Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

Security Appliance Delivers for Kenco

Logistics company gets the bigger picture with new appliance, software for security management

When your whole business is getting things there safely and on time, you don't mess around with IT security. That's why Kenco Group Inc. has already installed two new security products that aren't even on the general market yet.

Kenco, a privately-held third-party logistics firm that serves many of the Fortune 100, is beta testing two new products from IBM Internet Security Systems (ISS): the SiteProtector appliance, which now manages all of Kenco's security systems; and a new version of the Proventia Desktop Endpoint Security product, which provides antivirus, anti-spyware, and a variety of other security capabilities for enterprise PCs. Both products are expected to be generally available sometime next month.

The beta tests are both managed by Jim Burris, a network administrator at Kenco who is also the company's one-man IT security team. "We've got a bunch of drivers behind security here," says Burris. "Aside from protecting our own systems, we have links to some pretty major customers, so we have to protect those. Plus, some of those customers are competitors, so we have to protect them from each other. And then we have external attacks, which are growing all the time."

Kenco's network, which is based in Chattanooga, Tenn., extends across some 130 remote sites, which are mostly linked to headquarters via VPN tunnels. There are about a dozen point-to-point customer connections over T1 or frame relay links, and the company supports some 1,300 desktops and 250 laptops operated by internal employees, customers and contractors.

The third-party logistics company has been an ISS shop for years, dating back to the old BlackICE server security products, which were acquired by ISS. Since then, the company has deployed most of ISS's key products; including six M Series unified threat management (UTM) systems and three G Series intrusion prevention systems. The company also has deployed some elements of ISS's Proventia endpoint security software on all of its clients, although it is also using Symantec antivirus tools on most of them.

Currently, the company is beta testing a new version of Proventia that incorporates traditional anti-spyware and antivirus capabilities with ISS's spyware blocking technology and patented, behavioral-based Virus Prevention System. The traditional capabilities are being added through a partnership with BitDefender that will be announced next week.

"We liked the ISS products, but they didn't have the ability to track attack signatures like the traditional products do," notes Burris. "Now, we'll get both signature capability and the ISS capabilities -- sort of the best of both worlds." The new software may eventually obviate the need for the Symantec antivirus tools Kenco currently uses, he says.

Separately, Kenco has installed Proventia Management SiteProtector, a new appliance that carries all of the capabilities of the SiteProtector software tools, which manage all of the ISS security tools and applications. "We've used the Windows Server-based software for two years, but the appliance is nice because it has better reporting capabilities and it's much faster," Burris says. "Plus, it's easy to install and upgrade -- we put it in one day and it was generating reports in about 30 minutes."

The ability to report on the entire security environment has helped Burris not only in defending the network, but in showing the impact of his efforts to upper management. By looking at SiteProtector reports, Burris can prove that his systems are blocking about 60,000 attacks per month -- some 300 percent more than the company was blocking when it installed SiteProtector two years ago.

"Not long ago, I had one of our top executives ask me what I do," recalls Burris. "It's always a little worrisome when an executive asks questions like that. But after I showed him the SiteProtector reports and the volume of attacks we're keeping out, I didn't get any more questions. In fact, I haven't gotten any resistance on any of the [technology purchase] requests I've made since then."

Unlike many other IT shops, Kenco has built its security almost exclusively around ISS products -- only a few Cisco PIX firewalls and the Symantec client software are not from ISS. And because SiteProtector is able to collect data from the Cisco devices, Burris can literally see his entire security environment from a single SiteProtector console.

"SiteProtector is a godsend to a one-man shop like me, because I can manage it all from one place," Burris says. He uses the Proventia and SiteProtector tools in their off-the-shelf form, without customization. "SiteProtector's got so many canned reports; there really isn't a lot of need for making up my own."

The combination of ISS's client products, UTM, IPS, and management tools also have been successful in stopping attacks on Kenco's systems, Burris says. "I haven't seen an exploit get through yet," he says. "We've been seeing a lot more zero-day stuff, and I expect it to filter through. But then I check the system and I see that it's been blocked."

Kenco isn't an ISS chauvinist -- in fact, the company has just completed testing products from another vendor. "But I can tell you right now there's no way I'm switching," Burris says. "I like having one vendor to go when I have problems. When you get three or four vendors, you get a lot of finger pointing, and I really hate that."

Kenco's strong security record helps it retain customers in the ultra-competitive world of third-party logistics, Burris says. "I haven't seen our salespeople using it as a selling point yet, but I guarantee that if we had a problem, we'd hear about it from customers," he says. "So far, that hasn't been the case."

— Tim Wilson, Site Editor, Dark Reading

  • Cisco Systems Inc. (Nasdaq: CSCO)
  • IBM Corp. (NYSE: IBM)
  • IBM Internet Security Systems
  • Symantec Corp. (Nasdaq: SYMC)

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 5/28/2020
    Stay-at-Home Orders Coincide With Massive DNS Surge
    Robert Lemos, Contributing Writer,  5/27/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: Can you smell me now?
    Current Issue
    How Cybersecurity Incident Response Programs Work (and Why Some Don't)
    This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-11844
    PUBLISHED: 2020-05-29
    There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
    CVE-2020-6937
    PUBLISHED: 2020-05-29
    A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
    CVE-2020-7648
    PUBLISHED: 2020-05-29
    All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
    CVE-2020-7650
    PUBLISHED: 2020-05-29
    All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
    CVE-2020-7654
    PUBLISHED: 2020-05-29
    All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.