Getting to the (end) point

How can you manage what you can't see? Vistaprint gets a handle on endpoint profusion and security

Organizations sometimes rush to implement security solutions without taking the time to ensure that the products will work optimally in their environment, in hopes of dealing with immediate security shortfalls. But putting in the effort to meld new solutions with the existing infrastructure increases the likelihood of a successful deployment.

Vistaprint, an online provider of professional marketing products and services to more than 14 million micro businesses and consumers, had a lack of endpoint visibility that posed a security threat to the company.

Managers had no way of knowing on a global scale what devices--including desktops, servers, phones, mobile devices, printers, and networking devices--the company had on its network, says Nick Duda, senior lead information security engineer at Vistaprint.

[Also read BYOD keeps expanding and IT just has to deal with it]

The company wanted to have real-time visibility into the security posture of all devices on the network, including both physical and virtual machines, in order to tightly manage endpoint compliance. And they wanted to a way to deliver configuration changes and software installations to all company-owned devices via an agentless process.

"We needed a solution that could give us 100 percent total visibility without introducing any major infrastructure changes" or rely on clients or agents, Duda says.

VistaPrint deployed four CounterACT appliances and one virtual appliance from ForeScout Technologies Inc. to monitor 13 offices and about 15,000 devices. One of the advantages to the technology is that it easily fit into Vistaprint's environment.

"One of the primary challenges we needed to overcome was introducing a solution without any major infrastructure changes," Duda says.

"CounterACT is completely out-of-band, not in-line with any other technology."

This allowed the company to configure the device with an IP address and turn it on, providing immediate results. "With this kind of implementation we were able to quickly deploy CounterACT appliances globally, and have them all online giving us immediate results within days of flipping the switch on," Duda says.

There were hurdles to overcome, however. "One challenge was making sure all of our networking gear [such as switches] were properly configured to work with CounterACT to address our primary goal of achieving 100 percent total global endpoint visibility," Duda says. This required resources from the networking department.

Another challenge was showing immediate value of the technology to business executives in order to justify the investment. The security product "closed gaps in our infrastructure security that other solutions didn't, so we were able to show immediate value with CounterACT, and that was key to getting approval in the budgeting process," Duda says.

With the technology in place, Vistaprint now has accurate reporting on any endpoint device, as well as its security posture and whatever software is installed on the device. The company has reduced risk by more effectively enforcing corporate security requirements such as anti-virus software and data encryption, and it has improved ability to document compliance with PCI regulations.

Another benefit is reduced workload and resources for tasks that might otherwise take days or weeks to complete. "Within minutes we can write policies to search for all endpoints with a specific criterion and perform any action on them, without any scripting knowledge," Duda says.

"By reducing workload and resources this inherently saved the company money."

Tags: Vistaprint, security

Oracle identifies products affected by Heartbleed, but work remains on fixes

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Webroot SecureAnywhere Business

The lightest, fastest, easiest-to-manage, and most effective endpoint protection.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.