eEye Digital Security
Case Studies
FreeMarkets: A Retina Network Security Scanner Case Study
Enterprise Sourcing Solutions Company Stays Ahead of Network Vulnerabilities
FreeMarkets utilizes Retina Network Security Scanner to enhance network security.
Situation
FreeMarkets is the leading global provider of enterprise sourcing software and services. Through a unique combination of industry-leading software, expert sourcing services, global commodity expertise, and operations support, FreeMarkets helps companies to achieve and sustain improved financial performance through next generation sourcing. FreeMarkets' solutions support the entire sourcing process, from spend visibility and supply base rationalization to competitive negotiations and savings implementation.
Network security has always been of utmost importance to FreeMarkets. With billions of dollars of commerce and highly-sensitive information flowing through its network daily, FreeMarkets takes extraordinary measures to identify and implement leading-edge technologies that allow it to maintain the most secure network environment possible for its global customers.
Challenge
FreeMarkets maintains a complex network architecture, accessing centralized repositories of proprietary customer data. Keeping this data private and insuring the continual integrity of the network is mission-critical for FreeMarkets. The FreeMarkets IT team realized the need for a comprehensive vulnerability scanner by simply taking notice of the large number of vulnerabilities released daily. At a rate of nearly 100 new vulnerabilities per week, the task of researching each issue for its potential impact on the FreeMarkets network was time consuming, yet essential.
Paramount to FreeMarkets' success is the vigilant efforts of its IT team to maintain the integrity and security of its digital assets. As part of these efforts, the team uses open source tools, to run scans of the network and sift through reports to implement patches or refine system-wide configurations on a daily basis. Such a process is both resource and time intensive. FreeMarkets began exploring technologies that could help it cut down on the personnel time needed to investigate and legitimize vulnerabilities, begin the remediation efforts, and provide a trustworthy and reliable source for this information.
Response
After testing a wide-range of vulnerability assessment offerings FreeMarkets selected eEye's Retina Network Security Scanner, based on the following four factors: consistency and reliability, speed, research, and reputation.
"If Retina says something has a hole, it is a trustworthy assessment and we can be guaranteed there is an issue we need to resolve," said Kevin Gennuso, Senior Network Architect for FreeMarkets. "Each time we run Retina, it comes back with the same results every time… there's no guessing."
The speed of Retina was another key factor affecting FreeMarkets decision. Being able to consistently run network penetration tests and assess the strength of the network without adversely impacting the network while it's running is a critical, scheduled process for FreeMarkets.
"We perform regular scans of our network to stay proactive in our security," Gennuso said. "And Retina's remarkable speed makes this a painless task."
eEye's continual commitment to ongoing product enhancements, including daily vulnerability updates, solidified FreeMarkets decision to choose Retina for company-wide deployment. FreeMarkets was impressed with eEye's leading role in vulnerability research and the number of advisories issued as a result of eEye research team findings. "Every time we launch Retina there are new updates," Gennuso said."This gives us confidence in knowing that eEye research is on top of things and we are scanning for the latest vulnerabilities."
Results
Retina is now being utilized by FreeMarkets on an enterprise-wide basis to conduct scheduled assessments. By utilizing Retina on several local servers as well as a central host, FreeMarkets is able to rapidly conduct scans and review the logged reports on a centralized server.
"Having a history of the scans is really useful since we can now go back and look over previous data to see what has changed over time," said Gennuso. "And it's fantastic to just look at one report and be able to identify vulnerabilities for the entire enterprise. This saves us considerable time and allows us to take action much more quickly when necessary."
"Even the most seasoned security experts cannot expect to catch everything by themselves — especially those that manage complex networks with critical data that needs to be locked down," Gennuso said. "Any organization that is serious about protecting their network environment needs a reliable tool to help maintain network integrity, and Retina is that tool."
FreeMarkets: A Retina Network Security Scanner Case Study (pdf)