Pioneer Investments aims for '100 per cent security' by combining tools from ForeScout and Bromium

'The bad guys only have to succeed once, whereas security has to succeed 100 per cent of the time,' Miguel Segimon, Pioneer Investment's information security manager tells Computing

Pioneer Investments is a financial services company with 2,000 employees across 31 offices in 27 countries and as of June 2014 was responsible for €185.5bn in assets under management.

Therefore, as a major financial institution, it makes an attractive target for cyber criminals and it's down to Miguel Segimon, Pioneer Investment's information security manager, to ensure assets are always protected against potential hackers including the mafia and governments.

"The bad guys only have to succeed once, whereas security has to succeed 100 per cent of the time. That's why we rely on some of these best-of-breed products and best-of-breed services," he told Computing.

Those products and services come from network security tool provider ForeScout and endpoint protection firm Bromium, with Pioneer Investments tying the two solutions together to ensure their systems are as protected as possible.

Segimon said that as a standalone tool, ForeScout enabled Pioneer "to gain a lot of visibility into our enterprise". But he quickly realised it could do more than just that and had the potential to "act as a central nervous system between various security tools".

"We used it during the Windows XP retirement to identify and isolate any Windows machine that was still left over after the expiration date," he added.

ForeScout also gives Pioneer the ability to isolate any unknown computer that might get plugged into the network, protecting the rest of the organisation from potential damage or infection.

"What it'll do is notice that somebody has plugged in and instantly isolate and quarantine the machine. The only thing the machine in quarantine can do is effectively get a rebuild with a Pioneer image, which is what you need to do in the event someone plugs in a machine to be built fresh," Segimon said.

ForeScout also enables those outside the security team to use the data it generates for the benefit of the rest of the business.

"We gave the helpdesk access to the web interface of the product, they can type in a username and it will spit out every machine they are connected to," Segimon explained, adding that this allows the security team to concentrate on other projects.

One of those was to boost Pioneer's endpoint security by combining ForeScout with Bromium anti-malware tools.

"It blacklists the entire internet and allows us to whitelist the parts that we work with. Everything that is blacklisted is automatically encapsulated. It stops APTs coming through the most common vectors, which are Internet Explorer, Microsoft Office, Adobe Acrobat, Java, that sort of thing," Segimon told Computing.

Pioneer therefore combined Bromium and ForeScout to create what's been dubbed the Indicators of Compromise (IOC) framework, which takes the best of both products and ensures endpoint network security.

"Bromium will detect malware as it comes into a desktop and automatically block it and stop it. However, Bromium can only run on relatively advanced hardware and currently not all of our PCs meet the grade for Bromium," Segimon explained.

"What we've done is we've taken Bromium and we output the detections it has into ForeScout. ForeScout then has the ability to take those detections and scan the entire network almost instantaneously for anything that's picked up," he added. Before going on to describe how IOC works in more detail.

"If my computer sees a piece of malware Bromium picks it up, analyses it - lets it run in the background before stopping it all together - then gives me a signature for the malware and how it looks in memory.

"It then sends that to the ForeScout console which in turn, using the IOC scanner, sends it to every PC in the enterprise... and it scans all of those for that particular signature.

"What have we been able to do is effectively just create a number of endpoints that act as instant detectors and protect the networks automatically."

Segimon said the service from both ForeScout and Bromium has been "phenomenal" and both were happy to work together to protect Pioneer's networks.

"They were very willingly and very happy to work with each other. They saw the benefit in what we were proposing," he said. "Both companies were extremely helpful, both of their support teams were fantastic to work with."

The whole initiative has allowed Pioneer Investments to "balance security against user experience", he concluded.

Computing's Enterprise Security and Risk Management Summit takes place later this year and is free to attend for qualified end users. Register here.