Our client, a premium global retail chain retailer based in Seattle, required a resource to configure and implement security software for detecting malware on the company network nationwide. A Kalles Group consultant was brought in as a technical project manager in the Information Security and Compliance (ISC) group to manage the effort.
The main stakeholders for the project were the directors of ISC and the various security team managers. Initially, organization leadership did not know the state their network security systems were in; they needed a strategy to learn where they had vulnerabilities, if they’d been breached already, and some baselines for tracking security events.
While most stakeholders were open to the needs and goals of the project, the development team that manages the point of sale (POS) registers was apprehensive because of upcoming high impact sales events and the possibility of systems being offline. There could be no room for error if the deployment of new security software caused conflicts with POS systems.
As an initial task, Kalles Group conducted a network architectural review and then worked with Network Services, IT, and Infrastructure groups to create an assessment which included a comprehensive diagram of the company’s network infrastructure. This provided the foundation for strategic planning and the tactical implementation of the security solution.
The cyber-security and malware protection software, FireEye, was chosen as a third party solution, providing a suite of security applications including those most important to the project.
With the software solution adopted, Kalles Group worked with project sponsors and the project manager to make sure technical aspects of the project were feasible, analyzing the technical solutions to evaluate whether they could be executed on time, establish baselines for security protocols, and be implemented across the entire organization within acceptable impact guidelines.
After the network assessment and stakeholder signoff on the solutions, project team and stakeholders agreed that the goal (what success “looked like”) was 80% reporting across all company systems.
The FireEye software suite provided several specific components that could be used to implement solutions for the security issues displayed in the network infrastructure assessment. The main components utilized included:
- A network tap, a hardware appliance that gathers all the information that goes across the network wire, tracking and recording everything going across the network. Analytics can then be performed on this data, with the top priority looking for indicators of compromise (IOCs).
- Agents loaded on a server or system that can track all processes running, searching for and identifying instances of malware incursion.
- A log aggregator, an application that looks at all event logs from individual computers, identifying data and issues that can be rolled up into analytics. All individual employee computers and POS registers were covered, including the capability to identify POS security breaches.
The hardware installations, taps, and aggregators were implemented for the company’s entire enterprise network of about 500 different connections.
After successful configuration and deployment of FireEye components across the enterprise, the original goal of 80% reporting on all company systems was surpassed with 95% data reporting coming in across the implemented solution. In addition:
- After implementation and deployment, there were no instances of indicators or breaches found across organization systems.
- The organization now has a foundation to plan their cyber-security strategy around.
- Information is now reported up to senior leadership and the board of directors, providing a high degree of confidence regarding where they need to focus security resources over the next few years.
- The company will learn about breeches before their customers and thus maintain a higher degree of consumer confidence.
The company now has more control over their network system security and, rather than being in the reactive state waiting for breeches to occur and risking their customers’ personal data, they can move forward with a mapped out security strategy and the proven technology to carry it out.
Furthermore, the visual representation of the entire organization’s network infrastructure developed by Kalles Group is an asset that can be used going forward to continue to contribute toward future information security solutions.
After successful configuration and deployment of FireEye components across the enterprise, the original goal of 80% reporting on all company systems was surpassed with 95% data reporting coming in across the implemented solution.