FUNO Improves its Security Posture With Kemp Flowmon

icn-problem

The Problem

Due to ongoing digital transformation and company growth, FUNO found itself in urgent need of network traffic visibility to hunt down network-borne threats in their infrastructure.
icn-why-kemp

Why Kemp

Kemp Flowmon provided scalable and reliable traffic anomaly detection that enables FUNO’s security team to analyze and triage emergent events with reliable data in hand.
icn-solution

The Solution

Thanks to Flowmon’s AI-driven network-borne threat detection, FUNO’s time to resolution is greatly reduced, allowing them to intercept threats before the danger escalates.

FUNO is the first and largest real estate investment trust in Mexico and Latinoamerica. It focuses on generating sustainable value for its investors through the operation, acquisition, sale, and development of real estate for commercial use.

FUNO’s business philosophy is based on deep and extensive knowledge of the real estate market driven by diversification, offering the best product at a competitive price, and maintaining a solid financial structure with moderate leverage levels. Adhering to these principles made FUNO the first to be leased and the last to be vacated in the real estate cycle.

But the success also creates particular challenges. A high-profile company like FUNO curates a large amount of sensitive data. In addition, its already extensive infrastructure has to cope with ongoing global digital infrastructure, increasing the company’s attack surface even further.

The Challenge

FUNO is actively seeking to counter the cyber threats the world is facing and understands the role of network traffic visibility in modern cyber protection.

“Due to the ongoing digital transformation, we realized that despite having identified some security risks, we did not have a complete perspective of what was happening in our network and lacked historical traffic for in-depth analysis,” says Carlos Cruz, Security Specialist at FUNO.

FUNO needed to achieve holistic visibility of the network and thus gain the ability to analyze detected events related to both internal and external communications.

FUNO didn’t have an IDS per se and only had visibility at the perimeter, which caused visibility gaps that considerably impacted its ability to perform analysis and make informed decisions.

“We were looking for a solution that could monitor, diagnose, and generate alerts on the endpoints of the internal network, components, and links to enable us to monitor end-user experience and interactions of the network infrastructure components,” says Cruz.

“Thanks to implementation partner NPROS, we found this ability in Flowmon, which also helps us to perform analysis of historical network telemetry and real-time performance monitoring by analyzing network flows and inspecting packets,” continues Cruz.

“NPROS has seen FUNO transform markedly over the last few years,” says Ismael Badillo, CEO of NPROS. “As a trusted advisor, NPROS is committed to helping strengthen FUNO’s security posture.”

The Solution

The solution consists of a Kemp Flowmon Collector with Anomaly Detection System and Packet Investigator modules installed. It gathers flow data from switches, firewalls, and load balancers.

“FUNO enabled Flowmon for network monitoring capabilities that provided a rich context of the communication happening throughout the network by collecting telemetry from different devices, including core switches, firewalls, and load balancers,” says Badillo.

The detection capability of ADS supported by its advanced filtering capability helps detect network traffic anomalies symptomatic of malicious activity on the network, such as SMTP anomalies, suspicious uploads, or dictionary attacks.

The solution also helps ease NOC workload with real-time bandwidth consumption monitoring.

Both network and security teams use Flowmon to track down the origin and destination of communications to identify their type and accurately assess their impact on company security or user experience.

“We can now prevent the spread of possible malicious files by having the ability to monitor lateral movements,” continues Cruz, “and our overall time of event resolution has been cut considerably.”

The End Result

Thanks to the Flowmon solution, FUNO can now capture, process, and analyze network traffic.

“Flowmon helps us detect and investigate data flows that may indicate a possible compromise,” says Cruz. “We now also have deep visibility into all the tactics and techniques that attackers use to exploit the network, expand control, and establish persistence. With Flowmon’s AI-driven anomaly detection, we can detect risks of data leakage.”

“The partnership between NPROS and Kemp helped FUNO significantly improve network monitoring capabilities and continuous security posture assessment using the Flowmon solution while streamlining security management with integrated controls through Flowmon ADS,” says David Rendón of Kemp.

Thanks to the ability to capture, process, and analyze network traffic, Flowmon helps us detect and investigate data flows that may indicate the possible compromise of a team (IoC). Flowmon provided us with deep visibility into all the tactics, techniques, and procedures that attackers use to exploit the network, expand control and do persistence, as well as parameters to identify and avoid any possible case of data leakage. In general, Flowmon helped us expand network flows’ visibility to timely detect any possible attack, anomalous behaviors and better understand the network infrastructure. And, above all, to a timely decision making in the face of the diversity of events.
Carlos Cruz
Security Specialist FUNO

Talk to Us!

Do you have application delivery questions? Our engineers would love to help!

Schedule a Call