Stupp Bros. Hardens Security with Infoblox Threat Defense™

Roosa has been a staunch advocate for holistic cybersecurity ever since. As CIO for Stupp Bros. for the past 18 years, he has overseen the buildout of a defense-in-depth approach designed to protect the business and its 350+ employees from modern threats.

To achieve those goals, Roosa and his colleagues have deployed a security stack that consists of next-generation firewalls (NGFWs) and other endpoint protection measures, anchored by Microsoft Sentinel, Microsoft’s cloud-based security information event management (SIEM) platform, and associated tools.

While those deployments have been largely effective, they could not adequately address a serious security issue: employees inadvertently engaging in risky online behavior.

THE CHALLENGE

Where Online Users Go, Threats Follow

From Roosa’s perspective, the challenges posed by user behavior have evolved dramatically since becoming CIO in 2007. “It was far simpler back then. The risks weren’t nearly as complex.” At the time, users had fewer devices, business applications primarily ran on desktops, and cloud technology had only recently begun to form. While employee risk did exist, “It was easier to mitigate from an IT perspective compared with today,” Roosa notes.

Today, all Stupp Bros. employees have smartphones or other devices that provide instant internet access wherever they go. Increasingly, much of the work that goes into modern steel fabrication, construction, and fiber-optic broadband relies on email, texting, and access to cloud applications and resources.

However, with so many ways to connect, it has become increasingly difficult for Roosa and his team to control where employees go and what they do online. Unlike larger enterprises, Stupp Bros. does not have the resources to issue locked-down devices or deploy managed desktops for every employee. As a result, employees would occasionally click on phishing links or visit sites embedded with sketchy banner ads that would whisk them off to malicious web destinations, or worse, initiate a virus download.

For Roosa, employee education was crucial to mitigating those risks. On the whole, those efforts have been highly effective; but they have not always been timely enough. For instance, security alerts surged when Stupp Bros. acquired a new business unit before its employees had received the proper security training.

Roosa was determined to prevent these situations moving forward. But even the savviest users can fall victim to malicious online content cunningly disguised as legitimate. Inevitably, virus notification alerts reached the NGFWs and other endpoint security tools at Stupp Bros., prompting security teams to spend hours investigating and remediating.

To address this challenge, Stupp Bros. needed a comprehensive solution that would reduce the risks associated with unsafe online activities while also improving its security posture with minimal impact on employees and security staff.

THE SOLUTION

Harnessing the Proactive Security Power of DNS

Roosa recognized that the best way to keep employees from clicking on risky links was to prevent them from doing so in the first place. Accordingly, Stupp Bros. deployed a series of web filtering products, all with ultimately unsatisfying results. “They were the typical clunky, ‘allow this topic, not that,’” says Roosa.

These solutions also placed the burden on Roosa and his staff to manually identify which topics and web destinations to add to block lists, a time-consuming task that required research and ongoing configuration. However, the biggest drawback was the fundamental design flaw at the heart of these screening tools. “I really don’t like being in the net nanny business because I understand how the internet works and how easy it is to circumvent a lot of those [filters],” Roosa says.

Roosa first encountered Infoblox while researching DHCP management options for the firm’s fiber internet division. During this exploration, he subsequently learned about Infoblox Threat Defense™ and its innovative approach to DNS-based security. “Infoblox was a bit of an epiphany for me,” he says. “DNS is where it all starts.”

With Threat Defense, Roosa realized he could “kill two birds with one stone.” First, it solved the issue of determining which web destinations were malicious. Second, because it operates at the DNS control plane, it completely blocks users from accessing those locations, eliminating the workarounds associated with other filtering options. “It finally coalesced in my brain,” Roosa continues. “If I can control DNS in the name lookups, then I can shut down a lot of activity before it ever gets started.”

Roosa and his teams easily deployed the cloud-based solution in just 15 minutes. The implementation was seamless, transparent to end users, and works across all infrastructure—on-premises, hybrid, and across multi-cloud environments. Threat Defense protects all Stupp Bros. employees on the network, regardless of their location or device. It proactively blocks users from communicating with web domains associated with potential risks, including automated downloading of malware and viruses, credential theft, and data exfiltration, among many others.

The advanced web filtering capabilities within Threat Defense are highly customizable. Additionally, they are continuously updated with the latest implicated domains uncovered by Infoblox Threat Intel, the industry’s leading research group focused on emerging DNS-based threats. This intelligence is augmented with AI-based algorithms to expose threat indicators in domains that other security methods cannot detect.

At Stupp Bros., Threat Defense operates alongside other security deployments, including Microsoft Sentinel and related tools, which handle compromised devices and remediation. While these deployments are primarily reactive in nature, triggering responses only after endpoint security tools detect a threat, Threat Defense proactively stops threats from ever reaching the network perimeter. This is a vital capability that the CIO greatly appreciates. “Threat Defense is our first line of defense for everything,” Roosa notes.

THE RESULT

Forging a Stronger Security Posture
In Threat Defense, Stupp Bros. found an elegant solution to the problem of how to protect employees from threats that exploit modern digital interactions. By preventing access to malicious web destinations while on the network, it eliminates risky online behavior. “If Infoblox says it’s not a good site, then you’re not going there,” says Roosa.

The solution’s filtering capabilities require no intervention on the part of employees. It also makes it far easier for Roosa and his team when determining which destinations to make off limits, a benefit he considers a major selling point. “Now I don’t have to worry about what we should block. Threat Defense takes care of it.”

Since Threat Defense stops threats at the DNS control plane, it has significantly reduced the burden on Stupp Bros.’s perimeter defenses. As Roosa explains, “We’re knocking down the majority of bad traffic before it even gets to us. That creates a lot less noise on our analysis platform.”

This reduction in noise, combined with an extremely low false positive rate of just 0.0002 percent means security personnel have far fewer alerts to manage. For example, since deploying Threat Defense, the virus notifications that had once been commonplace have all but vanished. According to Roosa, thanks to the reduced alert volume Infoblox makes possible, his security teams have cut threat investigation times in half, freeing them to focus on strategic initiatives that strengthen the organization’s overall security posture.

Threat Defense has given Roosa valuable time back as well. He trusts that the risky interactions the platform stops cold are based on the industry’s most up-to-date intelligence on fast-evolving DNS-based threats. “That’s the beautiful part of this product,” he says. “I can honestly tell you I have lost no time managing it, dealing with it, any of that.”

In addition to leveraging Threat Defense’s advanced web filtering capabilities, Stupp Bros. will soon be activating additional features, starting with integrating Infoblox data into its Microsoft security ecosystem. Roosa predicts that the solution’s real-time telemetry of DNS threat activity will significantly enhance the organization’s triage and remediation efforts. “We’ll be able to see a lot more with Threat Defense,” he says.

Speaking more broadly, Roosa minces no words in summarizing the value of its Infoblox deployment: “Threat Defense is the moat around our castle. You’re going to have to get past that before you can start doing any harm on the outside walls. We’re going to shut you down before you get close.”