Case Study: Dexar Group Takes on Cybersecurity
The Company
Dexar Group has gained national recognition for its expertise in key areas of the property industry and as a trusted house of real estate sales and property management. Dexar helps real estate businesses achieve ongoing improvements in revenue and efficiency by providing advice and assistance throughout the diversification process. Continually striving for innovation, Dexar develops customized solutions for various aspects of property business management and provides the technology solutions and marketing tools needed for business success.
The Situation
Chief Information Officer Daniel Cox knew that Dexar Group was an enticing target for cyber criminals attracted by the significant financial nature of residential and commercial real estate transactions. “We have 400 staff who connect to our systems from a mix of company-owned and personal devices,” said Cox. “It’s not uncommon for someone to open a weaponized attachment, or fall for a phishing attack, and discover their system has become infected with malware. This could potentially result in compromised client data and attackers attempting to intercept the real estate transaction and redirect funds to accounts they control.”
Cox also recognized that the firm’s existing signature-based antivirus product was no longer capable of preventing ransomware attacks from compromising the firm’s internal systems and data.
“There was a stretch there where we suffered a ransomware breach nearly every month,” Cox recalls. “Fortunately, we were always able to recover fairly quickly, so we never lost any data or delayed a transaction from closing. However, we’d have to spend a day or more tracking down the infected endpoint, remediating the damage, and restoring the encrypted data from our backups. That represented a lot of lost productivity for our IT team and many hours of downtime for the departments affected. It was clear that we needed to shore up our endpoint defenses, so we reached out to our trusted business partner, ForwardIT for a solution.”
ForwardIT is a Canberra, Australia-based Information and Communication Technology (ICT) managed service provider and value-added reseller. Founded in 2002, ForwardIT specializes in ICT design, implementation, and support services for the government, small to medium-sized businesses, education, and not-for-profit organizations.
“Like many small and medium-sized businesses, Dexar relies on a small IT team to preserve the operational integrity of its critical business applications and data,” said Michael Sandberg, ForwardIT’s Sales and Business Partner Manager. “That includes everything from routine maintenance to managing cyber risks. Therefore, we knew that Dexar would need a solution that was not only effective at protecting endpoints, but also efficient with staffing and resources. CylancePROTECT® was the obvious choice.”
ForwardIT met with Cox and his team to demonstrate the full spectrum predictive threat prevention capabilities of BlackBerry Cylance’s native AI platform. According to Sandberg, “As expected, the Dexar team was impressed by the efficacy of CylancePROTECT and intrigued by its AI technology.” The proof of concept (POC) followed shortly thereafter.
The Process
ForwardIT began the POC by setting up a zone within its BlackBerry Cylance portal for Dexar to use in its evaluation. The advantages of CylancePROTECT’s cloud-based approach to deployment and management were immediately apparent to IT Operations Manager Andrew Levison and his team.
“Maintaining our signature-based antivirus had always been a laborious, time-consuming and error-prone process,” said Levison. “We were constantly having to download, distribute, and audit new signature files. And since the antivirus system had to be hosted on-prem, we could only update endpoints when they were connected to our LAN. With CylancePROTECT, the updates would be extremely infrequent and accessible to every machine with Internet access.”
Next, Levison and his team compared the effectiveness of CylancePROTECT against Dexar’s incumbent signature-based antivirus. Both products were randomly subjected to more than 100 samples of malware. The incumbent antivirus suffered multiple failures. CylancePROTECT performed flawlessly. When the POC ended, Dexar selected CylancePROTECT as the company’s new endpoint protection platform.
According to Levison, “We knew we wouldn’t be able to assign a dedicated team to operationalize CylancePROTECT, so we expected the rollout to progress relatively slowly. Fortunately, we found the process of installing the agent and creating security policies both efficient and straightforward.” ForwardIT helped Dexar hit the ground running by creating an initial group policy for the company’s client machines. “We rolled that out in stages, one department at a time, until we were sure everything was working smoothly,” said Levison.
It took another month to finish operationalizing CylancePROTECT and decommissioning the incumbent antivirus. According to Levison, “We had to create separate security policies for several of our servers. We took our time defining whitelists and exceptions to ensure there would be no glitches with our core business applications.”
At the end of two months, malware protection was running in auto-quarantine mode and application control, script control, and memory protection had been fully-enabled, a milestone that signaled Dexar had achieved a prevention-first security posture.
“We decided not to enable device policy enforcement because it would have conflicted with some of our routine business processes and imposed an administrative burden on our team,” said Levison. “For example, our salespeople need to be able to take photos of properties and then upload the images from their cameras or thumb drives. It wouldn’t have been practical for us to have to whitelist every one of those devices. We were confident that CylancePROTECT would prevent malware infections from that vector, too.”
The Results
Two years after its initial deployment, CylancePROTECT is still quietly at work combatting malware, memory exploits, malicious scripts, weaponized docs, and other threats. According to Cox, “We haven’t had to contend with a single ransomware incident since completing the deployment. We’re also benefiting from some extremely useful asset management capabilities that go well beyond endpoint protection.”
For example, Cox and his team have created a top-level view within CylancePROTECT’s dashboard that displays the operating system and connection status of every endpoint under management.
“CylancePROTECT is not only blocking threats, it’s also helping us streamline our auditing and patch management processes,” said Daniel. “Small IT teams like ours need to operate as efficiently as possible. We need solutions that do what they’re supposed to do and with minimal oversight. CylancePROTECT is a perfect example. It’s saving us time, money, and effort in meeting our stringent requirements for endpoint defense.”
Summary
INDUSTRY: Real Estate.
ENVIRONMENT: Approximately 450 endpoints, including Windows® client and server systems and Mac laptops, distributed across Dexar Group offices in Canberra and Sydney.
CHALLENGES:
• Protecting employees and a BYOD network of sales agents from adversaries attempting to ransom client data and disrupt real estate transactions.
• Reducing the incidence of threats penetrating the company’s obsolete signature-based antivirus system.
• Slashing the time and effort required to manage and maintain endpoint defenses.
SOLUTION: Transitioning to a prevention-first security posture by engaging BlackBerry Cylance partner ForwardIT to deploy and operationalize CylancePROTECT.
About BlackBerry Cylance
BlackBerry Cylance develops artificial intelligence to deliver prevention-first, predictive security products and smart, simple, secure solutions that change how organizations approach endpoint security. BlackBerry Cylance provides full-spectrum predictive threat prevention and visibility across the enterprise to combat the most notorious and advanced cybersecurity attacks, fortifying endpoints to promote security hygiene in the security operations center, throughout global networks, and even on employees’ home networks. With AI-based malware prevention, threat hunting, automated detection and response, and expert security services, BlackBerry Cylance protects the endpoint without increasing staff workload or costs.