Securing an Award-Winning Game Developer with Stealthwatch and ISE
How do you secure a company that creates numerous online video games with over 150 million users and a global, distributed network? Wargaming, an award-winning online game developer, faced just such a challenge.
Wargaming has shipped more than 15 titles since its founding in 1998 and employs more than 4,000 people in 16 offices across North America, Europe, Asia, and Australia. Because of this, Wargaming operates a globally distributed network that houses highly valuable intellectual property. To secure this property, Wargaming needed greater visibility into the traffic and users on its network. In addition, it needed a better way to detect potential threats and respond to security incidents when they occurred.
An integrated solution
- Quickly detect potential threats across its network
- Identify the users and devices responsible
- Manage and enforce security policies
- Conduct faster, more thorough forensic investigations
Cisco ISE was deployed to grant Wargaming visibility into user and device data. This allows them to understand who is on the network and what devices they are using. Cisco ISE also drastically improved Wargaming’s security policy management and access control capabilities.
To gain visibility into network traffic, Wargaming relies on Cisco Stealthwatch, which collects NetFlow from existing routers and switches. This dramatically improves visibility and security across the network core.
During the trial of Stealthwatch, Wargaming uncovered two critical security incidents using the technology. The first was an office supply vendor who was scanning all of the company’s http ports, which is often a sign of the reconnaissance stage of an attack. The second incident was a person who was trying to access a company database server and run a query that could destroy Wargaming’s data.
These two incidents illustrate the types of anomalous behavior Stealthwatch can detect. Once an incident has been identified, security operators and investigators can use Stealthwatch and ISE to quickly scope the threat, determine the source, and determine a course of action. In these two cases, Wargaming was able to identify and address potential threats before damage was done.
With the visibility provided by Cisco ISE and Stealthwatch, Wargaming has improved their incident response capabilities. Before, logs and records of unauthorized access attempts were only retained for a few days. With Stealthwatch, NetFlow records can be retained for months at a time, allowing for in-depth forensic investigations.
By correlating NetFlow with contextual data from Cisco ISE, Stealthwatch provides a unified view of network activity. This helps Wargaming quickly understand what is happening on the network, streamline their workflows, and improve their investigation speeds. Stealthwatch’s automated and detailed reports help the Wargaming security team obtain a thorough understanding of an incident within just 30 minutes.
Stealthwatch has also allowed Wargaming’s network operators to better identify and respond to network performance problems, helping the company to reduce slowdowns and unnecessary use of bandwidth.
To learn more about how Wargaming secures its global network with Cisco, read the full case study.