Network Security

Pit road for the network: Case study

Seeking to protect its intellectual property, race car team Andretti Autosport went looking for a security solution. Greg Masters reports.

When the race cars sped around the course at the 100th Indianapolis 500 at the end of May, most eyes were trained on the track watching the cars blaze past.

But well away from the 2.5-mile oval of the Indianapolis Motor Speedway, the roar of the crowd and the media coverage, another crew was hard at work behind the scenes. This one was not changing lug nuts on Pit Road or behind the steering wheel of one of the purpose-built race cars with their 700-hp, twin-turbocharged engines. This crew were strapped in at computer keyboards ensuring there was visibility on the network.

Andretti Autosport is an auto racing team that competes in several races – and has won several championships, including the Indy 500 three times. It currently has nearly 150 people across its Indycar, Indy Lights, Andretti Rallycross and Formula E teams. Headquartered in Indianapolis, it also has an office in Donnington Park, U.K., that is specific for its Formula E program.

In other words, there is a lot more making up the enterprise than what is visible in bright colors on racetracks around the globe. For instance, when Daniel Peebles came on board Andretti Autosport as its manager of information technology, he was continually asked what could truly be seen on the network and what was visible to detect as situations arose. Also, there was a good deal of intellectual property and data the team needed to keep secure.

“We are really trying to solve data security, keeping our intellectual property ours and not letting it run off,” he says. The protection of any organization's intellectual property should always be considered the primary mission, he says. “Without any data, what do you really have, other than a lot of employees?” 

It's essential to have the data to use in a working environment, he says. But, it needs protection – particularly to prevent competitors from moving it along with their loyalties as they switch racing teams. “In our industry, there are some people who spend their entire life in racing,” Peebles says. “With our teams' pro-rating nature, you don't want that going in-between teams.”

Often, he explains, people will go from NASCAR to Indy Car, and every now and then someone will move from one H car team to another H car team – taking data with them. “You need to be sure that they are not compromising your intellectual property and providing that sort of competition,” Peebles says.

The search began for managed services related to network anomaly detection to assist his team's technology efforts. Having the visibility for a large file transfer – or a large payload that is out of normal – was the goal, and setting up an appliance – whether trackside or in a workshop – became a priority to make certain there weren't large chunks of data wandering off.

"We have lots of points of reference as to what transpires if an incident were to occur, so having visibility and a way to mitigate it if someone were doing an out-of-the-ordinary large transfer, we could cut it off," Peebles (left) explains.

As a relatively small organization, Andretti Autosport has a very collaborative and hands-on approach to all things related to the success of its teams, he says. When it came to the evaluation and decision-making process to choose a solution, several members joined Peebles to evaluate, including Rob Edwards, the director of engineering and race operations; JF Thormann, the executive vice president and chief operating officer; and the team's CEO, Michael Andretti.

They looked at several options. While they concluded there were several that were decent products that might fit their needs, these tended to be more driven toward large enterprises. A solution from Rook Security, they decided, was the best way for them to operate and get the effective solution that they wanted while also mitigating costs.

"Budget aside, Rook Security's overall approach, philosophy and demonstrable fit to secure our data and prevent internal and external threats effectively and efficiently were the determining factors in choosing to go with them over the others," says Peebles.

He says that having another set of eyes outside of his team at Andretti to look at issues brought them a good deal of comfort. "We could pick up the phone and immediately get assistance from a team of dedicated experts if there is an issue." Ultimately, he adds, the issue would be resolved.

The deployment with Rook Security went very smoothly. Ranging from implementing the devices then making adjustments to the Andretti Autosport network – along with the collaboration from Rook Security – and getting everything prepared and operational was "fantastic," Peebles says. "We were very pleased with the level of professionalism from the Rook Security team in helping get everything configured properly, which is never a simple task."

And, he is finding the implementation very easy to manage. "Visibility has been a crucial element to our engagement with Rook Security and when we get alerts, I now know if they need my immediate reaction."

Members of his team or Peebles himself can take it from there and coordinate with Rook Security if they need those action items. "Having those alerts and managing it beyond those has been very easy in improving our overall footprint," he says.

"The flexibility of Rook Security's Managed Threat Response (MTR) platform allows it to be tailored to meet a client at their current maturity level by integrating with existing technologies," says Michael Taylor, lead project manager at Rook Security. The correlation and intelligence engine behind the MTR works by first normalizing nearly any incoming data stream and then identifying malicious behavior, he says. The Anomaly Detection System (ADS) analyzes both the heuristic behavioral patterns of the hosts within Andretti's environment and uses the latest signature-based detection methods. This allows for malicious, aggressive and anomalous network activity to be identified, even if there is not an accompanying signature yet released for that attack.

