Taking Security-as-a-Service To New Levels

security 265130


Original article:


An MSSP’s (managed security services provider’s) ability to quickly assess and implement a PCI-compliant security solution was critical to winning a 4,500-location security implementation with a retailer.

Nuspire Networks’ name has become synonymous with large managed security deals over the years. The MSSP, which has hundreds of employees, boasts customer wins with notable names such as Volkswagen of America and General Motors, just to name a couple. But, a more recent IT win with a 4,500-location retail franchise reveals another impressive characteristic about Nuspire, which is this: Even though it’s a large MSSP, it knows how to leverage technology as well as its team of security experts to respond to clients’ needs in a very timely fashion.

A Retail Franchisor’s Biggest Nightmare: PCI Compliance
Security has become a top concern among retailers, and complying with PCI DSS (Data Security Standards) is missioncritical. As big a challenge that security is for large retailers, it’s that much more difficult for franchisors, which often have much less control over franchisees’ IT security decisions. “Franchisees are typically free to make their own decisions when it comes to selecting IT and security solutions,” says Tony Petcou, channel manager with Nuspire Networks. “The problem is that if one franchisee doesn’t implement the proper security measures and a data breach occurs, it reflects poorly on the entire franchise.”

This was the predicament one of Nuspire’s customers was in. “No breaches had occurred, but the franchisor knew that each of its 4,500 stores offered merchandise financing, and corporate had no way to ensure every branch was following PCI best practices,” says Petcou.

Assessing Security Risks At 4,500 Retail Locations
Nuspire was contracted by the franchisor to evaluate the 4,500 retail locations and report on its findings. The Nuspire security team rolled out a Web portal and survey tool to track and report on a variety of statistics. In a six-month period, the MSSP surveyed more than 90 percent of the retail facilities. “We enlisted the help of more than a dozen of our consultants to assess each location’s antivirus [AV], wireless network, desktops, and backup,” says Petcou. “In the end, we discovered that less than 30 percent of the franchisees had compliant Internet access and 20 percent of franchisees were not using any active IPS [intrusion prevention system] monitoring at their network gateway.”

After presenting the information, Nuspire was contracted by the customer to come up with a solution. The MSSP put together an offering that leveraged a volume discount for the retailer and included live IT consultant desk support, live IT tech support, and packages that included everything from installation to RMA (return merchandise authorization) and break-fix services. The franchisor also helped Nuspire’s proposal by sending a letter to each franchisee strongly recommending for the integrity of the brand that they complete the assessment and consider using Nuspire’s services to ensure PCI compliance.

Managed Security To The Rescue

After conducting the network consultation, Nuspire communicated the executive summary to each location, including details about its NuSecure managed security service, and made the offer available through a secure portal it calls TRAX. The TRAX portal gives users real-time visibility on the status of their network devices, security posture, tickets, and on-site support issues including analysis of network trends and availability.

The Nuspire NuSecure suite includes NuSecure Desktop Security (which includes managed antivirus software rebranded from F-Secure), NuSecure Gateway security, and NuSecure SIEM (security information and event manager) Monitoring-as- a-Service (SMaaS). The service provides network management, monitoring, and support while leveraging franchisees’ existing technologies and equipment. The result is proactive network management, without the up-front investment, time, or resources needed to manage the network locally.

After communicating the executive summary to each location, the final decision is left to each franchisee to decide whether to take any actions, including which service provider to use. If a location chooses to go with Nuspire’s turnkey solution, the MSSP gathers the specific branch’s network data and configures a security appliance. “We can ship and remotely install the device with the point of contact on-site,” says Petcou. Nuspire also offers on-site installation for locations for an additional fee, but more than 90 percent of installations are performed remotely.

To date, 75 percent of the franchisees are using at least one of the NuSecure services, and 40 percent have deployed multiple services. “We’re now collecting, storing, aggregating, correlating, alerting on, and proactively remediating more than 500 million logs per day for this client and its remote locations,” says Petcou. “Equally satisfying is the fact that we have achieved a 98 percent customer satisfaction rating with our network efficiency and availability since the implementation, and the initial program has already led to three additional management projects as the retailer implements new technologies at its remote sites.”