We were looking for more than a security product, and only Alert Logic offered the fully managed service that we needed to protect our datacenters.James Mercer, Director of Information Technology
Industry Report: Aberdeen Group: The Business Case For Web App Security
Industry Report: Cybersecurity Trends 2017
Webinar: Protecting Web Applications in AWS
Want to learn about Alert Logic solutions?
Since 1955, Flexi-Van has provided the inter modal transportation industry with equipment to move freight via rail, ship, and truck. Today, the company is one of the largest full-service chassis lessors in North America, with a fleet of more than 135,000 chassis and 3,200 generator sets for shipping items that require a controlled temperature.
When James Mercer, Director of Information Technology, joined Flexi-Van in 2010, IT had been an under-resourced part of the business for some time. As would any experienced IT executive, Mercer developed a pragmatic get well plan based on risk assessment. Once they had completed the core infrastructure improvements, Mercer and his team shifted focus towards their security posture.
After analyzing their current state and determining the requirements to obtain the right level of security confidence, the conclusion was obvious. The level of staffing required to establish and maintain the appropriate security coverage for datacenters and connections with customers, partners, and employees nationwide was much higher than the budget allowed.
Because we had so many vulnerabilities, we were being attacked frequently. We would be notified by an analyst about an incident, and we’d either fix it immediately if we knew what to do, or we’d ask for remediation assistance, in which case the analyst would work with us until the issue was addressed.James Mercer, Director of Information Technology
To find the right security solution, Mercer searched for a business partner that could deliver core security services, like intrusion detection and vulnerability scanning, as well as actionable intelligence around events, alerts, and incidents to help his team manage and prioritize its focus. He evaluated solutions from several providers and ultimately selected Alert Logic. “We were looking for more than a security product, and only Alert Logic offered the fully managed service that we needed to protect our datacenters,” said Mercer.
Mercer describes getting started with Alert Logic as straightforward and fast. Within a few days of signing the contract, the solutions were configured and Mercer’s team was trained via a few web-based sessions, giving them the foundation to start benefiting from the solutions. Soon after deployment, the IT team at Flexi-Van started hearing from the Alert Logic Security Operations Center (SOC).
“When we first deployed Alert Logic, we heard from the SOC frequently,” said Mercer. “Because we had so many vulnerabilities, we were being attacked frequently. We would be notified by an analyst about an incident, and we’d either fix it immediately if we knew what to do, or we’d ask for remediation assistance, in which case the analyst would work with us until the issue was addressed.”
One of the first big discoveries for Flexi-Van was with their Microsoft Remote Desktop Protocol (RDP) server. Prior to deploying Alert Logic Threat Manager, the team didn’t realize the system was being attacked; when the system would hang or grind to a halt, they’d assume it was because of a slow server situation and reboot. These reboots were expensive—the team was rebooting the system 3-4 times a month, losing 30-50 labor hours each time. Using Threat Manager blocking policies against specific attacks was a good short-term solution and, for a long-term solution, knowing how they were being attacked enabled the team to reconfigure Microsoft RDP so it was inherently secure from external attacks.
Mercer notes that Alert Logic continues to work with Flexi-Van to address new attacks, in similar and new systems on an ongoing basis. For example, Flexi-Van is alerted when their IIS web servers experience Denial of Service (DoS) attacks, allowing the team to immediately change firewall rules.