For a small company with one location and remote contractors coming in through VPN, Phoenix Energy was reasonably protected, and it had not experienced any major breaches in recent years. But Carol Maffitt, Phoenix Energy’s CIO, wanted an extra layer of protection, for added peace of mind. “I don’t relish the idea of a security breach and data loss, explained Carol. ”I want to make sure we are as protected as possible and that we comply with the information security regulations.” In Phoenix Energy’s case, it has to comply with both the federal Canadian law (PIPEDA) and Alberta Province’s PIPA.
Previously, Carol had been downloading various block lists, and manually updating, aggregating, and inputting them into the Juniper firewall. She then had to parse the firewall logs to try to find problems quickly, which was difficult to do. The whole process was tedious and time-consuming.
Looking for a better solution, Carol found ThreatSTOP through a link on DShield.org and immediately saw the benefits of ThreatSTOP, namely: • The aggregation of many threat feeds into one actionable block list. • Continuous updates of the block list. • Automation of the delivery of the block list into the firewall for enforcement. Additionally, ThreatSTOP provides clear Web-based reports to:
- Summarize attempted breaches so the hosts in question can be investigated or remediated.
- Profiles of each bad IP address to support forensic investigation and/or prosecution.
These reports are much easier to digest than firewall log files, and they are included in the ThreatSTOP service.
With ThreatSTOP, Phoenix Energy’s IT group now spends much less time doing the drudge work of protecting the company and more time on higher-value activities. “Now I look at the ThreatSTOP reports about twice a week just to make sure everything is working and no major problems have occurred,” Carol concluded.