Executive Summary
R.R. Donnelley (RRD) is a Fortune 500 global provider of multichannel marketing and communications solutions. RRD’s legacy antivirus wasn’t meeting its standards for effectiveness and couldn’t adapt to the organization’s cloud and endpoint modernization strategy. To stay ahead of risks and take a proactive posture against threats, RRD recognized the need to change to a more modern and holistic solution for protecting their enterprise.
Securing Legacy Applications
RRD has a sprawling IT infrastructure to support its 200 sites globally and 30,000 customers. With a mix of Linux and Windows running on-premises and in AWS, it was critical that their endpoint solution offered flexibility without compromising on coverage. Being a 160-year-old company, RRD had to support legacy infrastructure, including older versions of Windows Server and legacy applications designed around on-premises data centers. Their antivirus solution wasn’t performing and simply “checked the box.” The security team had to constantly reinstall and reconfigure the tool while dealing with false positives and compatibility issues with their legacy applications. Some of these legacy applications exhibited improper behavior, which required tuning, filtering, and constant communication between business users and application teams. For its signature-based AV to function, many features had to be disabled, which hindered the prevention and detection of threats in their environment. Catalyzed by global ransomware events in 2017, Jason “Spence” Spencer, Vice President of Global IT, decided it was time to modernize RRD’s prevention and governance strategy across its diverse operating environments.
Why AWS?
RRD was an early adopter of cloud technologies by deploying specific workloads to AWS over ten years ago. When asked why AWS was selected as their initial cloud partner, Reto Lichtensteiger, Senior Director of Global Infrastructure and Cloud, noted that AWS was the only public cloud provider who had any meaningful offerings at the time that could suit RRD’s needs. Initially, non-mission critical workloads were moved to AWS, and as time went on, more mission-critical applications were lifted and shifted to Amazon EC2 instances. AWS is now RRD’s preferred public cloud provider, and most applications are built on AWS. RRD is moving to a container-first architecture and will be adopting containerized services in AWS like Amazon ECS
Why SentinelOne?
After challenges with their signature-based antivirus solution, the RRD team decided to implement a more sophisticated solution for endpoint protection. “The threat landscape is no longer based on patterns but behaviors and analytics,” said Spencer. “The target on our back was getting larger every day we didn’t do something about it.” When using their legacy endpoint solution, it was time-consuming and burdensome to investigate and respond to an incident.
Robust Ransomware Prevention
After rigorous field testing, SentinelOne Singularity Complete and Singularity Cloud was deployed in parallel with the team’s legacy solution. SentinelOne’s compatibility made it easy to deploy: RRD was able to do a full rollout to all 50,000+ endpoints and servers in under a month, which was five months sooner than expected. SentinelOne was run with a Detect policy, meaning the agent would alert on an incident, and RRD’s legacy AV would be responsible for prevention. Within a month of deployment, RRD prevented an outbreak of WannaCry ransomware stemming from a contractor’s laptop overseas. The SentinelOne console alerted the team to the infection after detecting aberrant network behavior, while their legacy AV solution failed to detect or prevent any ransomware activity. The security team switched SentinelOne to a Protect policy, which immediately killed and quarantined the ransomware.
Results
Since the event, SentinelOne has become a first-class citizen within RRD’s environment as a key component of its security posture. SentinelOne is the new corporate standard for endpoint security, delivering equal protections across all endpoints and servers regardless of whether they reside on-premises or in AWS. “Now, we can prevent incidents in seconds, stopping attacks in their tracks before they can progress,” said Reto. When an incident occurs, the security team can coordinate a response by killing malicious processes and quarantining affected machines.
SentinelOne’s patented Storyline™ provides rich context and remote forensics for investigating activity on their endpoints and EC2 workloads. With a birds-eye view of their organization, Spencer’s team can identify and prevent attacks on RRD’s systems and services. “With SentinelOne as a key element of our tool belt, security became a differentiator,” said Spencer
