Mississippi Secretary of State Gains End to End Advanced Threat Protection for Its Data

Since we deployed SandBlast Agent, we have not had a single advanced malware or ransomware incident in almost a year. -Russell Walker, Chief Technology Officer, Mississippi Secretary of State

The Mississippi Secretary of State is comprised of eight divisions, each with specific responsibility for delivering information and services to its constituencies. The divisions include Business Formation and Services; Charities; Public Lands; Elections and Voting; Regulation and Enforcement; Securities; Education and Publications; and Policy and Research.

Looking for Stronger, Broader Protection

The Mississippi Secretary of State faces the same cyber threats that target large enterprises and other levels of government. Security is a high priority, and recently, the agency upgraded its security infrastructure to achieve a number of goals.

“We have a much broader range of threats to defend against,” said Russell Walker, Chief Technology Officer in the Mississippi Secretary of State. “Ransomware was a huge concern, and we needed stronger protection against everything from viruses, bots, and general malware to zero-day attacks and phishing.”

The solutions deployed previously lacked capabilities, such as sand boxing, that could accurately stop and analyze a potential threat. Endpoint protection was a traditional, signature-based antivirus product that not only missed malware and advanced threats, but also took a toll on users’ PC performance. None of the solutions delivered adequate visibility into threats that they did catch, nor did they give Russell and his team actionable information for fighting them.

“We began looking for an endpoint protection solution that did a much better job of preventing and detecting malware with fewer resources,” said Russell. “We also wanted a better Intrusion Protection System (IPS) and anti-bot solution—all in one package.”

Starting with the SandBox

Russell’s team evaluated potential solutions, including Check Point, from the perspective of being able to sandbox threats.

“Check Point Sandblast Zero-Day Protection was on a level by itself,” said Russell. “Check Point was one of the only companies that could do Threat Emulation and Threat Extraction—and they were the best.”

Check Point SandBlast Zero-Day Protection provides complete protection against zero-day and targeted attacks. Threat Emulation technology monitors CPU-based instruction flow for exploits trying to bypass OS security controls, allowing it to stop attacks before they can evade detection. Threat Extraction removes exploitable content, including active content and embedded objects, reconstructs files to eliminate potential threats, and promptly delivers sanitized content to users. To protect its endpoints, the Office chose Check Point SandBlast Agent, which gave them a complete set of real-time anti-ransomware, anti-bot, zero phishing, and automated incident analysis features.

“We could use Check Point’s threat cloud, which eliminated the need for another appliance,” said Russell, “and we got protection with visibility that isn’t available from other products in a single offering. Wow.”

Ransomware Prevented

Two days after deployment, SandBlast Agent detected and stopped ransomware on multiple endpoints in the agency. Since then, it has alerted the team to other threats and stopped a bot from taking control over machines. SandBlast also regularly sandboxes dangerous file types that come into the agency, stripping out potentially malicious links and other exploitable content before passing a clean file to users.

“We’ve had several ‘whew’ moments,” said Russell. “From day one, Check Point did a great job in providing better security on the network.”

Less Time, Less Effort, Less Worry

Because it’s not signature-based, SandBlast identifies and stops zero-day threats before they can cause harm. When SandBlast suspects a threat it quarantines endpoints off the network to prevent potential damage from spreading. That feature saves time for a small team with limited resources. Amazingly, all this happens in the background and neither user or end point is affected – or even aware.

“One of my favorite features of SandBlast Agent is the forensics,” said Russell. “Now we can see exactly what happened, how it happened, and when it happened. To top it off, Check Point provides a remediation script to undo all of that. It’s second to none.”

Optimizing Value

The Mississippi Secretary of State’s Office not only upgraded its security infrastructure by deploying Check Point, it optimized its security posture and processes at the same time. As a government agency, the team always has to do more with less. With Check Point, they meet their security needs from the network edge to the endpoints with a single, highly efficient solution.

“We also had cost savings from the efficiency gains,” said Russell. “Now when I leave work, I feel much better about our security because I know we’re protected with Check Point.”

 

For more information, visit: www.checkpoint.com/sandblast

Share this story