Sep 02 2021
Security

Advanced Monitoring and Security Automation Keep Businesses a Step Ahead of Hackers

After an attempted hack, Gem Shopping Network put crucial guardrails in place to protect its network.

Programming from the Gem Shopping Network brings fine jewelry and high-quality gemstones to more than 40 million cable and satellite television subscribers. While security is always top of mind for this retail operation, a recent incident highlighted the need for improvements.

A threat actor hacked Gem’s guest ­network, accessed YouTube, “then ­broadcast a video where the subject was focused on hate speech,” says Andy Drooker, Gem Shopping Network’s head of technology and systems. The breach “demonstrated how vulnerable Gem was.”

The event spurred the Duluth, Ga.-based company to upgrade its network to improve its cyber resilience, and it’s not alone. A combination of factors has lately highlighted the need for network security upgrades across a range of organizations. Emerging threat vectors and inadequate legacy solutions are pushing businesses to take a fresh look at their safeguards.

Today, highly sophisticated network protection solutions make it possible to significantly improve network security. Among other advances, the latest tools bring to network security a high degree of automation.

REGISTER: Learn more about protection your organization's infrastructure in the weekly CDW Tech Talk series. Click the banner below to register.

“These new security monitoring tools may have components of artificial intelligence incorporated into them that will automatically sift through much of the data that’s being generated from the networks,” says Sagar Samtani, assistant professor of operations and decision technologies at the Indiana University Kelley School of Business.

“The new tools are getting smarter in terms how they operate, what they can pick up and what they can detect,” Samtani says. The latest network security tools offer more robust network monitoring, do more to secure company Wi-Fi and can respond to potential breaches.

A Network Refresh to Boost Security

Drooker had such modernized capabilities in mind when he set out to refresh Gem Shopping Network’s security backbone, seeking to bolster network security from both a physical and a ­virtual perspective.

“We wanted to create a tighter virtual LAN, where we isolate traffic so it only goes where it needs to go,” he says.

To do that, the company deployed both physical and virtual solutions, using Cisco Meraki wireless access points and firewalls, as well as two-factor authentication. These changes aimed to put guardrails around out-of-town jewelry dealers, who are frequent guests at Gem Shopping Network headquarters, and other visitors who use the company’s network to connect to their home offices while onsite. “We have to make sure that they’re going where they need to go — but only where they need to go. We want to make sure we are monitoring all that traffic,” Drooker says.

Drooker and team

For Gem Shopping Network in Atlanta, ensuring careful monitoring of network traffic was a critical component of the security strategy deployed by Head of Technology and Systems Andy Drooker and his team.

The company uses Microsoft Active Directory and the Microsoft Authenticator program for user authentication, and Cisco Umbrella for filtering and monitoring. The latter allows Drooker to limit the websites that users can visit through the virtual LAN. “We can limit by specific subnet or a specific VLAN and actually create a whitelist or blacklist specifically for that network, and we can even go down to the client level or to the device,” he says.

As a result of all this work, Drooker sleeps better at night, knowing that his network now boasts a much higher level of resilience. “We are in much better shape than we were when we started,” he says.

Enhanced Monitoring Protects Important Missions

For C.A. Patrick Voigt, ­director of engineering at Synergem Technologies, it was a changing threat landscape that triggered the need for security enhancements. Based in Mount Airy, N.C., Synergem provides software tools that help communities upgrade their first-responder calling systems in support of emerging Next Generation 911 capabilities. Given the mission-critical nature of that work, the company is under pressure to continuously adapt its security solutions — especially in light of recent malware and ransomware incidents.

The company implemented a SolarWinds security information and event management solution, chosen in part because of the engineering staff’s existing familiarity with the product. The company’s previous SIEM solution lacked the robust monitoring capability that SolarWinds offers, especially for certain specialized devices on Synergem’s network.

Synergem went from having a traditional anti-virus and anti-malware platform to using a much more comprehensive, threat-based intelligence platform. “Probably the biggest change is around those SIEM capabilities that really didn’t exist in the same way until a few years ago, at most,” Voigt says.

In particular, the team gets a more nuanced view into its devices and applications, and more effective security alerts. In the old platform, for example, a failed switch might trigger 50 alerts related to specific devices that depended on that switch. The new system instead sends a single alert highlighting the switch failure itself, allowing administrators to remediate the specific problem. Voigt says that level of intelligent alerting represents a big step forward.

The old platform likewise might have reported on the overall health of the power supply, but the network uses multiple power supplies, and Voigt needed a more granular view. The SolarWinds solution reports on the health of individual power supply devices. It also gives more detailed information about data flows, showing where traffic is going and where bandwidth is being used. That in turn supports more intelligent security ­decision-making, as it helps administrators see where devices are making questionable connections or generating unexpected traffic.

In Search of Cyber Resiliency

When Mark Petry joined eventcore as its director of cybersecurity and compliance in January 2020, he quickly realized the Seattle-based company’s existing security apparatus needed an upgrade.

With the rise in frequency and severity of cyberattacks, the event management software firm’s previous security tools lacked the modern screening and filtering Petry felt were needed to ensure resiliency.

He selected Palo Alto Networks’ VM-Series next-generation firewall, which he says does a good job supporting content filtering, IP whitelisting and blacklisting, and DNS sinkholing, which intercepts malicious Domain Name System requests. “It’s not only good for edge protection but also assists you in the event of a breach or incident,” he says. Petry also likes the virtual nature of the solution: Eventcore’s technical architecture is entirely cloud-based and virtual, so a cloud-based firewall was vital to the company.

Many of eventcore’s other security upgrades were made in response to needs that emerged during the pandemic. For example, as employees began using corporate laptops at home, Petry needed a way to ensure those outside connections did not bypass the company’s content filtering, domain blocking and other safeguards. By deploying Palo Alto Networks' GlobalProtect VPN, he was able to effectively lock down laptops so that all traffic to and from the devices could be backhauled through the firewall.

Cybersecurity needs are always in flux, but modern security event management and monitoring tools can help technology leaders adapt to threat actors’ latest tactics and their own evolving needs. “The security landscape was getting increasingly treacherous,” Drooker says, “and we needed to take a more proactive approach to how we deal with incoming threats.” 

Photography by Matthew Odom
Close

See How Your Peers Are Moving Forward in the Cloud

New research from CDW can help you build on your success and take the next step.