How Managed Detection and Response Keeps Local Bank Customers Safe
Easier management, access to live expertise and a comprehensive solution suite persuaded First State Community Bank to deploy MDR. Now, its IT leaders sleep better — literally.
In March 2021, worldwide headlines warned of zero-day vulnerabilities on Microsoft Exchange servers. By the time they were discovered, tens of thousands of organizations had fallen victim to attacks. The news broke just as First State Community Bank was wrapping up installation of its new security suite, and Brandon Hale, assistant vice president and IT general manager, wondered how the product fared in the crisis.
He learned that the bank’s new Cisco Managed Detection and Response (MDR) platform was looking for similar vulnerabilities before anyone knew of the problem. “It would have picked that exploit up before it was even announced, based on the signatures that it already had,” says Hale. “It had already proved itself in the first month that we had it, so that was a pretty ‘wow’ moment.”
MDR isn’t a radical departure from Farmington, Mo.-based First State Community Bank’s previous security infrastructure. In fact, it utilizes many of the Cisco tools that the bank has counted on for years. However, instead of one-off solutions that address specific needs and work in isolation, MDR integrates and supplements those tools. It uses artificial intelligence and machine learning to implement the tools in concert with one another, offering a stronger, easier-to-manage security program — essential for an IT team of 10 managing the infrastructure of a $3.4 billion bank with 750 employees.
“It fundamentally changed the landscape of our security presence. As an organization, we recognized that we wanted to take proactive steps to make sure that our customers’ data is secure.”
Brandon Hale, Assistant Vice President and IT General Manager, First State Community Bank
MDR’s integration is a departure from many security products, which work in isolation. It incorporates the bank’s anti-virus, web filter, perimeter defense, firewall and more, and it actively monitors all those systems.
“It takes all those pieces, which each require a lot of configuration, and ties them together — it’s an amazing tool,” says Shawn McBroom, First State’s information security administrator. That integration simplifies logging and reporting, which helps with auditing and regulatory requirements, and provides the bank with new insight into its infrastructure.
280 days
The average amount of time it takes to identify and contain a breach, at an average cost of $3.86 million.
Source: IBM Security, “Cost of a Data Breach Report 2020,” July 2020 (PDF)
With Cisco MDR, Businesses Access Human Security Expertise
What really sold the bank on managed detection and response was its 24/7 access to live security experts who can investigate and respond to alerts in real time on the bank’s cloud, on-premises network and endpoints.
First State Community Bank’s old infrastructure consisted of industry-standard products that watched the network 24/7, but if it spotted an anomaly, it would send email alerts to the team and trigger an autodialer that would call Hale and McBroom — night or day.
“If something looked suspicious at 2 a.m., we were usually on the phone with each other,” says Hale, adding that they were typically awakened by alerts two or three times a week. Their boss, Senior Vice President Don Gann, first raised the idea of finding a solution that could take the pressure off them and provide a team of experts to watch their network around the clock.
MDR doesn’t completely eliminate the late-night calls, but they’re once or twice a month now, instead of several times a week. MDR automatically monitors the network, and Cisco’s security operations center (SOC) experts act on alerts based on a playbook that First State Community Bank created with help from Cisco and CDW. For serious threats, they’ll call Hale and McBroom.
“It reduces the stress and saves us time to focus on other things. It’s definitely helped me sleep at night.”
Shawn McBroom, Information Security Administrator, First State Community Bank
“They’re going to look at that file that someone attempted to download and determine if it’s malicious,” says McBroom. “If they find something that needs action from us, and it’s a high-enough priority, they'll give us a call. So I may get a call at 3 a.m., but at least I’m not getting up at 3 a.m. just to figure out whether or not there’s anything to be worried about.”
That solves an age-old problem with security solutions: Too many false positives can overwhelm or even desensitize IT administrators. “Some security tools are just noise,” says McBroom. Before implementing MDR, his team created tickets for every alert from Cisco Advanced Malware Protection (AMP) for Endpoints, one of the tools in MDR that the bank had been using before deploying the suite. “That was very noisy. Sometimes those events would pile up. It took a lot of our time to really investigate those.”
Now, MDR monitors such alerts from AMP and the other tools and only escalates the true threats. “It’s nice to know that they’re investigating that without us having to be involved in some of those lower-priority issues,” says McBroom. “It reduces the stress and saves us time to focus on other things. It’s definitely helped me sleep at night.”
MDR Takes the Pressure of Security Management Off Businesses
First State Community Bank’s IT team told CDW Field Account Executive Nick Dunne and Senior Account Manager Matt Wilcox about their goals. “They wanted a security software package that was going to do a lot of the day-to-day work for them,” says Dunne.
That can be a challenge for many small and medium-sized businesses because they may not be familiar with newer offerings. Security products used to have niche specialties, resulting in a hodgepodge of infrastructure components.
Such cluttered security environments can leave businesses exposed to threats, and the growing number of remote workers since the start of the COVID-19 pandemic has compounded the problem, says Laura DiDio, principal analyst at Information Technology Intelligence Consulting (ITIC). DiDio conducted a survey this year that found a 29 percent increase in successful security hacks since the onset of the pandemic.
CDW works with clients to determine their top priorities and helps them map out a holistic vision of what they want their security architecture to look like. From there, CDW presents them with products from a variety of vendors that can best help them achieve that, says Dunne.
“Normally, when you turn on systems like this, there’s a floodgate of false positives. But based on Shawn’s efforts and the CDW team, they were very minimal. It was seamless.”
Brandon Hale, Assistant Vice President and IT General Manager, First State Community Bank
That knowledge-based, objective perspective was invaluable for the First State Community Bank team, says Hale. “They were very open and honest,” he adds. “They sold all of the options, so it didn’t really matter to them what solution we wanted to go with.”
In March 2020, as they were vetting products, Cisco announced its new MDR product. “I knew what Shawn and Brandon were looking for, and that’s exactly what MDR delivers,” says Eric Kellenberger, a security senior field solution architect with CDW. “Managing alerts, detecting issues, analyzing those alerts, doing an investigation and coordinating a response: It takes that heavy burden off of the customer’s shoulders and hands it off to a talented third party, the Cisco SOC team.”
CDW worked with Cisco to secure a competitive rate on MDR, bundling the bank’s existing security licenses into a three-year enterprise agreement that shaved additional costs, explains Dunne.
Kellenberger says many small and medium-sized companies struggle with similar challenges. “The question isn’t so much, ‘Do I have all the right security components in place?’ It’s ‘How do I manage all those various components?’” he says. “More and more of our customers are turning toward some aspect of a managed solution. It’s easier to outsource that than do it yourself.”
Cisco Security Is a One-Stop Shop
When First State Community Bank deployed Cisco Managed Detection and Response, it had already been using several Cisco security tools, which simplified the implementation, says CDW Security Senior Field Solution Architect Eric Kellenberger. The bank integrated MDR with the following Cisco tools already in place:
- Umbrella provides the first line of defense, blocking threats on the internet before they reach the network or endpoints.
- Advanced Malware Protection (AMP) for Endpoints detects any behavior out of the ordinary on endpoints. “AMP actually caught a lot more than our traditional anti-virus system,” says Shawn McBroom, information security administrator at First State Community Bank.
- Identity Services Engine and AnyConnect, which authenticate devices on the network and VPN, and Cisco Email Security were other tools that First State Community Bank used before deploying MDR.
The bank also added the following Cisco security solutions along with MDR:
- Stealthwatch Cloud monitors cloud resources and the internal network, including encrypted traffic. McBroom utilizes a feature within Stealthwatch to tag traffic from specified countries. “If we see any activity between our network and those countries, it lights up on a map,” he says.
- Threat Grid executes files detected by AMP in a sandbox environment, providing administrators with detailed data about incidents, including the ability to watch applications’ execution in the Threat Grid portal.
- SecureX brings together all the tools in the MDR suite through a high-level dashboard that administrators can use to drill down to specific tools.
Implementing Managed Detection and Response Was Simple with CDW
Once First State Community Bank decided on MDR, it was smooth sailing.
McBroom spent three and half weeks working on the implementation with Kellenberger and Shawn Windle, a former CDW security technical lead, as well as representatives from Cisco, who helped integrate the products in MDR.
Together, they created the playbook that dictates how the MDR monitors should handle alerts; for instance, what types of activity can be dismissed, what should be investigated further, what warrants isolating a machine and when bank staff should be notified. “There are all sorts of things they can do,” says McBroom.
Hale was surprised at how quickly MDR made a difference. “Normally, when you turn on systems like this, there’s a floodgate of false positives. But based on Shawn’s efforts and the CDW team, they were very minimal,” he says. “It was seamless.”
CDW was instrumental in that process, he adds. “The wealth of knowledge that they brought to the table, as well as on our side with Shawn — they complemented each other extremely well,” he says. “CDW’s support was phenomenal.”
Photography by Dan Videtich
With security breaches all but inevitable, organizations need effective incident response solutions.
MKT52196