SIRVA

View the Sirva Case Study

SIRVA Taps ForeScout to Boost Zero Day Protection with IPS

“From the onset, we knew exactly what we needed and were not willing to settle for anything less. CounterACT and CounterACT Edge have not just met our expectation, they have exceeded them.”

– Waqas Akkawi, Director of Information Security

Challenge:
  • SIRVA, Inc. provides relocation and moving services to organizations and individual consumers around the world. Some of SIRVA’s well-known brands include Allied, Allied International, Global, and northAmerican.
  • SIRVA’s old IPS system produced many false positives and required a lot of management attention.
  • SIRVA’s Director of Information Security, Waqas Akkawi, wanted to implement a new IPS system with that met the following goals:
    • Block zero-day and targeted attacks
    • Require a minimum of administration and tuning effort
    • Produce few false positives
    • Improve SIRVA’s ability to comply with federal and state information security and privacy regulations such as Massachusetts CMR 201.
    • Help protect the personal identifiable information of SIRVA’s customers
Solution:
  • Waqas Akkawi put together a team to evaluate how various IPS products responded to certain types of attacks and also to assess how much configuration and fine-tuning would be necessary. Of the products they tested, many relied on threat signatures, and they produced many false positives. These characteristics were undesirable because they required a large amount of management overhead, and they were poor at detecting zero-day threats. That cemented their decision to go with a behavior-based approach for their new IPS system.
  • “Because much of the risk from zero day attacks stem from guest machines on our network, it became evident that we would need to implement a NAC system as well—one that could be deployed without a major network redesign. Price, ease of deployment, ease of use and scalability were major considerations. As we moved forward with separate IPS and NAC efforts, we began to see the benefits of a more integrated approach. ForeScout offers both NAC and IPS that, when used together, results in a much more robust and holistic approach.”
  • “We had very explicit requirements for IPS, and ForeScout CounterACT Edge was able to meet them all. What pretty much sealed the deal is the fact that ForeScout CounterACT enables us to continually monitor devices once they are on our network—something most NAC systems are incapable of. “
Results:
  • CounterACT Edge has allowed Akkawi to retire legacy intrusion detection systems (IDS) that he had in place from multiple vendors. It’s also reduced the load on his Cisco firewalls. “Rather than the firewall being at 50% CPU consumption inspecting all these packets and connections, the firewall is now down to 5% CPU consumption.” Offloading work from his firewalls has improved network performance.  In the past, if the network perimeter was getting hit hard, his firewalls would grind everything to a halt as they tried to inspect every packet. Legitimate traffic would get hung up in the queue with malicious traffic.  “With CounterACT Edge in place, the firewall just processes legitimate traffic.”
  • “Because CounterACT does discovery before enforcement, we have been able to automate policy enforcement for guest and contractor machines, which has been incredibly useful. CounterACT enables us to provide everyone with access to the resources they need and enables us to immediately identify and respond to suspicious activity.”
  • “What is great about both ForeScout products is that they have an intuitive interface, and both systems can be managed from a single console. CounterACT sees everything on our network, and so we know that all devices are being monitored for potential threats before and after network access
  • “Together, ForeScout CounterACT and CounterACT Edge provide us with a complete, real time view of our network environment and the ability to proactively set and enforce policies. This is incredibly strategic for us—we have become more proactive, with complete situational awareness. We can receive alerts, reports, threat levels or policy violations within the environment immediately. Furthermore, automating policies for guest access, security settings and mobile security means that we can better fortify our defenses and meet our compliance requirements. This results in a higher level of productivity for my team and, most importantly, better data security for our customers.”