Getting to the (end) point
- — 29 January, 2013 22:22
Organizations sometimes rush to implement security solutions without taking the time to ensure that the products will work optimally in their environment, in hopes of dealing with immediate security shortfalls. But putting in the effort to meld new solutions with the existing infrastructure increases the likelihood of a successful deployment.
Vistaprint, an online provider of professional marketing products and services to more than 14 million micro businesses and consumers, had a lack of endpoint visibility that posed a security threat to the company.
Managers had no way of knowing on a global scale what devices--including desktops, servers, phones, mobile devices, printers, and networking devices--the company had on its network, says Nick Duda, senior lead information security engineer at Vistaprint.
The company wanted to have real-time visibility into the security posture of all devices on the network, including both physical and virtual machines, in order to tightly manage endpoint compliance. And they wanted to a way to deliver configuration changes and software installations to all company-owned devices via an agentless process.
"We needed a solution that could give us 100 percent total visibility without introducing any major infrastructure changes" or rely on clients or agents, Duda says.
VistaPrint deployed four CounterACT appliances and one virtual appliance from ForeScout Technologies Inc. to monitor 13 offices and about 15,000 devices. One of the advantages to the technology is that it easily fit into Vistaprint's environment.
"One of the primary challenges we needed to overcome was introducing a solution without any major infrastructure changes," Duda says.
"CounterACT is completely out-of-band, not in-line with any other technology."
This allowed the company to configure the device with an IP address and turn it on, providing immediate results. "With this kind of implementation we were able to quickly deploy CounterACT appliances globally, and have them all online giving us immediate results within days of flipping the switch on," Duda says.
There were hurdles to overcome, however. "One challenge was making sure all of our networking gear [such as switches] were properly configured to work with CounterACT to address our primary goal of achieving 100 percent total global endpoint visibility," Duda says. This required resources from the networking department.
Another challenge was showing immediate value of the technology to business executives in order to justify the investment. The security product "closed gaps in our infrastructure security that other solutions didn't, so we were able to show immediate value with CounterACT, and that was key to getting approval in the budgeting process," Duda says.
With the technology in place, Vistaprint now has accurate reporting on any endpoint device, as well as its security posture and whatever software is installed on the device. The company has reduced risk by more effectively enforcing corporate security requirements such as anti-virus software and data encryption, and it has improved ability to document compliance with PCI regulations.
Another benefit is reduced workload and resources for tasks that might otherwise take days or weeks to complete. "Within minutes we can write policies to search for all endpoints with a specific criterion and perform any action on them, without any scripting knowledge," Duda says.
"By reducing workload and resources this inherently saved the company money."