Propellent provides managed zero-day threat protection with Kemp Flowmon

316

Critical threats detected and mitigated in a month

12

Hours saved on investigation per month

4

Hours to deploy

icn-problem

The Problem

The existing detection system only covered the perimeter and, being signature-based, stood up poorly to new and unknown threats.
icn-why-kemp

Why Kemp

Kemp Flowmon provides signatureless network-borne threat detection that is quick to deploy, offers easy tenant management, and provides a unified picture of the customer’s security posture.
icn-solution

The Solution

Propellent now have an easy-to-manage zero-day threat detection system in place that allows for quick investigation and integrates well into their security ecosystem.

A call for a next-generation security tool

Before encountering Kemp’s Flowmon solution, Propellent were relying on an intrusion detection system working in tandem with a firewall for triggered IP address blocking. While certainly effective against many types of attacks, this system was time consuming to fine-tune and would not scale very well into the future. It also only gave perimeter coverage of network borne threats.

“But the real issue was not day-to-day management,” says Matt Wanless, Managing Director at Propellent. “The previous solution offered good defense against known threats, but when it came to zero-day attacks or advanced persistent threats, we had to rely on endpoint protection to protect our clients, which we found to be a costly and time-consuming approach, and still had significant limitations.”

Indeed, ever since the increase of work-from-home and the general trend of commerce steadily shifting into the digital space, the incidence of ransomware and other sophisticated attacks has been greater than ever before, and in response to that, Propellent began to look for a next-generation behavior analysis and anomaly detection tool.

Actionable intelligence with real-world data

Not long after the Flowmon product suite was added to Kemp’s portfolio, we approached Propellent, who had thus far been a reseller of the LoadMaster line of load balancers and introduced the Flowmon solution to them.

“We wanted to give it a proper test, and so we implemented it on a small scale under an NFR license first,” continues Wanless. “It was important to do a real-world assessment of Flowmon, so in conjunction with one of our customers, we test-deployed it against some of their live services.”

This was imagicam, one of Propellent’s customers to whom they provide hosting and managed security.

“imagicam is dedicated to protecting data and using industry best standards. We understand the importance of data security and make every effort to ensure that data held on the systems is fully protected,” says Peter Grey of imagicam.

Through Propellent, imagicam utilize a defense in-depth approach using best-of-breed technology and processes.

“The outcome was a nice concise view of all the threats in imagicam’s infrastructure that allowed easily actionable intelligence,” says Wanless. In this way, Propellent gained an unquestionable source of truth on network-borne threats endangering the customer and were able to test and demonstrate the product’s capabilities with real traffic data.

The deployment consists of a virtual Kemp Flowmon Collector with the Anomaly Detection System (ADS) module for network-based behavior analysis and anomaly detection. The system uses an Open vSwitch and flow data from other switches as a source. “This, too, was a win for us,” adds Wanless, “as we could use what we had as sources of flow data instead of being pushed to buy proprietary sensors straight away.”

Data on the dashboard in half a day

“In the end, Kemp Flowmon proved much quicker and easier to roll out than what we were using previously,” says Wanless. “Instead of spending weeks tweaking and tuning, we get actionable insights in less than half a day.”

Propellent also appreciated the ease of management, streamlined event investigation workflow, and the ability to add additional tooling into the event view in ADS to integrate their own bespoke tooling.

“Kemp Flowmon fits our security ecosystem perfectly and we welcome the straightforward tenant configuration for each customer,” concludes Wanless. “And the fact that it has a native MISP connector is of great appeal as well, as it allows us to add Flowmon security events into our threat intelligence platform, greatly simplifying SOC operations.”

We welcome the additional visibility provided by Flowmon, and see it as an essential part of our ongoing cyber protection activities.
Peter Grey
imagicam

Talk to Us!

Do you have application delivery questions? Our engineers would love to help!

Schedule a Call