Malware, Network Security, Security Strategy, Plan, Budget

Case study: Malware checkout

A hotel chain sought relief from malware on its workstations throughout the United States. Greg Masters reports.

In the hospitality industry, it's all about a comfortable and efficient experience for the customer. It's vital too that guests feel pampered and well taken care of. So, when the IT staff at Thayer Lodging Group began having some challenges with its computer network owing to malware attacks, too much time was being diverted to cleaning out the infections and maintaining the integrity of the operations. Any possibility of a speed bump in its level of service to both its customers and the staff handling operations just was not on the itinerary.

Thayer Lodging Group – an Annapolis, Md.-based, privately held hotel investment company owning or managing 18 hotels mostly clustered on the Eastern Seaboard, but stretching as far as California – is fairly sizable. Its IT department, consisting of just a few people whose purview extends from the data center to the TVs in 4,429 guest rooms, was swamped. In 2007, the team started accelerating Thayer's move to virtualization and the cloud, but as of late 2010 it still hosted its endpoint security in-house. The software was neither centrally managed nor effective, and the result was a lot of workstations with malware. 

Plus, on more than one occasion, the software harmed the computers it was meant to protect, causing the servers to freeze. After this happened a number of times, Mike Dickersbach (right), vice president of information technology for Thayer Lodging Group, started looking for a fix to the problem. “We needed a solution that would not only secure the endpoints, but also help Thayer Lodging comply with centralized reporting, event logging and other Payment Card Industry (PCI) rules,” he says.

The goal was to reduce the overall time spent fixing glitches and lessen the aggravation from end-users coming up against issues with their computers. Additionally, Dickersbach wanted his team to be able to manage network operations from a central point.

Along with his network engineering team, he looked at a number of traditional anti-virus products, but all of them required a server install of some kind in order to monitor and push updates. Symantec, he says, provided the only product that offered truly cloud-based management.

He received a beta version of Symantec Endpoint, and, when the service became generally available in early 2011, extended it to all 150 endpoints in the company – physical and virtual servers, laptops and desktops.  Costs and management of the product were key factors, he says. “It was less costly to deploy Symantec's solution than it was to keep deploying a traditional AV product.”

Symantec Endpoint includes advanced technologies that help protect systems without requiring additional hardware, management software or dedicated IT staffing, says Andrew Singer, director, security product marketing SMB and at Mountain View, Calif.-based Symantec. Automatic security updates occur transparently over an internet connection, enabling systems to stay current with the latest updates. As well, laptops and desktops receive intelligent scanning technologies that help maximize protection while minimizing impact on system performance, he says.

A subscription fee replaces upfront expenses with affordable, predictable costs, he adds. Plus, the solution is fast to set up and implement and can be deployed to clients via standard download, email invitation or silently can be pushed to a network. “The service is efficiently managed from a central web-based management console that is accessible from an internet connection, and administrators benefit from pre-set security policies and report templates,” he says. Upgrades occur automatically and new features are introduced frequently – and included as part of the service, Singer says. Further, the service can scale to incorporate new endpoints without requiring additional hardware or management software.

As for Thayer, specifically, all went fairly well. Deployment of the tool throughout Thayer facilities and among its mobile workforce went smoothly, Thayer's Dickersbach says. “We wanted something that was easy to deploy, manageable from any internet connection and accessible on our schedule,” he says. “The Symantec Endpoint delivered on all accounts. The tool has been a huge plus for us because it removes routine maintenance-related tasks. Managing the actual core of the software and how users interact with it is much more important to me than worrying about hardware.”

He  estimates that Symantec Endpoint has reduced the amount of time spent managing security by at least half while improving coverage – especially for Thayer Lodging's executive management, which spends substantial time on the road visiting its various properties. “Because endpoint protection is now cloud-based, it follows them wherever they travel,” Dickersbach says.

And, he adds, “with the central event logging and central monitoring, it gives us a single point to access these logs when issues arise.”

Based on Thayer's success with the tool, Dickersbach says the hotel deployed Symantec Enterprise to archive email for corporate office in mid-2011. “We are also currently revising our disaster recovery plan and strategy as we want to get our data into a secure, cloud-based data center, so we can redeploy it quickly on separate hardware if need be,” he says. To accomplish this objective, he says he is looking to migrate Thayer Lodging's longstanding Symantec Backup Exec environment to Backup when it becomes available.

“For us, its securing the endpoints that have the most exposure, in this case our end-users with corporate laptops and desktops,” says Dickersbach. “We have put a good focus in this area and the boundary defense to help with our security needs.”

Protection: Via the cloud

Symantec Endpoint  offers the following:

  • Log on to web-based management console;
  • Deploy agent to individual endpoints or silently push the solution to the network;
  • On installation, preconfigured policies are enabled for the agent to include anti-virus, anti-spyware, firewall, and host intrusion prevention;
  • After the install, agent proactively refreshes the latest security definitions and updates;
  • Administrator can use management console to set custom policies and push to all endpoints in the network;
  • Administrator can use management console for ongoing maintenance including deploying new endpoints, viewing status, managing remote clients.

Source: Symantec

Photo 1: One of Thayer Lodging Group's properties: Wyndham Lisle – Chicago Hotel and Executive Meeting Center

Photo 2: One of Thayer Lodging Group's properties: Double Tree Hotel & Executive Meeting Center, Palm Beach Gardens, Fla.

For reprints of this case study, contact Elton Wong at [email protected] or 646-638-6101. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.