Hamamatsu eliminates malware with virtual appliances

When you're a company with branches across the country and a malware infection leads to all its outbound email being blacklisted as spam, you have one thing in mind: fix the problem and fix it fast. That's the situation the U.S. operations of Japanese optical sensor maker Hamamatsu found itself in when it turned to a cloud security provider to turn things around in a hurry.

The company had a "best in breed" firewall in place, as well as web filters, packet sniffers, a gateway event analyzer and anti-virus and anti-malware software. None of it, though, prevented the malware from infecting its network connecting its coast-to-coast offices. "We sifted through the firewall logs, and we couldn't determine where it was coming from," explained Hamamatsu's Network Manager of Operations Jim Hnasko.

Making matters worse, the malware began spewing spam from Hamamatsu's network, which resulted in all the company's email being blacklisted and its email being blocked from reaching its customers.

It was apparent the company needed a quick fix so it turned to OpenDNS, which turned out to be an agile choice for the company. "We didn't have to wait to send a quote and get a license," Hnasko said. "We made a call, nailed it and configured it in four hours." That compares to four days just to clear the paperwork for one firewall vendor initially approached by Hamamatsu to solve the problem.

Within eight hours after plugging into OpenDNS, Hamamatsu had neutralized the malware and was no longer blacklisted. Ironically, when the infected machine was identified, it had both anti-virus and anti-malware software running on it.

Two technologies rapidly growing in popularity made swift deployment of the OpenDNS solution possible: virtualization and the cloud. OpenDNS uses virtual appliances that can easily connect the cloud security services on its network to a customer's net. Rather than buying and installing hardware appliances for each of its branch offices, the virtual appliances could be deployed to the offices with a minimum of fuss through the cloud.

Once Hamamatsu's networks were connected to the virtual appliances, all traffic was rerouted through OpenDNS's cloud and its cloud security services. Users are integrated into the OpenDNS virtual appliances through Active Directory and their net usage monitored by Hamamatsu. "It wasn't very challenging to deploy the appliances and Active Directory," Hnasko said.

[ 5 questions to ask before a breach happens ]

In addition to the virtual appliances, Hamamatsu  also installed OpenDNS's roaming client software on all endpoints that touch its network. "Now we are able to enforce policies on every endpoint that we have," Hnasko explained. "We can also restrict web traffic by destination, filter or category." For example, if a user attempts to go to a website that's been identified as harboring malware, they would automatically be blocked from the site.

An advantage of a cloud security solution is its ability to tailor itself to a user on the fly. "A customer's policy for their employees might be different when the employee is in the office versus when they're out of the office," explained OpenDNS CEO David Ulevitch. "When they're in the office, it could block all security threats and log all their websites. When they're at home, it can be configured to only block security threats and doesn't log what websites they visit."

Installing clients on endpoints sometimes can meet with user resistance because the software can impact an endpoint's performance. That wasn't the case with OpenDNS's app. "When we deployed the agent, we expected users to complain that things were slower," Hnasko said. "We didn't have any complaints. It was almost seamless."

Optimizing security at the expense of a user's experience is an ongoing challenge for solution designers, but it appears to be one that OpenDNS was prepared to tackle. "We've always put performance and security on equal pedestals," Ulevitch said.

Rather than using a simple proxy model, he explained, OpenDNS has an intelligent client that determines what traffic needs to be routed through its cloud and what can go directly to the net. Its solution can segment traffic flows to boost performance. "That allows the performance for the end user to remain high without sacrificing the security component," Ulevitch said. So, for example, the streaming packets for a YouTube video could go directly to the web while all the text, HTML and images associated with the video would be routed to the OpenDNS cloud.

Because all Hamamatsu's traffic is routed through the OpenDNS cloud, Hamamatsu can also get better insights into the security status of its networks. "We can get reports on how many infections we have, if any, and who has them, so we can remediate the issue," Hnasko said. "We're now proactive instead of being reactive."

Since adopting the OpenDNS solution, the results for Hamamatsu have been impressive. "We've noticed a huge decrease in infections," Hnasko noted. "Before OpenDNS, our staff was cleaning machines two to three times a day. Since installing OpenDNS, we haven't seen an infected machine."

What OpenDNS is providing Hamamatsu is security at the "first hop" from the enterprise to the Internet. As the cloud grows as a home for security solutions, competition for control of that first hop will increase, noted Rick Holland, the principal analyst for security and risk management at Forrester. "If you look forward, the battle is going to be for the first hop -- what's the first place your users' traffic goes to in the cloud?" he said. "OpenDNS wants to be the first place you send your traffic to do security on."

Cloud security providers like OpenDNS are well positioned to take advantage of future enterprise network architecture, too, because of the scalability of cloud solutions, he added. In three to five years, much of the Web traffic that's being backhauled to a central location will be routed through local access points to reduce costs. "In the past, a company may have had a handful of Internet points of presence," Holland said. "In the future, almost all remote locations will be going to the Internet."

"When that happens," he continued, "deploying hardware will be like death by a thousand cuts for an organizaiton. Cloud-based security models are much more scalable and effective."

"If the appliance guys don't focus on the cloud," he added, "they're going to be left holding a bunch of appliances while their customers go to cloud services."

Join the CSO newsletter!

Error: Please check your email address.

Tags OpenDNSapplicationsNonesoftwaredata protection

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello Jr.

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts