You’re Only as Strong as Your Network Visibility: From a Patchwork Network to Proactive Awareness

May 12, 2021

If a company compromises on its own security, how can clients and employees trust their information is safe? Unfortunately for many companies, network security has become an afterthought. That’s not good enough. Security needs to be at the heart of all digital and IT systems. This is especially true for a company like Asurion, where our clients trust us with their personal devices.

Asurion provides technology insurance, replacements, and repairs for mobile devices, laptops, smart home technology, CCTV cameras, and even headphones. When it comes to mobile phones, we partner with different telcos and service providers who white label our services.

Cybersecurity can’t be an afterthought—it needs to be at the heart of your company.

I’m based in the Philippines, where we have Asurion factories that handle the repairs and replacements, with devices coming in from all over the world. Once the repair is complete, we ship the device back to the owner in their respective country.

When it comes to back-end services, Asurion runs IT services, called Enterprise Technology Services (ETS)out of the Philippines. Most of these services involve DevOps, programmers, DBAs, network engineers, network admins, server admins, and my team, security. Our specializations mean that building and maintaining customer trust is imperative. A security breach or even a small slip up can erode customer trust.

From a Patchwork Network to an Integrated Environment

I joined Asurion two years ago as a security and risk analyst, running the Security Operations Center (SOC). We’re also responsible for threat hunting, threat intelligence, vulnerability management, and some identity access management (IAM). We manage around 20,000 endpoints just for the client devices, not including servers. The servers account for roughly 5,000–6,000 additional endpoints. These are a combination of physical servers, virtual servers, and cloud instances.

When I arrived at Asurion, we didn’t have visibility into our Wi-Fi networks. It was a patchwork of devices from about seven different brands, so visibility was essentially impossible. We needed to roll out a consistent, visible, and secure Wi-Fi network.

I'm not the decision maker, but our team provides assessment and reviews on the proper technology that should be deployed or installed. We had lots to consider before we made our final decision. We studied testimonials, industry reports, customer stories, and vendor after-sale support, which is one of our top needs.

Luckily, since our network was patched together from various vendors, we had firsthand experience with different options. We decided to go with Cisco Meraki as our new, sole network. Meraki was the clear winner in our comparisons. We read TrustRadius reviews and Gartner Magic Quadrant reports, where Meraki was consistently in the Leader quadrant.

We had learned our lesson by using seven different non-Cisco Wi-Fi devices. Cisco’s competitors were a pain in the neck. That experience is what made us so confident that Meraki would tailor-fit our needs. We knew that with Meraki, we wouldn’t have any issues with stability, after-sale support, device integration, security, and visibility on our network.

Gaining Network Visibility

We started by rolling out the Meraki network to our factories, which are in rural areas across the Philippines. Then we deployed Meraki in our call centers in the city. We started small each time. In our call centers, for example, we deployed Meraki in the conference room first—not on whole floors or the building.

We received great feedback from our employees, who enjoyed a consistent network experience. On the security end, we used Meraki so that our guest users and contractors could enjoy the same network access. Once we were happy and confident in the initial deployment, we rolled it out to the whole call center building, and then our back-end offices.

This whole initiative started because of network visibility. I believe your security is only as strong as your visibility, so we used Meraki in tandem with Cisco Prime. Cisco Meraki and Prime provide us with timely detection and alerts. We can now provide flawless internet to our employees and guests while ensuring they are protected and secured.

Staying Secure at Home or the Office

Everything runs through the internet at Asurion, so we wanted to add another defense layer on our security posture to shore up our domain-level protection. That's where Cisco Umbrella came in. We deployed and integrated the cloud enterprise network security globally, and have already made substantial, positive changes.

Umbrella ensures we have domain-level protection on our premises, and allows for timely detection of top-level domains (TLD) that are malicious and anomalous in nature. We didn’t have any other solution or product with that level of security before Umbrella.

Umbrella allows us to identify traffic on TLDs that are being leveraged by adversaries or threat actors. For example, if a TLD is being used to download malicious and unwanted software and/or unlicensed software, we're able to identify those TLDs via Umbrella. We’ve already blocked about 20 TLDs since implementing Umbrella. As a result of blacklisting those sites, we’ve protected our employees from browsing them and increasing our security risk.

In addition to identifying and blocking malicious TLDs, when we're threat hunting or doing threat intelligence, sometimes there are indicators of compromise (IOCs) related to certain domains, so we're able to proactively block them before any threat actors are able to take action.

In the past, our security posture only allowed us to be reactive. But with Umbrella, we can be both reactive and proactive. We can stay one step ahead of any potential cybersecurity risks, but, of course, we can’t plan for everything. So the reactive measures come into place when we identify that an employee browses a malicious site or a phishing site, that hasn’t yet been detected or blocked by our other security tools. Umbrella will notify us about it, and we can block the threat.

Whether your remote employees can connect to a VPN or not, make sure they’re protected.

These capabilities have been especially helpful as the majority of our employees now work from home. We can integrate Umbrella with our VPN services, so regardless of whether an employee’s laptop can connect successfully to our VPN, Umbrella ensures the domain-level protection is still in there.

Umbrella is always in the middle, watching and guiding our internet services to our employees.

Trusting That Things Always Change, Training Helps Us Keep Up

The nature of security is always evolving, and staying stagnant in your knowledge and skills isn’t an option. That’s why professional development and continuous learning is critical. Before I became a security professional, I started as a simple IT service desk guy. I just saw Cisco switches or routers or firewalls inside the server room through a glass window, but I didn’t manage or administer them.

Then I did some research and found out that if I want to progress in my career, and have the accountability or responsibility in handling network devices like those Cisco Catalyst or routers or Cisco ASA, I needed to get Cisco Certified Network Associate (CCNA) certifications. The CCNA Routing and Switching training and the CCNA Security course in particular were highly valuable. I found out there were things I could do to harden the security posture of my company without buying different or additional security tools. It piqued my interest in cybersecurity.

I loved the content of the training because, even though it's Cisco certification, most of the topics, the knowledge, and lessons are vendor-neutral. It just so happens that Cisco has the best product for each topic. What I learned in those CCNA certifications I can also apply to other technologies regardless whether they’re from Cisco or not, because those Cisco certifications cover almost everything. It's not focused on Cisco products alone and takes a holistic approach, which has helped me at each stage of my cybersecurity career at different companies with their own tech stacks.

Security Is Synonymous with Trust: Cisco Helps Us Lead the Way

There's a misconception that security is just an add-on to the IT infrastructure and IT operations. But nowadays, especially here in Asurion, security is our bread and butter.

A company needs to have a good reputation for security to be able to stay competitive. As a professional, I see working on security as playing a big role in society, not just today, but into the future. Everything is digitizing at a rapid pace, and companies are struggling to keep up. The global pandemic has accelerated the pace. Every company, client, and now even individuals have started to embrace digitization. With Cisco, Asurion is not only keeping pace, we’re leading the way—without ever compromising on security.

John Patrick Duro

Security and Risk Analyst III at Asurion

Experienced IT professional with a demonstrated history of working in the various industry. John is a Cisco Cybersecurity Ambassador due to his active participation to the Cisco Customer Program called The Cisco Gateway. Skilled in VMware ESX, Windows Server, Linux, Incident Management, Network and Systems Security. Strong information technology professional with a Master of Science in Information Technology focused in Network Administration from Polytechnic University of the Philippines – Graduate School.