Security pros name their must-have tools

16.04.2015
Secure file sharing is imperative for Lawyers Without Borders, a group that works with volunteer lawyers to advance human rights law in conflict-ridden regions. The nonprofit organization, headquartered in Hartford, Conn., uses Intralinks VIA to protect confidential legal documents and court papers from unsanctioned access.

The SaaS solution for content sharing and collaboration is a favorite of Christina Storm, executive director of Lawyers Without Borders (LWOB). The robustness of the product reassures LWOB's multinational law firm partners that the group is meeting their security standards, Storm says, and it's an important safeguard for lawyers in the field.

"The product allows us to securely share documents and court papers. Intralinks VIA also permits us to revoke access to documents in the event the wrong people get ahold of them," Storm says. "This can be a matter of life and death for lawyers doing pro bono work with clients in troubled countries who are battling human trafficking, terrorism and other human rights violations. The interception of sensitive documents by criminals or unfriendly governments can compromise the safety of in-country clients, and in some cases the attorneys with whom they work."

Storm shared LWOB's experience with Intralinks VIA as part of Network World's annual Fave Raves project, which asks IT pros to talk about their favorite enterprise tech products. This year, a number of IT pros chose enterprise security products as their favorites.

A bot fighter won over Tudor James. He's senior manager of digital operations at Yell.com, a Yellow Pages Directory site that was constantly running up against web scraping bots.

"In addition to content theft, web scraping bots impacted our site availability, response times and the productivity of the SysOps team. It was a problem that consumed massive amounts of internal IT resources and costs over the last 10 years," James says. "Despite implementing both in-house engineered solutions and expensive bespoke security services, we always felt like we were playing a losing game of whack-a-mole against these bad actors."

What finally worked Distil Networks' bot detection and mitigation service. The problem disappeared, James says. "We gained back control of our content and website, and our engineering teams could focus on delivering new features for our real users instead of battling bots. We now have far more time to spend on rewarding projects, such as user generated content and engagement of our customers through ratings and reviews."

Paul Calatayud, chief information security officer at Surescripts, raved about Invincea FreeSpace Enterprise.

The endpoint security product "stops advanced end user attacks (spear phishing, drive-by downloads, etc.) via containment, which results in stopping malware from infection," says Calatayud, who oversees information security, audit, and enterprise risk management at the electronic prescribing network. "The world we are in is not about tactical day-to-day breach protection. The real game is proactively detecting abnormalities in systems that were at one point safe and ensuring that your current posture is strong."

"The product is blocking malware from infecting our machines in a big way," Calatayud says, which reduces the risk of data loss and makes life easier for IT. FreeSpace has "reduced the time and labor that was commonly being utilized to handle the traditional anti-virus outbreak incident response process, which often leads to reimaging of machines and productivity loss," Calatayud says.

Two other IT pros who shared their favorite products also hail from the healthcare industry: Josh Bauer, assistant director of network operations at Acorda Therapeutics, and Derek Grocke, service delivery manager at HAMBS.

Acorda Therapeutics -- a biotechnology company based in Ardsley, NY -- uses EMC Syncplicityto secure and distribute content to mobile devices.

"It is an amazing mobile app that offers a great user experience and also offers the security and control we need as a therapeutics company with lots of sensitive information," Bauer says. "Employees can start working on a document on one device and switch to another without any extra steps. It allows teams with folks in multiple locations to remain connected and collaborate on projects. It has also helped increase efficiency and addressed pain points we were having with VPN issues and the limits to attaching large files to emails."

Forum Sentry API gateway is a critical component of the security architecture at HAMBS, a private health insurance software application provider and systems integrator in Australia. "Forum Sentry enabled us to securely expose our APIs to our private health insurance funds, third parties and internal clients and has provided a policy-based platform that is easy to maintain and extend -- all while reducing development time and resources," Grocke says.

Forum Sentry supports multiple authentication and authorization methods, including Basic Auth and OAuth 2.0, and it "provides the SOAP-to-REST conversion we needed to enable RESTful apps to communicate with our existing SOAP infrastructure, which greatly reduced our development effort and future maintenance requirements," Grocke says.

In the retail industry, compliance with the PCI Data Security Standard (PCI DSS) is an issue for companies, which must ensure that they process, store and transmit credit card information in a secure environment. Firehouse Subs, a restaurant chain with more than 860 locations, relies on Netsurion's Managed PCI service.

"Netsurion simplifies PCI for myself, and our franchisees, allowing us to maintain focus on other portions of our business," says Jeremy Gibeault, senior manager of information systems at Firehouse Subs. "Netsurion utilizes a remote setup for their cloud-managed firewalls in each restaurant per our specifications, monitors those firewalls, and alerts us if suspicious traffic is, or has been, attempting to access our network. When the need arises, the customer service has been great and the technical support team at Netsurion is always very responsive which, in turn, allows our franchisees to focus more time on serving our customers and less time dealing with these sorts of issues."

On the cloud front, Bob Vail, director of information security at Pivotal Software, wrote about a service from Adallom that provides visibility into and protection of SaaS applications.

A heavy user of cloud applications, Pivotal Software depends on its SaaS providers to provide the first line of security defense, and it relies on monitoring to validate the SaaS providers' ability to protect Pivotal's hosted assets. Adallom provides a toolset that gives visibility into the services provided so Pivotal can monitor and take actions to remediate any security threats, Vail says.

Pivotal's security team "is relieved of the task of constructing, maintaining and administering our own SEIM systems for the importing, analyzing, alerting and in some important cases reactively remediating threats at our SaaS providers," Vail says. "Instead, Adallom provides a web-based dashboard that provides our security operations team constant visibility into our SaaS activities. With the easy-to-configure alerts and policies, we can automatically remediate known threats, notify our users of security violations, provide detailed reports and assist our system administrators to improve processes that keep our online assets secure."

Bill Dickerson, network security administrator at Iowa Vocational Rehabilitation Services, raved about the configurability and reliability of NCP's enterprise VPN solution -- and its performance.

"When we began using NCP's VPN client on our Windows desktops, it connected in a fraction of the time when compared to the solution we used previously," Dickerson says. "Additionally, we've had zero failures throughout the years we've been using the VPN client. It's nice not having to deal with connection issues due to product failures or instability ... It is a secure solution that just plain works."

(www.networkworld.com)

Ann Bednarz