Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

Security Appliance Delivers for Kenco

Logistics company gets the bigger picture with new appliance, software for security management

When your whole business is getting things there safely and on time, you don't mess around with IT security. That's why Kenco Group Inc. has already installed two new security products that aren't even on the general market yet.

Kenco, a privately-held third-party logistics firm that serves many of the Fortune 100, is beta testing two new products from IBM Internet Security Systems (ISS): the SiteProtector appliance, which now manages all of Kenco's security systems; and a new version of the Proventia Desktop Endpoint Security product, which provides antivirus, anti-spyware, and a variety of other security capabilities for enterprise PCs. Both products are expected to be generally available sometime next month.

The beta tests are both managed by Jim Burris, a network administrator at Kenco who is also the company's one-man IT security team. "We've got a bunch of drivers behind security here," says Burris. "Aside from protecting our own systems, we have links to some pretty major customers, so we have to protect those. Plus, some of those customers are competitors, so we have to protect them from each other. And then we have external attacks, which are growing all the time."

Kenco's network, which is based in Chattanooga, Tenn., extends across some 130 remote sites, which are mostly linked to headquarters via VPN tunnels. There are about a dozen point-to-point customer connections over T1 or frame relay links, and the company supports some 1,300 desktops and 250 laptops operated by internal employees, customers and contractors.

The third-party logistics company has been an ISS shop for years, dating back to the old BlackICE server security products, which were acquired by ISS. Since then, the company has deployed most of ISS's key products; including six M Series unified threat management (UTM) systems and three G Series intrusion prevention systems. The company also has deployed some elements of ISS's Proventia endpoint security software on all of its clients, although it is also using Symantec antivirus tools on most of them.

Currently, the company is beta testing a new version of Proventia that incorporates traditional anti-spyware and antivirus capabilities with ISS's spyware blocking technology and patented, behavioral-based Virus Prevention System. The traditional capabilities are being added through a partnership with BitDefender that will be announced next week.

"We liked the ISS products, but they didn't have the ability to track attack signatures like the traditional products do," notes Burris. "Now, we'll get both signature capability and the ISS capabilities -- sort of the best of both worlds." The new software may eventually obviate the need for the Symantec antivirus tools Kenco currently uses, he says.

Separately, Kenco has installed Proventia Management SiteProtector, a new appliance that carries all of the capabilities of the SiteProtector software tools, which manage all of the ISS security tools and applications. "We've used the Windows Server-based software for two years, but the appliance is nice because it has better reporting capabilities and it's much faster," Burris says. "Plus, it's easy to install and upgrade -- we put it in one day and it was generating reports in about 30 minutes."

The ability to report on the entire security environment has helped Burris not only in defending the network, but in showing the impact of his efforts to upper management. By looking at SiteProtector reports, Burris can prove that his systems are blocking about 60,000 attacks per month -- some 300 percent more than the company was blocking when it installed SiteProtector two years ago.

"Not long ago, I had one of our top executives ask me what I do," recalls Burris. "It's always a little worrisome when an executive asks questions like that. But after I showed him the SiteProtector reports and the volume of attacks we're keeping out, I didn't get any more questions. In fact, I haven't gotten any resistance on any of the [technology purchase] requests I've made since then."

Unlike many other IT shops, Kenco has built its security almost exclusively around ISS products -- only a few Cisco PIX firewalls and the Symantec client software are not from ISS. And because SiteProtector is able to collect data from the Cisco devices, Burris can literally see his entire security environment from a single SiteProtector console.

"SiteProtector is a godsend to a one-man shop like me, because I can manage it all from one place," Burris says. He uses the Proventia and SiteProtector tools in their off-the-shelf form, without customization. "SiteProtector's got so many canned reports; there really isn't a lot of need for making up my own."

The combination of ISS's client products, UTM, IPS, and management tools also have been successful in stopping attacks on Kenco's systems, Burris says. "I haven't seen an exploit get through yet," he says. "We've been seeing a lot more zero-day stuff, and I expect it to filter through. But then I check the system and I see that it's been blocked."

Kenco isn't an ISS chauvinist -- in fact, the company has just completed testing products from another vendor. "But I can tell you right now there's no way I'm switching," Burris says. "I like having one vendor to go when I have problems. When you get three or four vendors, you get a lot of finger pointing, and I really hate that."

Kenco's strong security record helps it retain customers in the ultra-competitive world of third-party logistics, Burris says. "I haven't seen our salespeople using it as a selling point yet, but I guarantee that if we had a problem, we'd hear about it from customers," he says. "So far, that hasn't been the case."

— Tim Wilson, Site Editor, Dark Reading

  • Cisco Systems Inc. (Nasdaq: CSCO)
  • IBM Corp. (NYSE: IBM)
  • IBM Internet Security Systems
  • Symantec Corp. (Nasdaq: SYMC)

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    When It Comes To Security Tools, More Isn't More
    Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
    US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
    Seth Rosenblatt, Contributing Writer,  1/11/2021
    IoT Vendor Ubiquiti Suffers Data Breach
    Dark Reading Staff 1/11/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    2020: The Year in Security
    Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
    Flash Poll
    Assessing Cybersecurity Risk in Today's Enterprises
    Assessing Cybersecurity Risk in Today's Enterprises
    COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-25533
    PUBLISHED: 2021-01-15
    An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
    CVE-2021-3162
    PUBLISHED: 2021-01-15
    Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
    CVE-2021-21242
    PUBLISHED: 2021-01-15
    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
    CVE-2021-21245
    PUBLISHED: 2021-01-15
    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
    CVE-2021-21246
    PUBLISHED: 2021-01-15
    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...