Network Security, Malware, Network Security

Game play: A case study in security

Keeping the network operations going at an amusement game company takes more than a roll of quarters, reports Greg Masters.

For a company that supplies vending machines and arcade games across the southeast United States and South America, it's far from amusing when a “tilt” alert goes up on its network operations.

When the Brady Distributing Co. began operations in 1944, delivering Wurlitzer jukeboxes involved some paperwork, a few trucks and strong backs. Now after 70 years, it has added pool tables, vending machines and pinball and video games to the mix – all operated out of a 84,000 square-foot facility in Charlotte, N.C., with branch offices in Memphis, Tenn., and Miami and Orlando, Fla. Brady works with more than 70 manufacturers, making it the second largest distribution company in the amusement games and vending machine industry. There are about 120 employees throughout the organization.

But, a new game came to town that threatened the day-to-day operations of the enterprise and its branches: malware and distributed denial of service (DDoS) attacks. And despite an IT staff consisting of only one person, infrastructure support must reach all of its far-flung offices, as well as its customers – who span from Texas to Oklahoma to the East Coast and into the Caribbean and South America, says Rick Baird, the company's IT department manager.

“Our remote offices are not very large, so we use a multiprotocol label switching (MPLS) network and Citrix gateway to route our satellite branches into our main network where we host our business software and applications,” he says. Baird had installed a firewall on the company's MPLS network and a content-filtering appliance to block undesirable websites, but these just didn't provide enough security, he says. In particular, content filtering by domain name was inadequate. As soon as he would block a site containing malicious content, another one would pop up. Brady has anti-virus software, but its desktops – especially the ones in the remote offices – were still getting infected.

“We rely on technology to connect our offices and service to those customers around the world,” he says. “As well, malware and viruses could result in a customer information breach, and reduces our employee productivity by creating a lot of extra work for our IT staff, which has better things to do than deal with infected PCs.”

Baird also was concerned that a DDoS attack could disrupt the business, especially as it expands its online presence. Brady had experienced SYN flood attacks [wherein an attacker attempts to overload a system by repeatedly sending SYN requests], but its network firewall can't stop everything, Baird says. Taken together, Baird decided another defensive layer was needed to block malware on the network and mitigate against DDoS attacks.

He and a team of executives considered a number of intrusion prevention systems (IPS). The choice was a solution from Corero Network Security, based in Hudson, Mass.

“Corero was the only solution we found that provides true, three-dimensional protection – from malware defense to firewalling to anti-DDoS,” says Baird.

He says he was thrilled with the deployment. Within an hour, Corero had the solution set up, and then customized the configuration to meet Brady's environment and specific needs. Within days the system was tweaked and running by itself.  

“They walked us through the entire process, and continue to support us from soup to nuts,” Baird says. “That has made all the difference.”

The IPS includes hardware and software components that are shipped to the customer's data center, where the IT department deploys it as an inline network device, says Mike Paquette, chief strategy officer at Corero (formerly Top Layer Security). “A few quick configuration steps later, their clients and servers are protected against remote exploits, malware and other network-borne cyberattacks that might occur.”

What differentiates the Corero solution from the competition, says Paquette, is that its IPS provides network- and application-layer DDoS defense, policy-based stateful firewall filtering, and two-stage protection and immunity to advanced evasion techniques, in a reliable, integrated, “green” platform.

Baird says that at Brady, he continues to apply the updates and advisories that Corero distributes, but beyond that no other changes have been needed. “Since we installed the solution, securing the network has gotten so much easier, and I can focus on work that helps the business rather than firefighting things, like malware infections,” he says.

Corero provides Brady with the protection it needs, and regular updates keep the game distributor ahead of the curve, says Baird. “Our network is more secure than ever.”

Further, the solution assists with compliance requirements. The company's online transactions and personal information handling fall under the Payment Card Industry Data Security Standards requirements, as well as multiple state data breach notification laws. “Corero provides a reporting and audit trail to help us document the protection we have.”

Brady expects to expand its use of the product as the company grows its operations. To achieve that, it soon will be hosting a new website to handle more orders. Currently, five percent of its business comes from online orders, but that will grow to 15 to 20 percent once the new site is in place, Baird says. “This will be worth millions of dollars to us, and if something like a DDoS attack were to disrupt our business, we could lose a lot of revenue.”
And as the company relies more heavily on the internet, and threats grow more frequent and represent an increasingly greater threat to the business, “good-enough security isn't good enough anymore,” Baird says.

Corero's IPS provides significant out-of-the-box attack protection, says Paquette. In addition, customers subscribe to the company's SecureWatch threat update service to receive Protection Packs that include new and updated rules and signatures to protect against new vulnerabilities, or detect and block the latest exploits. The packs also include internet topology and IP address-based filtering information.

Because IPS sits inline, Baird says he was concerned about latency and its impact on employees and the business, particularly since all of Brady's offices are connected through the main corporate network. “It's absolutely critical that we have the internet connections and all security systems up and running as fast as possible so that everyone can work as smoothly as possible,” he says. “With Corero, we have experienced no slowdowns or delays on the network.”

For reprints of this case study, contact Elton Wong at [email protected] or 646-638-6101. 

Related

New Muddled Libra attacks set sights on cloud

Attacks by the Muddled Libra threat operation — also known as UNC3944, Scattered Spider, Scatter Swine, and Starfraud — have been redirected at cloud service providers and software-as-a-service apps as part of efforts to bolster its data extortion efforts, reports The Hacker News.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.