Quickly shrinking its attack surface and reducing risk from ransomware
Industry: Insurance
Environment:
Challenge: Minimize risk by understanding traffic flows and limiting user-to-server interactions
Solution: Illumio Core
Results:
Full understanding of traffic across hybrid, multi-cloud environments.
Simple, fast security controls to protect critical servers.
Ability to visualize risk and the impact of new or changed rules
Brooks is all about making sure customers can “Run Happy.” The retailer’s ultimate goal is to make each run better than the last. And it’s primed to deliver.
A subsidiary of Berkshire Hathaway, Brooks entered the billion-dollar brand club in 2021, claiming a top spot in the performance running market.
But the business also faces the stark reality that ransomware is running rampant. Modern retail networks represent an expanding attack surface, making retail brands a prime target. An attack could cause major operational and reputational damage.
Brooks must ensure its systems that allow customers and retail clients to procure products run happy — securely.
“Our highest security priority is to minimize risk for the business,” explains Ryan Fried, Senior Security Engineer at Brooks. “Being in the retail and e-commerce space, strengthening controls against ransomware is at the center of almost everything we do.”
Fried identified the need for microsegmentation to bolster ransomware resilience and mitigate the risks of a largely flat network.
The first order of business would be to lock down unauthorized access to servers.
“With an IT team of fewer than 100 people worldwide, 99 percent of users don’t need to access servers,” says Fried. “If a user is infected by ransomware, we need to ensure the attack won’t spread to servers and affect availability and operations.”
Ease of use and efficiency are essentials for any new measure the five-member security team implements. Network-based segmentation using existing firewalls would be rife with complexity and limitations and put the operational onus on Brooks’ sole network engineer.
Based on past experience using Illumio Core, Fried knew it was a perfect fit for Brooks. Illumio simplifies segmentation, empowering the whole team to use the product, regardless of role. This speeds progress towards the ultimate goal of reducing risk.
“With Illumio, it’s incredibly easy to take a data-driven approach to microsegmentation,” Fried says. “We can monitor flows in and out of servers, and those insights help us design a more effective security strategy. Being able to visually test the impact of our strategy has been a game changer for us.”
Brooks has quickly shrunk its potential attack surface thanks to Illumio’s flexible options for enforcing segmentation.
By selectively applying deny rules for all but essential user-to-server traffic, the retailer gained fast protection of hundreds of Windows servers.
This method buys Fried and team time to progress towards the Zero Trust standard for allow-listing. It also gives them proactive protection against ransomware, with the ability to instantly block common pathways, such as Remote Desktop Protocol (RDP), to critical servers.
Brooks is currently months ahead of its forecasted timeline for the initial phase of implementation.
"We’ve moved much faster than we thought we would,” Fried says. “Illumio has allowed us to safely and efficiently execute our plans with zero application downtime or user impact.”
The team realizes ongoing benefits from:
