Evans and Dixon Law Firm Increases Protection from Cyber Threats
Founded in 1945, Evans & Dixon is a law firm that represents corporate clients across multiple areas of practice ranging from insurance defense to corporate workman’s compensation, HR claims to patents and copyrights. Working with high profile, Fortune 1000 clients, the law firm is vigilant in protecting not only its own internal network, but also the sensitive data and intellectual property of its clients.
In an effort to augment its IT resources, the law firm has outsourced a portion of its cybersecurity to a Managed Security Service Provider (MSSP). While their MSSP provides 24x7 monitoring and management of their IDS/IPS, the internal IT team manages their own firewall, web filtering, virus protection, and email security products. Additionally, as the law firm operates both collections and workman’s compensation divisions, they must comply with both PCI and HIPAA regulations.
After learning about how the Bandura ThreatBlockr platform blocks known bad IP addresses and domains from multiple sources (including industry specific third-party feeds) at scale with no latency, plus the benefits that the platform would provide to their current firewall security deployment, the CIO decided to evaluate the Bandura Cyber through its free, no-obligation, 30 day trial.
The Value of the ThreatBlockr Platform
A key component to the law firm’s security stack is its firewall and managed IDS/IPS. As with most firewall vendors, the law firm’s firewall offered some threat intelligence functionality. Additionally, the law firm’s MSSP managed their threat signatures as part of their subscription services. Understanding that most attacks would occur outside the firewall, Jeff Sheldon, CIO Evans Dixon Law Firm decided to test the deployment of the Bandura ThreatBlockr platform internally, behind his current security defenses, to see what traffic was passing, and potentially getting through, to the internal network.
“It was eye-opening. There still was a lot of stuff getting through our firewall and IDS/IPS. The traffic passing through might not have been malicious, but it was still passing through from the outside”
Once Jeff recognized the traffic that was being passed through their security defenses, the law firm re- deployed the Bandura ThreatBlockr platform to the perimeter, in front of the firewall, where it has been protecting the internal network for several years. A loyal customer, the law firm decided to upgrade their Bandura device to accommodate for faster throughput and additional providers.
The "Why" Behind Evans & Dixon's Firewall Performance Issue
The growing threat scale problem requires organizations to have a broad-based view of threat activity across a range of sources, including commercial, open source, industry, and government. Threat intelligence must come from multiple sources and perspectives, which means that the vendor-specific threat intelligence that comes in next-generation firewalls is inadequate. Even for firewalls that ingest external or third-party threat intelligence feeds, they often cap the amount at 300,000 unique IP indicators. Blocking known malicious IPs and domains before they reach the firewall frees up firewall processing power for more complex threats and more CPU-intensive activities, such as deep packet inspection.
Increased Protection for Cyber Threats and Third Party Risks
The data that Evans & Dixon is charged to protect is highly sensitive. Representing high profile clients across a broad range of industries, including financial, insurance, manufacturing, and retail, the law firm is especially concerned about third-party risk.
“For example, if you are a Chinese spy and you want the plans for a new fighter plane...you are going to have a hard time getting into the manufacturer’s network. However, if there is a company working with that manufacturer, you will target them...”
According to the 2019 DBIR, phishing represents 90% of social engineering incidents and 93% of breaches, with email continuing to be the most common vector at 96%. The Bandura ThreatBlockr platform can block phishing attacks and their associated ransomware attacks by identifying and blocking the known malicious IP addresses and domains from which they originate, as well as protecting the network from outbound malware, inadvertently opened, from inside the network.
Greater Visibility and Control
One example of policy enforcement on the Bandura ThreatBlockr platform is geo- blocking. While this feature/functionality is often available on firewall technology, it lacks the robust visibility and agility to block from the massive volume of ever-changing malicious IPs, which often change on a daily basis. This is especially critical in stopping malicious malware from being downloaded, as in phishing attacks, from emails or links opened, internally. After deploying the Bandura ThreatBlockr platform and configuring its geo-IP blocking function, the law firm gained greater visibility and insight into the locations of their third-party hosting and support sites.
“We were surprised to discover that our blog was being hosted in Bulgaria. So we added an exception for that one IP address (for our company blog). We found a few cases like this where a third-party support system we use was located in Eastern Europe. It was simple to white-list those IP addresses, and block the rest.”
Greater TCO and ROI through Simplified Deployment and Management
Since deploying the Bandura ThreatBlockr platform, Jeff and his team identify ease of management and reliability as two main factors in the law firm’s satisfaction. After taking advantage of Bandura’s no obligation 30-day trial and deploying the ThreatBlockr platform, the law firm has been a loyal and delighted customer for a number of years. Most recently, Evans and Dixon upgraded to a higher throughput device to accommodate the growing needs of their practice.
“I’m sure that our other security devices have features and functions, but making those changes would require weeks of learning how to configure a simple change... So any time I have to do anything on them, I have to call my outside engineer at $165 an hour. Versus, the Bandura ThreatBlockr handles our needs and it’s solid. No problems or support issues. And it’s cost effective!”
After deploying three Bandura ThreatBlockr’s into their network, the law firm has seen:
- Increased protection from cyber threats and third-party risks
- Greater visibility and control of partner hosting tools and third-party applications
Bandura uses best-in-class threat intelligence to secure your networks, data and users in real-time - wherever they are - on-prem, cloud, remote, or all of the above. Our platform blocks attacks from up to 150M malicious IPs and domains in real-time with no latency. We provide out of the box threat intelligence and integrate data from any source. At Bandura, we believe nothing scales like simplicity. We make blocking threats smart and simple - at scale - everywhere. For more information visit: banduracyber.com