The MTR platform differentiates itself by its flexibility to integrate with currently deployed technologies, says Taylor. "This allows Rook Security to meet clients at every security maturity level, from startups to large enterprises."

Instead of requiring a monolithic security software solution, Taylor says MTR integrates with existing firewalls, SIEMs and other tools to provide a unified view into the security posture of a client's environment. "This flexibility allows clients to continue to use solutions that they are satisfied with, while augmenting their system with Rook Security's solutions."

The MTR platform has exceptional flexibility in its ability to ingest data from the network through the application layers, Taylor (left) explains. "By scaling horizontally, it can accommodate the data-retention requirements of any sized environment while maintaining responsive searching and reporting. The unification and orchestration of each security facet from within a client's environment allows the Rook Security Operations Center to rapidly identify, triage, respond, and remediate threats."

Compliance

As far as compliance requirements, Peebles says there are specific Indy Series rules – a radio frequency his team can use for Wi-Fi, for example. "Andretti Autosport is not really subject to any government regulations – like PCI, HIPAA or ISO – but with a military background (he was a signal support systems specialist with the U.S. Army), Peebles says he can see a huge advantage having a team of professionals for preparation of audits.

The Rook Security MTR platform touches the entire footprint of Andretti Autosport's IT infrastructure. Its headquarters office in Indianapolis is completely covered with the network anomaly protection, incident response, rAgent, whitelist and the central logging collection. "So I would say all aspects of our company, including the VPN closed tunnel sessions to our Formula E office in the UK and other remote users, are covered," Peebles says. That also includes the team's on-track environment and its traveling trucks that go with the team to each event, which are provided with a footprint of visibility with its network anomaly detection.

Since the Andretti team has received the all-encompassing products from Rook Security through its current agreement, Peebles says his team is looking at leveraging it as much as possible to attain good visibility. "If we can use it with other third-party tools, such as our management systems, any collaborative efforts that are securing the environment is really what we are going after," he explains. "It is really giving us the ability to focus on critical issues and be preventative at the same time other than simply being reactive, which was the case prior to our engagement with Rook Security."

His team, he adds, is very well positioned with Rook Security for seamless expansion if any new racing events or other remote activities are added to its slate.

And, as far as keeping protections current with updates, Rook Security uses signature repositories tuned for each client deployment, says Taylor. Each repository holds a collection of signature categories which pertain to the client's environment. The solution aggregates numerous open source and private signature feeds. When new signatures or changes are released, the client policy decisions dictate their deployment. These policy decisions vary from client to client as well as within client environments (e.g. development versus production).

"This allows a client to customize when and how these signatures are updated," he says. "Some clients prefer that signatures are implemented immediately, whereas others have additional change control processes in place. Updates to Rook Security's software are conducted during regularly scheduled maintenance windows.

More and more data

Peebles says that he's been with his organization for three years and in that amount of time has seen a shift where the firm is producing more and more data. "As time goes on and technology advances, we're getting larger and larger SAMs and NSAAs and hard drives. We need to make sure it's secure." Gone are the days when small businesses could just roll the dice where they may go unnoticed or have a low IT implementation, he says. "As we have data and continue to grow in our intellectual property and footprint for that, so do the means to be able to protect it."

As far as future threats, the big buzz, he says, has been cloud computing and cloud storage. A good deal of personal software licenses are floating around, he says. Also, managing the security of remote users at events – or even trying to get users to avoid passing around thumb-drives – continues to pose a threat. "From a cloud perspective, it is really just having the ability to react if someone goes and takes all of their personal or important data and dumps it on their computer or Dropbox. We now we have tools in place to mitigate that risk."

There is a saying whenever his team is reviewing budgets, Peebles adds: "If it doesn't make the car go faster, then we may not need it.” It's a dynamic shift, he points out. Assessing the need as time goes on for data security is no longer just a necessity for larger enterprises. "Now, small and growing businesses will have to treat this with concern and have a solution in place for it," he says.

"As we get more Internet of Things devices floating out there, you just have to emphasize security even more," Peebles says. In the next 10 years, he adds, the process of internet security and implementations in organizations will become a part of everyday lives. "Just like smart phones. We are always connected. There is always going to need to be a solution in place in order to secure that."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.