At The Nature’s Bounty Co. we focus on endpoint security. Vulnerable end user systems can cause real operational and economic damage to a company like ours. We’re a global market leader in natural wellness products such as vitamins, nutritional supplements, sports and active nutrition, and ethical beauty products.
One of the biggest challenges we faced as an IT organization was deploying software updates to everyone in the company. We're headquartered in Ronkonkoma, New York, but have employed a global workforce of more than 11,000 associates.
Almost everyone has a laptop, and many people work from home. We have associates that may never come into an office, so they never hit our network. This was presenting us with the problem of getting patches and other software deployments out to our users in a timely fashion.
That’s why we recently upgraded The Nature’s Bounty Co. to version 8.1 of Symantec™ IT Management Suite.
IT Management Suite 8.1 includes new patch distribution and asset management features that address all our issues and help us fight ransomware:
- A streamlined process for updating Windows 10, Windows 7 and 8.1, and Office 365—The built-in patch management solution detects newer Windows systems that require cumulative updates, feature updates, monthly quality roll-ups, or monthly security updates. It installs the updates and tracks the roll-out using compliance reports. Previously, you needed an experienced engineer to push out Windows updates, but with these tools almost anyone can push out patches.
- Peer-to-peer content distribution—To conserve network bandwidth, updates can be delivered using multicasting or peer-to-peer package downloads. Devices can download packages from other devices rather than from a local (or remote) notification server.
- Mac profile management—Version 8.1 adds profile management to its existing Mac management capabilities of deployment, inventory, patch management, and software delivery. With profile management, administrators can import configuration profiles, target specific devices, apply profiles, and report on compliance.
- Cloud-enabled management—An internet gateway in the demilitarized zone (DMZ) provides certificate-based trusted communication between client systems outside the firewall and the Symantec management server. Remote users who do not connect to the VPN nonetheless have continuous management services.
Just as we finished the 8.1 upgrade, the WannaCry ransomware attack hit, which is reported to have infected more than 230,000 systems in 150 countries in its first day. We had been taking a slow-and-steady approach to getting everyone patched, and had just finished the IT department pilot, when management told us, "Patch everyone NOW!"
With bandwidth throttling and peer-to-peer capabilities, I was comfortable saying, "Here's the patch, everybody. Go get it." I knew it wasn't going to flood our network.
Now that my IT Management Suite reporting tools are up to date, I'm able to easily provide to my Information Security Management Team not only details about which devices are in our environment, but a list of which devices have a specifically named infected file present ... and it only takes five minutes!
The only way to prepare for an attack like WannaCry is to stay ahead of the curve with your patching. You have to have a plan and you have to have the right tools. Symantec IT Management Suite has given us those tools.
Listen to the audio recording of the full interview with Jeremy Small, End User Support Services Manager, The Nature's Bounty Co.