Israel Telecommunication provider selects Promisec Clientless Endpoint Security Management solution

09 January 2007

Bezeq is Israel’s national telecommunications provider. The company has led Israel into a new era of communications, based on the most advanced technologies and services. Bezeq and its subsidiaries offer a full range of telecommunication services including domestic, international and cellular phone services; Internet, ADSL, and other data communications; leased lines, and corporate networks.

As many other Telecommunication companies, Bezeq needed a system to protect themselves from multiple threats originating within their internal network that could endanger their business. Threats they are concerned about include the usage of unauthorized applications that may cause security breaches, unfamiliar processes running on their PCs and servers which can turn out to be a Trojan horse or key logger, as well as any irregular activity that could occur on their endpoints.

Another issue that was faced is the availability of several clients deployed on endpoints such as Anti-Virus, Personal Firewalls and others, which need to always be in the ‘Enabled’ state to maintain constant protection. Additionally Telecommunication companies had no way of verifying whether the deployment of endpoint hardening they performed and the implementation of hotfixes and service packs had been completed across all endpoints successfully or not. Also there is no way to check if unlicensed software is installed in its network environment or that confidential documents were not distributed to unauthorized endpoints.

Bezeq as a company is an early adopter of security, deploying the latest, most effective security solutions and practices available hence; they have an extremely strict and aggressive security policy for its employees but lack the ability to enforce the policy.

Since one of Bezeq’s main concerns was to address the availability of clients on endpoint machines, they were looking for a clientless solution that could do this independently to other IT departments without overloading their network resources and manpower. Promisec’s Spectator Professional, its Clientless Endpoint Security Management solution, was a good choice for Bezeq.

Deployed in a matter of minutes, Spectator was ready to run with its preconfigured set of threats to inspect for. Dror Alpart, Bezeq’s SOC Manager, set it to inspect the network for his own specific needs first. Mr. Alpart found this easy to do, without any assistance from the IT department, by simply writing the names of individual applications and processes into the User-Defined module and running Spectator, with no need to neither install a new server nor upgrade any hardware to operate Spectator Professional.

Within a few minutes he received a full report of current and historic activity on the endpoints inspected and found that some had unauthorized files, some had unapproved applications running while others came back showing no signs of any problems.

The next test was to verify that the clients running on their endpoints were indeed installed, and enabled on every PC in the organization. Again, this was simply done by just entering the name of the application into the Registry section of the User-Defined module and assigning the correct registry value to the application so that Spectator can maintain those values.

Bezeq use Spectator Professional in a number of ways, in their own words; “Spectator Professional is a very easy implementation with no need for extra manpower to implementation and use the product. Several tasks are achieved with this one product giving me the knowledge of who is not complying with our organization’s policy.

Spectator enables you to acknowledge all of the processes, Start-up commands, services and applications that are necessary to a company’s business and move these over to a ‘White List’ of known items that do not need reporting on. This ensures that only anomalous events or applications are alerted about and they can be seen in an instant on the report because once a baseline has been set there will only be a limited number of lines to the report. The feature rich Spectator Professional has become a solution that Bezeq have found they cannot do without and has become an essential component of their security arsenal protecting their internal networks.

Bezeq is a customer that uses Spectator Professional to its full monitoring capabilities including the application monitor, allowing them to detect unauthorized applications without using fingerprints or signatures; as well as the Process and Start-Up Monitors that allows them to detect unauthorized activity on their endpoints.

The IT department makes periodic requests from the SOC (Security Operations Center) to identify rogue applications that although not malicious but contravene the company’s policy. This is not just for security purposes but to ensure that the company’s resources are being used for productive business purposes and nothing else. Another reason for these checks is to verify that the number of software licenses in operation is within the number purchased. This saves Bezeq money when it has to purchase new licenses because instead of just purchasing any number of additional licenses they will know exactly the number they need to purchase, thus avoiding the problem of over stocking.

The IT department has also become more interested in Spectator Professional’s ability and periodically makes further requests to the SOC running Spectator for further information about activity on specific endpoints. These requests vary from time to time but are always successfully achieved by the Spectator Professional console.

Benefits of Spectator Policy:
• Enforcement of Security Policy -Spectator Professional enables enforcement of security policies by alerting the IT Security administrators to any violation of the security policy taking place on any endpoint or within the network. if an unauthorized laptop or Access Point has been installed.
• Minimizing the window of opportunity for a security breach to take effect - Running Spectator Professional on a 24*7, continuous basis means that security breaches are detected almost immediately and repaired before any major damage can occur. Spectator inspects endpoints at incredible speed, inspecting 500 endpoints in just over 2 minutes.
• Ensure the availability of endpoint security devices - Spectator Professional is able to verify the availability of security agents installed on endpoints and re-enable them if they have been disabled for any reason. By defining registry values for each application and the ability to reassign the correct registry value if changed by a user (intentionally or accidentally) makes Spectator unrivaled in its protection of the existing security infrastructure.
• Protects against Gateway bypass - While Spectator is independent yet complementary to the existing gateway security apparatus it also protects against the type of threat which can bypass the gateway and open unsecured connections into and out of the organization.
• Audit Reports – The reporting functionality of Spectator Professional enables companies to quickly and easily provide external regulatory bodies with reports to demonstrate their compliance with security regulations.
• User-Defined Module – This module is a very powerful feature of Spectator Professional that offers customers the ability to customize inspection configurations to their own unique needs. Any application, service or process that is specific to an organization can be found without the need for any special coding or Command Line Interface.
• Ensure that deployments have been successful company wide - With it’s centralized Management console Spectator makes it easy for IT administrators, deploy

Print version | email this to a friend Email to a friend | View other articles