A top-ranked opera company took the drama out of its internet operations with malware protection, reports Greg Masters.
While the spotlights illuminate the action on stage at the San Diego Opera, behind the scenes another cast of characters contribute to the proceedings in a less visible, but vitally important way.
San Diego Opera consists of a main administrative office, an offsite costume shop and an offsite scenic studio that is moved into the San Diego Civic Theatre, where performances are held, and remains there from January to May. It employs 50 full-time staff, but that number swells up to 500 in season with musicians, choristers, stagehands and added personnel.
The folks in charge of online ticket sales, marketing and fund development need their network to function at an optimal pace. The company also has to account for remote workers, who often use laptops in costume shops and rehearsal studios. Also, because of the company's focus on performance arts, streaming video applications are used extensively across the entire organization.
In short, San Diego Opera needed a web security solution that was comprehensive, multi-faceted and could protect its remote workers from malicious web content. It also needed a solution that would give a lot of flexibility while still delivering strong malware protection.
A call was placed to the five-person IT staff. The company had been using an assortment of web security tools, including spyware removal programs and an internal spam filter, but they weren't very effective, says Mickey Gonzales, director of information technology, San Diego Opera. “I was spending a good portion of my day installing spyware removal programs and felt it was time we sought a better solution.”
He says the company needed a web security solution that was easily manageable and could detect zero-day threats. Specifically, it needed a solution that could adequately protect its network when its employees visit streaming video sites (PDF and Flash exploits). Giving employees access to a variety of alternative and streaming media sites is business critical for a creative arts organization, he adds. “At the same time, I wanted our network to be as secure as possible from all types of web threats.”
After investigating a number of options, Gonzales and his team chose a solution from ScanSafe. Cost and ease of deployment were the keys in his ultimately making the choice. “It was important that we had a solution that could be easily customized and that the reporting function was superior.”
What differentiates the in-the-cloud service, says Jason Sloderbeck (left), director of technical operations at San Francisco-based ScanSafe, is the sheer scale of visibility it has into web requests, ensuring that any anomalies in web content can be detected quickly.
“All ScanSafe customers, large and small, benefit from increased security enabled by the network effect of visibility into all customer traffic. So the power of many companies is helping to defeat malware. Smaller companies that might otherwise deploy lesser functionality in SMB-focused products now get exactly the same level of protection as the largest companies. In this way, when zero-day malware is detected, all customers are already protected – there is no need to update any database, signature list or software.”
It was a smooth roll out, says Gonzales. “I am pleased. ScanSafe makes it so easy to troubleshoot and take care of any issues before they become a problem.”
As well, Gonzales and his team are finding the solution easy to manage and operate. “I am able to customize the ScanSafe solution to meet the changing needs of the organization, and the reporting tool has proved to be extremely useful,” he says. “The ScanSafe product has saved my team a lot of time and has saved the San Diego Opera a lot of money. The cost of ScanSafe is so much less expensive than maintaining a piece of hardware plus upkeep and configuration.”
The ScanSafe solution is rolled out across the entire organization, including remore locations. “We've just finished testing ScanSafe's Anywhere+ solution [to protect roaming employees] and it's fantastic,” says Gonzales. “This will be very helpful for us, as we can have quite a few roaming workers at any one time.”
Updates are made at ScanSafe's datacenters and do not affect customers, says ScanSafe's Sloderbeck. “There is no real push in a traditional sense. All Outbreak Intelligence scanlets are continually learning through automated machine learning, so they do not require updating in order to remain effective.”
Priorities have changed at the San Diego Opera over the years because the web landscape is changing so dramatically. “Previously, we were relying more on adware and some of the free removal programs,” says Gonzales. “Obviously, that wasn't cutting it anymore.
Cybercriminals are getting very smart and potential web threats are growing exponentially every day. Having an in-the-cloud solution has been a great remedy for us.”
[sidebar]
Proprietary tech: Digging deep
ScanSafe achieves effective web security using Outbreak Intelligence, a proprietary analysis engine, explains Jason Sloderbeck, director of technical operations, ScanSafe. Outbreak Intelligence breaks every requested web page down into its constituent elements (e.g., HTML, JavaScript, PDF, Flash) and uses multiple scanlets to analyze this content in parallel. Each scanlet is trained to analyze specific web content and, based on this analysis, will involve both static and dynamic analysis of the content to formulate an opinion on whether the content is malicious or not. The combination of the output from all the scanlets is then analyzed to make a determination as to the security posture of the content. Outbreak Intelligence can identify zero-day malware and threats (i.e., threats which have never been seen or identified before), as well as those threats which are known, says Sloderbeck.
ScanSafe uses the vast data set of web requests that has been collated – over one billion web requests a day – to train the Outbreak Intelligence scanlets and to ensure that all analysis is accurate based on mass visibility into the different files and content types. – GM