Tyco Electronics is a global provider of engineered electronic components, network solutions, wireless systems, and undersea telecommunications systems. The company’s products meet the needs of customers in a wide range of industries including automotive; data communication systems and consumer electronics; aerospace, defense and marine; medical; alternative energy and lighting; and public safety communications.
Tyco Electronics mandated desktop virus protection 15 years ago when it first deployed McAfee anti-virus and anti-spyware. Since then the company has rolled out McAfee Host Intrusion Prevention (Host IPS) to all its notebooks. When Tyco Electronics started evaluating Host IPS for its remaining desktops, Dennis Rayfield, senior director for security, policies, and controls, knew it was time for an upgrade to McAfee Total Protection (ToPS) for Endpoint Advanced. “We had purchased Host IPS for the notebooks and wanted to roll out Host IPS to the desktops as well,” Rayfield explains. “Upgrading to ToPS was fairly equivalent to purchasing the additional Host IPS licenses we needed. Since we could also pick up NAC and some other things for little or no cost, the upgrade just made sense.”
Network security—perimeter and endpoint
According to Rayfield, the Host IPS deployment has brought substantial benefits. “Similar to a lot of companies, Tyco Electronics had solid security on the perimeter, and we wanted to extend that security to the user device,” recalls Rayfield. “We see Host IPS as one of our key tools supporting endpoint security.”
Tyco Electronics has 41,000 endpoints, so the number of viruses and spyware that could be introduced through routine employee interactions with the company’s network was substantial. Host IPS enabled Tyco Electronics to quickly contain any outbreaks. It also mitigated the risk of laptops outfitted with telecom vendor broadband cards. “Host IPS reduces the risk of someone being able to come into our network through that broadband connection simply because a PC happens to be connected to both networks at the same time,” Rayfield continues.
Consistent, worldwide deployment
Tyco Electronics has centralized its software deployment and update procedure, which in turn enables a standardized, well-defined incident management process.
“With a standardized process, it becomes easy for us to contain and eliminate outbreaks as they occur,” comments Rayfield. “And that, of course, applies to McAfee as well. We manage it centrally. We always know what product and version of the DAT file is out there.”
Tyco Electronics uses a combination of Microsoft System Center Configuration Manager 2007 and McAfee ePolicy Orchestrator® (ePO™) to support its central deployment approach. “We have a quarterly testing cycle for application deployment, including McAfee,” elaborates Howard Bullock, senior business analyst for computer security. “That’s handled by SCCM. But I do all of the McAfee patch installation and agent deployment via ePO. And if an SCCM deployment misses anything, I use ePO to make sure everything is up to date.”
As Tyco Electronics migrated from ePO 3.6 to 4.0, Bullock expanded the use of ePO beyond its centralized role. “With 3.6, I generally didn’t give people access to the console unless they had a business need to change policy,” Bullock clarifies. “We generally hold policy adjustment or creation within our department. But with ePO 4.0 and its dashboarding capabilities, we’re looking to expand that use to local administrators and their management teams.”
"When we have an outbreak, I can throw up an access protection rule and out it goes. Within three hours, the clients are quiet and the outbreak is contained."Howard Bullock
Senior Business Analyst, Computer Security, Tyco Electronics
Up next—data loss prevention
Tyco Electronics is also scoping the need for Host Data Loss Prevention (Host DLP), a component of McAfee Total Protection (ToPS) for Data. Bullock understands that data loss prevention technologies, while a valuable part of a comprehensive risk management strategy, can be disruptive initially as the user population adjusts. “We’re looking at preventing data loss as a series of steps across all of our McAfee products,” says Bullock. “We want to avoid impacting the user population by moving in a progressive manner. First, what can we cover with a broad brush? That broad brush is McAfee Endpoint Encryption.”
Endpoint Encryption offers Tyco Electronics fulldisk, file, and folder encryption with virtually no system performance degradation. Tyco is now deploying endpoint encryption in production mode and currently have protected around 500 laptops. The company hopes to complete the deployment to the remaining 12,500 laptops by the end of the year. “Once we’ve encrypted the
data, then we’ll evaluate the need for stricter policies,” continues Bullock. “In other words, do we need to have strict rules about copying data to a USB drive or a laptop if the data on those devices is encrypted? We don’t want to be completely encumbered by security rules. Where the policy aspect of Host DLP may be most valuable to us is in dealing with email attachments or HTTP-type forms.”
“McAfee is mostly self managing and self tuning,” concludes Bullock. “At this point, administrators don’t have to do anything with McAfee except on an exception basis. So there’s a huge labor savings there. When we have a small outbreak, I can throw up an access protection rule and out it goes. Within three hours, the clients are quiet and the outbreak is contained while we capture the sample. I’ve been happy with the McAfee product line. And they’ve been very good about getting product requests into the development cycle.”