Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

Security Appliance Delivers for Kenco

Logistics company gets the bigger picture with new appliance, software for security management

When your whole business is getting things there safely and on time, you don't mess around with IT security. That's why Kenco Group Inc. has already installed two new security products that aren't even on the general market yet.

Kenco, a privately-held third-party logistics firm that serves many of the Fortune 100, is beta testing two new products from IBM Internet Security Systems (ISS): the SiteProtector appliance, which now manages all of Kenco's security systems; and a new version of the Proventia Desktop Endpoint Security product, which provides antivirus, anti-spyware, and a variety of other security capabilities for enterprise PCs. Both products are expected to be generally available sometime next month.

The beta tests are both managed by Jim Burris, a network administrator at Kenco who is also the company's one-man IT security team. "We've got a bunch of drivers behind security here," says Burris. "Aside from protecting our own systems, we have links to some pretty major customers, so we have to protect those. Plus, some of those customers are competitors, so we have to protect them from each other. And then we have external attacks, which are growing all the time."

Kenco's network, which is based in Chattanooga, Tenn., extends across some 130 remote sites, which are mostly linked to headquarters via VPN tunnels. There are about a dozen point-to-point customer connections over T1 or frame relay links, and the company supports some 1,300 desktops and 250 laptops operated by internal employees, customers and contractors.

The third-party logistics company has been an ISS shop for years, dating back to the old BlackICE server security products, which were acquired by ISS. Since then, the company has deployed most of ISS's key products; including six M Series unified threat management (UTM) systems and three G Series intrusion prevention systems. The company also has deployed some elements of ISS's Proventia endpoint security software on all of its clients, although it is also using Symantec antivirus tools on most of them.

Currently, the company is beta testing a new version of Proventia that incorporates traditional anti-spyware and antivirus capabilities with ISS's spyware blocking technology and patented, behavioral-based Virus Prevention System. The traditional capabilities are being added through a partnership with BitDefender that will be announced next week.

"We liked the ISS products, but they didn't have the ability to track attack signatures like the traditional products do," notes Burris. "Now, we'll get both signature capability and the ISS capabilities -- sort of the best of both worlds." The new software may eventually obviate the need for the Symantec antivirus tools Kenco currently uses, he says.

Separately, Kenco has installed Proventia Management SiteProtector, a new appliance that carries all of the capabilities of the SiteProtector software tools, which manage all of the ISS security tools and applications. "We've used the Windows Server-based software for two years, but the appliance is nice because it has better reporting capabilities and it's much faster," Burris says. "Plus, it's easy to install and upgrade -- we put it in one day and it was generating reports in about 30 minutes."

The ability to report on the entire security environment has helped Burris not only in defending the network, but in showing the impact of his efforts to upper management. By looking at SiteProtector reports, Burris can prove that his systems are blocking about 60,000 attacks per month -- some 300 percent more than the company was blocking when it installed SiteProtector two years ago.

"Not long ago, I had one of our top executives ask me what I do," recalls Burris. "It's always a little worrisome when an executive asks questions like that. But after I showed him the SiteProtector reports and the volume of attacks we're keeping out, I didn't get any more questions. In fact, I haven't gotten any resistance on any of the [technology purchase] requests I've made since then."

Unlike many other IT shops, Kenco has built its security almost exclusively around ISS products -- only a few Cisco PIX firewalls and the Symantec client software are not from ISS. And because SiteProtector is able to collect data from the Cisco devices, Burris can literally see his entire security environment from a single SiteProtector console.

"SiteProtector is a godsend to a one-man shop like me, because I can manage it all from one place," Burris says. He uses the Proventia and SiteProtector tools in their off-the-shelf form, without customization. "SiteProtector's got so many canned reports; there really isn't a lot of need for making up my own."

The combination of ISS's client products, UTM, IPS, and management tools also have been successful in stopping attacks on Kenco's systems, Burris says. "I haven't seen an exploit get through yet," he says. "We've been seeing a lot more zero-day stuff, and I expect it to filter through. But then I check the system and I see that it's been blocked."

Kenco isn't an ISS chauvinist -- in fact, the company has just completed testing products from another vendor. "But I can tell you right now there's no way I'm switching," Burris says. "I like having one vendor to go when I have problems. When you get three or four vendors, you get a lot of finger pointing, and I really hate that."

Kenco's strong security record helps it retain customers in the ultra-competitive world of third-party logistics, Burris says. "I haven't seen our salespeople using it as a selling point yet, but I guarantee that if we had a problem, we'd hear about it from customers," he says. "So far, that hasn't been the case."

— Tim Wilson, Site Editor, Dark Reading

  • Cisco Systems Inc. (Nasdaq: CSCO)
  • IBM Corp. (NYSE: IBM)
  • IBM Internet Security Systems
  • Symantec Corp. (Nasdaq: SYMC)

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    A Realistic Threat Model for the Masses
    Lysa Myers, Security Researcher, ESET,  10/9/2019
    USB Drive Security Still Lags
    Dark Reading Staff 10/9/2019
    Virginia a Hot Spot For Cybersecurity Jobs
    Jai Vijayan, Contributing Writer,  10/9/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    7 Threats & Disruptive Forces Changing the Face of Cybersecurity
    This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
    Flash Poll
    2019 Online Malware and Threats
    2019 Online Malware and Threats
    As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-17612
    PUBLISHED: 2019-10-15
    An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter.
    CVE-2019-17613
    PUBLISHED: 2019-10-15
    qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in...
    CVE-2019-17395
    PUBLISHED: 2019-10-15
    In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
    CVE-2019-17602
    PUBLISHED: 2019-10-15
    An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
    CVE-2019-17394
    PUBLISHED: 2019-10-15
    In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.