© 2016 Cisco and/or its affiliates. All rights reserved.© 2016 Cisco and/or its affiliates. All rights reserved.

PTC defends brand with automatedsecurity and integrated intelligence.

CASE STUDY

Organization snapshot

Company: PTC

Headquarters: Needham, MA

Number of users protected: 8,000 end users across 7 major hubs worldwide, including U.S., South America, India, Singapore, and the U.K.

Challenge: Reduce malware infections, increase insight of potential threat sources, improve speed and quality of reporting.

Solution: Cisco Umbrella Cisco Umbrella Investigate

Impact:

• Prevent users from connecting to malicious domains and IP

• Stop command and control callbacks that lead to data exfiltration

• Extend off-network protection with FireEye API integration

• Obtain intelligence on threat sources ahead of potential attacks

• Threat reporting reduced from hours to minutes

“ It took less than ten minutes for us to point our DNS traffic to the Umbrella global network. We could protect our remote offices around the world in less than an hour and a half.”

Mark Arnold Director of Information Security PTC

© 2016 Cisco and/or its affiliates. All rights reserved.

The challengePrevious tools failed to block the majority of malware or deliver adequate intelligence, exposing brand to risk

As a leading provider of technologies that help manufacturers manage product, application, and service lifecycles, PTC not only has to protect its networks, but defend its brand reputation and ensure customer data is protected. PTC’s Director of Information Security, Mark Arnold, says, “We want to ensure that customers can trust the products we’re delivering to them. For us in the IT support role, we have to let them know we’re handling the data in a very secure way.”

With 8,000 users served through seven major hubs and 22 egress points, Arnold had a lot of ground to cover. But PTC’s primary secure web gateway provider, Blue Coat, fell short in three key areas: failed to reduce high levels of malware infections, had insufficient reporting, and had weak intelligence capabilities that inhibited Arnold’s ability to track threats to their sources. “We could see endpoints reaching out to malicious sites, but without being able to trace back to the actual sources,” he says, “your problem is not readily solved: you need the source IPs and the source users to effectively contain and remediate the infection.”

The solutionCisco Umbrella and Investigate automate defense and intelligence, expose emerging threats

Based on input from “other companies and trusted advisors,” Arnold turned to Umbrella. “We saw the levels of malware it blocked and we thought, here’s a solution that’s going to get us the intelligence we’re looking for,” says Arnold “Deployment of Umbrella was literally a matter of minutes. It took less than ten minutes for us to point our DNS traffic to the Umbrella global network. We could protect our remote offices around the world in less than an hour and a half.”

Arnold uses Umbrella and Investigate in combination to analyze and automate security intelligence and enforcement. “We’re leveraging the Investigate API to ingest a lot of threat data into our internal intelligence platform. Investigate gives us visibility into the internet infrastructure that attackers’ set up for attacks,” he says. In this way, PTC can apply machine learning to accelerate defense—and gain deeper insight into threat origins. “Investigate helps us compare the traffic in our environment with global traffic of the same type.” These comparisons help Arnold identify developing threats. “We’re able to ask different questions about the data. Are these targeted attacks? Is this something new? We want to classify and rate these threats based on the data we’re ingesting.”

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

The impactUncover malicious traffic, quickly extend FireEye to remote offices

One of the immediate returns on investment, Arnold says, is that PTC has “been able to contain all of the malicious traffic that’s attempting to egress from our environment—which means we’re actively stopping data exfiltration that was previously occurring.” As a result, PTC’s BitSight score, a measure some companies use to assess vendor security, has risen dramatically.

“Since we’ve turned Umbrella on and implemented a few block policies based on its intelligence, we’ve seen our BitSight score go up by at least 50 points. It’s important for our brand to reflect a strong security posture.”

PTC has also been able to extend the reach of its FireEye investment. Given the expense, PTC had to limit the number of FireEye appliances and could only protect some of its major hubs. PTC was able to integrate the two products and extend FireEye protection along with Umbrella. Arnold explains. “With the Umbrella integration, we’re able to extend security economically to our remote offices. India, for example was one of our pain points and we really had no coverage there. We were not only able to bring Umbrella coverage to India, but also enforce intelligence from FireEye in that region too.”

Reporting was completely transformed. “As soon as we turned Umbrella on, we gained visibility into the traffic flows across our environment,” says Arnold. “What sometimes took half -hours in our Blue Coat solution took just minutes in terms of reporting.” When Arnold and his team see suspect domains or IPs, Investigate “lets us do a deep dive on some of the items we’ve zeroed in on. Automation is key to what we need to do as we correlate across all our various platforms. We feel that we now have a solution in place that will be a game changer for us.”