TBI Case Study: Active Security Monitoring

We know IT.

We understand the pain. We’re a business too.

Moving and Maintaining TBI’s Security to the Cloud

Like most growing organizations, our needs change and with the increasing amount of remote and mobile users, security becomes top of mind when adopting new technologies.

Over the course of the last 12 months, TBI’s internal IT staff has been working to update and improve our security and leverage new cloud security products. As TBI continues to grow, it became apparent that we were in need of a more robust, secure network, especially with the increasing amount of our remote-users. In efforts to upgrade our security and keep our network safe, we’ve implemented several cloud-based security solutions.

Advanced Threat Protection with WatchGuard Firewalls
Prior to implementing WatchGuard firewalls, we were using Cisco which did not offer native preventative
applications. We also used Barracuda for Web and Spam protection. Both were on-premise, inside of our network, so technically speaking, a virus could have already been in our server environment before detected. With WatchGuard utilizing cloud-based applications, we’re able to scan outside of our network and eliminate any viruses from entering.

WatchGuard runs a number of cloud-based applications that helps keep our network safe:

• Application Control: WatchGuard updates a default list of known harmful applications daily. This allows us to block applications at a system level.
• Reputation Enabled Defense: This service keeps track of known, harmful sites by reputation and continually sources global databases. A user’s access is automatically blocked if a site spams or has imbedded viruses.
• Spam Blocker: Scans email for harmful attachments and/or links. This is the 3^rd level of defense TBI has in place for email scanning.
• Web Blocker: WebBlocker allows IT administrators to manage web access and content for stronger security and control of web surfing.
• Gateway Anti-Virus: Scans everything that moves in and out of our network, excluding VoIP traffic.
• APT Blocker: This application uses a next-gen sandbox for detailed views into the execution of a malware program. Files are fingerprinted and checked against an existing database first on the firewall and then in the cloud.

Securing Remote Access with Meraki Wireless Access Points.
Before Meraki, we were utilizing legacy Cisco wireless access points for wireless access to TBI systems. With Cisco, we didn’t have single point of management, therefore each access point needed to be individually managed and we were operating on a single network. To meet the advancing capabilities of breaches or hacks, we upgraded to Meraki. We now have wireless access points with segmentation allowing us to manage employee and guest access. Meraki also provides real-time reporting of sites and services users are connecting to.

Additional features include:

• Password protected access
• Restricted and monitored user access to sites
• Ability to run through our WatchGuard firewall

Email Protection with SpamLab
Before implementing Office 365 we had an on-premise Exchange server that utilized a Barracuda spam filter. For email security, we now use AppRiver SpamLab for Office 365. SpamLab is a filter that catches all viruses in email communication. In the last 30 days, SpamLab stopped 33,000 emails with known viruses from entering TBI’s network; 35% of the email sent to us every day is considered Spam.

Additional Email Security Features:

• Office 365 offers an initial email scan as the first line of defense on email viruses and malware. This baseline is included with subscription.
• SpamLab and Office 365 provide weekly security updates to our Administrators.
• SpamLab scans all incoming emails for potential hazards and holds suspicious emails in a cloud portal for secure viewing and release requests.

Device Security with Sophos Anti-Virus
Without anti-virus software, remote users are at high risk of catching a virus or malware when connected to public networks, causing a security risk when rejoining the company network. TBI uses Sophos, a web-based endpoint security antivirus software installed on all TBI computers. Our main goal in implementing Sophos was to improve our remote and mobile user’s security.

Benefits include:

• Updates to virus signature multiple times a day from worldwide database of known threats.
• Scans to sites for known malware.
• Proactively quarantines bad software once detected.
• Actively notifies our internal IT staff of any medium-high level issues from devices if not up-to-date or items needing to be quarantined.
• Actively scans when TBI devices are on both TBI and other networks.

Internal Approach to Desktop precautions

• Admin rights are required to install any software on the PC to prevent any shadow IT.
• CD/DVD and USB auto launch is disabled so programs are not allowed to start on their own.

With the implementation of these solutions, our overall network security has greatly improved, offering us peace of mind knowing the proper systems are in place in the event of an attack. All systems are actively scanning and reporting to TBI’s internal IT department with live monitoring available when needed. Overall, TBI is now a more secure environment for our data and our employees, both local and remote.

About TBI's IT Department
The Information Technology (IT) Department manages the technology necessary to effectively and efficiently accomplish our mission to serve the partner community. This department oversees the complete technology infrastructure supporting TBI’s Chicago offices and remote locations. It provides technology services including telecommunications; LAN/WAN networking; e-mail and web access; operating system software and equipment support; application deployment and management; servers; and troubleshooting of all technology services through HelpDesk. Additionally, the IT team proactively manages the procurement of computing equipment, software, licenses and maintenance contracts. The department also participates in the research and deployment of new technologies. 

About the Author
Emily Ball is a Marketing Coordinator at TBI. She supports strategic programs to cultivate leads, enhance agent and service provider relationships, and help propel sales. You can contact Emily at eball@tbicom.com or connect with Emily on LinkedIn.