The IT department at SNL Financial used to spend countless hours manually providing patches for remote access users. If that wasn't enough, they spent even more time following up with those users in person, to make sure everything was a-ok.
All in all, a half-day a week that could've been spent doing other things was wasted. That is, until last October, when the Charlottesville, Va.-based financial information and research firm rolled out CyberGatekeeper Remote, a network access control appliance from InfoExpress.
SNL Financial doesn't mince words. The company knows that malicious attacks like worms, viruses and Trojan horses are out there. And it knows that remote users are most likely to introduce these threats to the network simply because their laptops are often used in environments other than on the corporate VPN.
With SNL's off-site workforce continually growing, it is now up to about 140, and comprising nearly 30% of the company's total number of end users, Lothamer said the company needed to do something.
"We've had an increase in remote access users, and that's going to continue," he said. That increase, in addition to an increase of the company's overall business, motivated SNL to boost its protection.
The CyberGatekeeper Remote sits between the remote access point and the corporate network. It audits all networked systems continuously for policy compliance. Unqualified systems attempting to access the network are automatically blocked and redirected for remediation. The box protects SNL's network from off-site computers that could be infected, misconfigured or lack the most up-to-date security patches.
"We spent a lot of hours patching remote access systems and following up with end users in person," Lothamer said. Since the CyberGatekeeper was deployed, he has noticed a significant drop in the time spent addressing patches and follow ups. "We've seen some efficiency improvements," he said.
Having a network access control appliance in place allows SNL's IT department to centrally manage the tool, which automatically scans any remote machine trying to access the network, for the latest anti-virus software and other critical updates. If something potentially damaging is found, that user is blocked, quarantined and forced into a remediation area where necessary updates are pushed to their machine. Also, the system can be set to continue with periodic scans throughout a remote session.
According to Lothamer, a lot of the peace of mind comes from knowing that any viruses that may have been missed during manual scans will likely now be found and removed. A lot of the guesswork is eliminated.
"It's going to be there to catch any viruses we may have missed," he said. "The faster these exploits come out, [the more we are able] to have central control and to adjust to things we haven't seen yet."
Both Lothamer and SNL network engineer Mike Vosper said that there wasn't one specific incident that fueled the decision to consider the InfoExpress product. However, they are convinced that deploying it will help them avoid any potential "zero day" exploits their team is working on blocking. A zero day exploit is essentially an exploit that takes advantage of a security vulnerability the same day it becomes generally known, meaning a zero day exploit can take advantage of a vulnerability before a software patch or other fix is created.
In a statement from a press release, Lothamer said, "… with malicious attacks becoming more sophisticated and remote computers being especially vulnerable, we felt we had to take extra precautions to ensure the integrity and safety of our information network."
Because the system is automated, Lothamer said it is less labor intensive on his staff and on the end user, who may have to reboot after remediation, but that's about it.
Dig deeper on Network Security Monitoring and Analysis