piece of content comes through, it’s going to be a live person who is going to determine, yes, this needs to be a phone call, or no, it doesn’t.”

As the threat landscape grows increasingly sophisticated, First State Community Bank’s IT team is among the growing number that are moving away from complex security infrastructures and opting for decluttered solutions that are easier to manage. They’re finding that more streamlined environments both simplify and strengthen their defenses.

“Four out of 5 SMBs are taking proactive measures to safeguard their networks,” says Laura DiDio, principal at Information Technology Intelligence Consulting, an IT research firm. “That includes simplifying their architecture and consolidating their different security products.”

REGISTER: Learn more about the latest integrated IT solutions in the weekly CDW Tech Talk series. Click the banner below to register.

How to Integrate Different Security Tools

Before implementing Managed Detection and Response, the bank had an array of industry-standard security tools from Cisco. “Those are great tools that we still use,” says Hale, but there were so many of them, and they had different reporting formats. With just 10 IT staffers, and only two of them handling those middle-of-the-night calls, it was a constant struggle to keep pace.

“We had lots of monitoring tools that would alert us of a downed connection or an outage,” Hale adds. But it was up to him and McBroom to determine what to do about each issue.

“We recognized, as any financial institution probably should, as you grow and expand your footprint, that it doesn’t matter if you’re a $200 million bank or a $50 billion bank; the ability to have your perimeter watched by live intervention is almost imperative these days,” Hale says. “There is a cost to it, obviously, but I’m not sure that you can put a price on customer confidence or on the safety, the soundness and the security of your customers’ data.”

The team started looking into solutions in fall 2019, considering products from several vendors, but since it already had many Cisco tools that it was happy with, Cisco’s MDR made sense.

WATCH: Learn how to protect the new digital landscape for business.

Use Expert Assistance to Build Security

CDW helped to implement the system and integrate it with the bank’s existing infrastructure, and to roll out a three-year security enterprise agreement, consolidating all licenses under a single anniversary date, which resulted in savings.

CDW also helped First State Community Bank create a playbook so that the monitoring service can act on lower-level items without staff intervention. That has decreased the overall workload, because many of the issues that would have turned into work orders can now be handled automatically.

“The MDR ties all of the tools together and allows for you to have eyes on them all the time,” explains McBroom. “A whole team is dedicated to watching that for you 24/7. It definitely gives you peace of mind.”

The bank consolidated several Cisco products under MDR: advanced malware protection; Umbrella cloud security; Identity Services Engine (ISE), which authenticates devices and handles authorizations and accounting; and AnyConnect, which allows users to securely connect to a VPN. It also added Cisco Secure Network Analytics (formerly Stealthwatch), which analyzes data to detect connections that are out of the ordinary, and Cisco Secure Malware Analytics (formerly Threat Grid), which executes files detected by AMP in a sandbox environment.

“It fundamentally changed the l­andscape of our security presence within our own network,” says Hale. “It’s not just the perimeter being monitored. It has a lot of what I refer to as tentacles, because it attaches to so many internal systems. It’s given us a deeper insight into our network.”

The solution also includes SecureX, which takes the data from all of the tools and puts it all in a high-level dashboard. “It’s amazing how much you wouldn’t know about your network unless you had these tools,” says McBroom.

Brandon Hale
It’s just nice at the end of the day to be able to fall asleep and know that our network is actively being monitored."

Brandon Hale Assistant Vice President and IT General Manager, First State Community Bank

Protect Your Business With Smarter Surveillance

When Todd Beebe started as information security officer at Freeport LNG, he was hired to build his team and the Houston-based company’s cybersecurity program from the ground up. Three years into that role, he discovered just how critical that work was.

He learned that that the company, a liquefied natural gas exporter, was an active target of a nation-state threat actor. “That was a shock to me,” says Beebe. “It was the first time in my career I had been officially given advance notice the company I was hired to protect was an active target. You always assume you are a target, you sometimes get notified that your company has been breached, but it’s a whole different sense of urgency when you receive official warning you’re being targeted. Imagine answering your front door and a police officer informs you that a professional burglary ring has your home address on its hit list.”

Before he started, the organization had already deployed enterprise-class security solutions common to most Fortune 500 organizations. “The tried-and-true security controls that a company needs to block the known threats such as malware and viruses were in place,” says Beebe. “But then there are advanced threat actors, live humans hired to breach your company. They’ll test what doesn’t get caught by that initial set of security preventive solutions.”

That’s why his first request after starting his new job was an endpoint detection and response tool. At his previous company, he had spent two years evaluating EDR solutions, so he knew VMware Carbon Black EDR was a good choice.

“I needed visibility,” he says. “No security technology will prevent everything; you’ve got to assume a breach. Those controls should prevent your security team from being so overwhelmed with alerts that it can’t find the real threat in all the noise before it moves to other systems.”

Enterprise preventative security controls are akin to a guard standing at the door comparing everyone entering with a “wanted” poster. “You’re allowed in or you’re not,” says Beebe.

An EDR, on the other hand, looks for unusual activity. A threat may gain access to the front door, but if it tries a few different doors, the EDR triggers an alert for security to investigate.

“If you have an EDR, you can catch people trying to try to get familiar with the environment before they can move laterally to other systems. This gives you that time to catch them before they get to the room with something really important,” explains Beebe.

EDR Can Catch Intruders Faster

For example, Beebe’s team conducts regular red team penetration tests. With VMware Carbon Black, they’ve always caught the red team within 30 minutes or less. “The threat actors don’t have time to get all the account and system information they need to figure out how and where to move off that original machine,” says Beebe. “We can isolate them quickly and contain any kind of disruption to one system.”

One particularly useful feature of VMware Carbon Black EDR, he adds, is the ability to create custom watchlists.

If there’s a new tactic or technique used by threat actors targeting the company’s environment, the team creates a watchlist to look out for that activity.

It can also easily filter behaviors that would seem suspicious elsewhere but are normal for the company. That eliminates hours reviewing logs, freeing up Beebe’s team to respond to the most serious threats.

“We can sleep easy at night because we’re testing this on a regular basis and we know that that our solution is detecting the things that a threat actor will do,” says Beebe. “We’re not constantly chasing noise.” 

Photography By Dan Videtich