• United States



john_mello jr

Hamamatsu eliminates malware with virtual appliances

Feb 19, 20156 mins
Cloud SecurityCybercrimeData and Information Security

When you’re a company with branches across the country and a malware infection leads to all its outbound email being blacklisted as spam, you have one thing in mind: fix the problem and fix it fast. That’s the situation the U.S. operations of Japanese optical sensor maker Hamamatsu found itself in when it turned to a cloud security provider to turn things around in a hurry.

The company had a “best in breed” firewall in place, as well as web filters, packet sniffers, a gateway event analyzer and anti-virus and anti-malware software. None of it, though, prevented the malware from infecting its network connecting its coast-to-coast offices. “We sifted through the firewall logs, and we couldn’t determine where it was coming from,” explained Hamamatsu’s Network Manager of Operations Jim Hnasko.

Making matters worse, the malware began spewing spam from Hamamatsu’s network, which resulted in all the company’s email being blacklisted and its email being blocked from reaching its customers.

It was apparent the company needed a quick fix so it turned to OpenDNS, which turned out to be an agile choice for the company. “We didn’t have to wait to send a quote and get a license,” Hnasko said. “We made a call, nailed it and configured it in four hours.” That compares to four days just to clear the paperwork for one firewall vendor initially approached by Hamamatsu to solve the problem.

Within eight hours after plugging into OpenDNS, Hamamatsu had neutralized the malware and was no longer blacklisted. Ironically, when the infected machine was identified, it had both anti-virus and anti-malware software running on it.

Two technologies rapidly growing in popularity made swift deployment of the OpenDNS solution possible: virtualization and the cloud. OpenDNS uses virtual appliances that can easily connect the cloud security services on its network to a customer’s net. Rather than buying and installing hardware appliances for each of its branch offices, the virtual appliances could be deployed to the offices with a minimum of fuss through the cloud.

Once Hamamatsu’s networks were connected to the virtual appliances, all traffic was rerouted through OpenDNS’s cloud and its cloud security services. Users are integrated into the OpenDNS virtual appliances through Active Directory and their net usage monitored by Hamamatsu. “It wasn’t very challenging to deploy the appliances and Active Directory,” Hnasko said.

In addition to the virtual appliances, Hamamatsu  also installed OpenDNS’s roaming client software on all endpoints that touch its network. “Now we are able to enforce policies on every endpoint that we have,” Hnasko explained. “We can also restrict web traffic by destination, filter or category.” For example, if a user attempts to go to a website that’s been identified as harboring malware, they would automatically be blocked from the site.

An advantage of a cloud security solution is its ability to tailor itself to a user on the fly. “A customer’s policy for their employees might be different when the employee is in the office versus when they’re out of the office,” explained OpenDNS CEO David Ulevitch. “When they’re in the office, it could block all security threats and log all their websites. When they’re at home, it can be configured to only block security threats and doesn’t log what websites they visit.”

Installing clients on endpoints sometimes can meet with user resistance because the software can impact an endpoint’s performance. That wasn’t the case with OpenDNS’s app. “When we deployed the agent, we expected users to complain that things were slower,” Hnasko said. “We didn’t have any complaints. It was almost seamless.”

Optimizing security at the expense of a user’s experience is an ongoing challenge for solution designers, but it appears to be one that OpenDNS was prepared to tackle. “We’ve always put performance and security on equal pedestals,” Ulevitch said.

Rather than using a simple proxy model, he explained, OpenDNS has an intelligent client that determines what traffic needs to be routed through its cloud and what can go directly to the net. Its solution can segment traffic flows to boost performance. “That allows the performance for the end user to remain high without sacrificing the security component,” Ulevitch said. So, for example, the streaming packets for a YouTube video could go directly to the web while all the text, HTML and images associated with the video would be routed to the OpenDNS cloud.

Because all Hamamatsu’s traffic is routed through the OpenDNS cloud, Hamamatsu can also get better insights into the security status of its networks. “We can get reports on how many infections we have, if any, and who has them, so we can remediate the issue,” Hnasko said. “We’re now proactive instead of being reactive.” 

Since adopting the OpenDNS solution, the results for Hamamatsu have been impressive. “We’ve noticed a huge decrease in infections,” Hnasko noted. “Before OpenDNS, our staff was cleaning machines two to three times a day. Since installing OpenDNS, we haven’t seen an infected machine.”

What OpenDNS is providing Hamamatsu is security at the “first hop” from the enterprise to the Internet. As the cloud grows as a home for security solutions, competition for control of that first hop will increase, noted Rick Holland, the principal analyst for security and risk management at Forrester. “If you look forward, the battle is going to be for the first hop — what’s the first place your users’ traffic goes to in the cloud?” he said. “OpenDNS wants to be the first place you send your traffic to do security on.”

Cloud security providers like OpenDNS are well positioned to take advantage of future enterprise network architecture, too, because of the scalability of cloud solutions, he added. In three to five years, much of the Web traffic that’s being backhauled to a central location will be routed through local access points to reduce costs. “In the past, a company may have had a handful of Internet points of presence,” Holland said. “In the future, almost all remote locations will be going to the Internet.”

“When that happens,” he continued, “deploying hardware will be like death by a thousand cuts for an organizaiton. Cloud-based security models are much more scalable and effective.”

“If the appliance guys don’t focus on the cloud,” he added, “they’re going to be left holding a bunch of appliances while their customers go to cloud services.”