Logistics company gets the bigger picture with new appliance, software for security management

Tim Wilson, Editor in Chief, Dark Reading, Contributor

November 30, 2006

5 Min Read

When your whole business is getting things there safely and on time, you don't mess around with IT security. That's why Kenco Group Inc. has already installed two new security products that aren't even on the general market yet.

Kenco, a privately-held third-party logistics firm that serves many of the Fortune 100, is beta testing two new products from IBM Internet Security Systems (ISS): the SiteProtector appliance, which now manages all of Kenco's security systems; and a new version of the Proventia Desktop Endpoint Security product, which provides antivirus, anti-spyware, and a variety of other security capabilities for enterprise PCs. Both products are expected to be generally available sometime next month.

The beta tests are both managed by Jim Burris, a network administrator at Kenco who is also the company's one-man IT security team. "We've got a bunch of drivers behind security here," says Burris. "Aside from protecting our own systems, we have links to some pretty major customers, so we have to protect those. Plus, some of those customers are competitors, so we have to protect them from each other. And then we have external attacks, which are growing all the time."

Kenco's network, which is based in Chattanooga, Tenn., extends across some 130 remote sites, which are mostly linked to headquarters via VPN tunnels. There are about a dozen point-to-point customer connections over T1 or frame relay links, and the company supports some 1,300 desktops and 250 laptops operated by internal employees, customers and contractors.

The third-party logistics company has been an ISS shop for years, dating back to the old BlackICE server security products, which were acquired by ISS. Since then, the company has deployed most of ISS's key products; including six M Series unified threat management (UTM) systems and three G Series intrusion prevention systems. The company also has deployed some elements of ISS's Proventia endpoint security software on all of its clients, although it is also using Symantec antivirus tools on most of them.

Currently, the company is beta testing a new version of Proventia that incorporates traditional anti-spyware and antivirus capabilities with ISS's spyware blocking technology and patented, behavioral-based Virus Prevention System. The traditional capabilities are being added through a partnership with BitDefender that will be announced next week.

"We liked the ISS products, but they didn't have the ability to track attack signatures like the traditional products do," notes Burris. "Now, we'll get both signature capability and the ISS capabilities -- sort of the best of both worlds." The new software may eventually obviate the need for the Symantec antivirus tools Kenco currently uses, he says.

Separately, Kenco has installed Proventia Management SiteProtector, a new appliance that carries all of the capabilities of the SiteProtector software tools, which manage all of the ISS security tools and applications. "We've used the Windows Server-based software for two years, but the appliance is nice because it has better reporting capabilities and it's much faster," Burris says. "Plus, it's easy to install and upgrade -- we put it in one day and it was generating reports in about 30 minutes."

The ability to report on the entire security environment has helped Burris not only in defending the network, but in showing the impact of his efforts to upper management. By looking at SiteProtector reports, Burris can prove that his systems are blocking about 60,000 attacks per month -- some 300 percent more than the company was blocking when it installed SiteProtector two years ago.

"Not long ago, I had one of our top executives ask me what I do," recalls Burris. "It's always a little worrisome when an executive asks questions like that. But after I showed him the SiteProtector reports and the volume of attacks we're keeping out, I didn't get any more questions. In fact, I haven't gotten any resistance on any of the [technology purchase] requests I've made since then."

Unlike many other IT shops, Kenco has built its security almost exclusively around ISS products -- only a few Cisco PIX firewalls and the Symantec client software are not from ISS. And because SiteProtector is able to collect data from the Cisco devices, Burris can literally see his entire security environment from a single SiteProtector console.

"SiteProtector is a godsend to a one-man shop like me, because I can manage it all from one place," Burris says. He uses the Proventia and SiteProtector tools in their off-the-shelf form, without customization. "SiteProtector's got so many canned reports; there really isn't a lot of need for making up my own."

The combination of ISS's client products, UTM, IPS, and management tools also have been successful in stopping attacks on Kenco's systems, Burris says. "I haven't seen an exploit get through yet," he says. "We've been seeing a lot more zero-day stuff, and I expect it to filter through. But then I check the system and I see that it's been blocked."

Kenco isn't an ISS chauvinist -- in fact, the company has just completed testing products from another vendor. "But I can tell you right now there's no way I'm switching," Burris says. "I like having one vendor to go when I have problems. When you get three or four vendors, you get a lot of finger pointing, and I really hate that."

Kenco's strong security record helps it retain customers in the ultra-competitive world of third-party logistics, Burris says. "I haven't seen our salespeople using it as a selling point yet, but I guarantee that if we had a problem, we'd hear about it from customers," he says. "So far, that hasn't been the case."

— Tim Wilson, Site Editor, Dark Reading

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading

Contributor

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights