Waseca, Minn.-based Brown Printing, the third largest US-based magazine printer, employing 2,200 workers, decided to change its information strategy in this direction by implementing the Mykonos Security Appliance.
Within the first month, Brown Printing found that 10% of its traffic was malicious and identified 300 attacks, including five high-risk hacking attempts – none of which were successful.
“The data that we protect is very important to our clients, such as image files and publication files”, said Keir Asher, senior technical analyst for information technology at Brown.
The company has a portal run on third party software that enables customers and staff to access files and monitor the printing process, Asher said. “As a result, we have become more interested in web-based security”, he explained.
Mykonos approached Brown to be an early adopter of its security appliance, Asher said. “Mykonos’ appliance watches and reacts [to threats] as needed”, he said. Web application firewalls react to the threat, but the Mykonos appliance takes a proactive approach, he added.
“Mykonos enables us to have automated threat monitoring and response.” This alleviates the need to have a dedicated security staff and allows the company to use the resources in more productive areas from a business perspective, Asher explained.
David Koretz, president and chief executive officer of Mykonos Software, said that Brown Printing had no visibility into web application hackers before deploying his company’s security appliance.
“There is a lesson at Brown that could apply to a lot of companies in the US. Stopping reliance on a failed signature-based model that is only good at detecting yesterday’s attacks and shifting to a proactive security model for tomorrow’s attack is going to become instrumental in being able to protect the nation’s infrastructure”, Koretz told Infosecurity.
“Almost all of the nation’s infrastructure is protected by private companies, and most them are just like Brown. They have a web application layer and they have no visibility”, he said. Gaining visibility is the first step in taking a proactive approach to information security. “You can’t take action against something you can’t see”, he added.
Koretz said that proactive information security has three components: early detection, profiling and tracking, and response.
“A major problem with web application firewalls is that you can only see yesterday’s attack. You can only see an attack for which you have already written a signature. That doesn’t make sense”, he said.
“Once you have visibility, you need to be able to profile the attackers so you know if they are major threat. This is crucial if you expect to be proactive and take action to prevent the attack”, he concluded.