NBS Steps Up Security with Fortinet

National Benefit Services (NBS) offers Retirement and Flexible Benefit administration to 20,000 employers nationwide and has roughly 250 employees. With clients in every state, NBS has grown to become a national name in benefit administration. 

fortinet-firewallThis significant growth is a direct result of the high level of customer care NBS employees provide to its clients each and every day. As the company has grown, it has continued to offer new and innovative services.

One example is an innovative service model that simplifies the use of the Health Savings Account (HSA) benefit for participants with an easy-to-use NBS Debit Card and carrier integration for convenient reimbursement options. An intuitive website makes the entire HSA experience with NBS one that employees will be excited about.

This type of integrated, back-end processing with the larger carriers in the industry has opened new business opportunities for NBS and provided important value and convenience for clients.

To make that carrier integration possible, NBS needed to upgrade its security infrastructure to meet enterprise-class standards, while still ensuring it could be operated effectively by their small IT staff.

Cyber Threat Assessment

Securing Client Financial Data

In the case of NBS, the step up to enterprise-class security meant two primary initiatives to enhance their network security.

First, NBS looked to upgrade their legacy firewall to a Next Generation Firewall. This enabled the addition of IPS, Application Control, Anti-malware and Web Filtering on top of the traditional firewall.

Second, NBS added a new element – sandboxing – integrated with their NGFW to detect sophisticated threats specifically designed to bypass traditional security measures.

Both of the measures were especially important to NBS, given the nature of their business. Specifically:

1. As a financial services company handling payroll and benefits, they were custodians of a lot of client information and it was clear they had become a prime target for advanced attacks.

2. Because they routinely received claims forms, payroll timecards and other documents in the course of business, attacks utilizing attachments entitled “invoice,” “timecard,” or “payroll” would not seem out of place when received by employees.

3. With clients spread throughout the U.S., there was significant work handled out of home office and on the road – beyond the safer confines of the network.

On a regular basis, NBS would receive 15-20 targeted attacks per week – attacks that would take two full time staff to remediate even with the use of controlled virtual desktop images (VDI). Not only did this expend scarce IT resources, but it represented a significant risk to the company, its clients and mission.

A Smooth Transition to High Performance

NBS considered a number of alternatives when upgrading to a NGFW, including offerings from a major networking company as well as a volume price leader, but in the end found Fortinet FortiGate to be the best fit. “We love the user interface and the visibility that it gives us,” said Rich Moss, Director of Technology, “and the remote deployment assistance was great, getting us up to speed during the transition so we did not need to call support.”

Currently, NBS is using the full feature set of FortiGate: intrusion prevention, application control, web and email filtering, anti-malware and even the SSL inspection. “We sized for future growth and have continued to turn on features with zero performance impact,” said Moss.

Adding Sandbox for Threat Detection and Resolution

Although the FortiGate was great at blocking the command and control communications of malware that may have entered via their Office 365 email, or via compromised documents from clients submitted through SFTP, NBS wanted to address the source, not just symptoms of incidents.

Adding FortiSandbox gave them a powerful detection tool, well beyond the tactical blocking of command and control traffic identified by the FortiGate.

“Today, when our FortiGate identifies suspect activity from a client, all of its traffic gets routed through FortiSandbox for additional analysis” Moss explains.

“Based on the results, we are quickly able to verify if there is malware on a system and use the detailed information provided to clean it up fast.” This has been instrumental in returning IT staff resources to important IT projects.

In four or five cases already, FortiSandbox has identified infected submissions from clients who did not believe they could have been compromised. Sharing the FortiSandbox reports quickly convinced them and helped them address their security issue.

Advice for Peers

When asked about his experience with Fortinet and FortiSandbox in particular, Moss stated “Today, threats evolve too fast. I don’t understand how any financial services company can operate without a sandbox. They are playing with fire. I sleep better now that we deployed FortiSandbox.”

In regard to those threats, Moss noted that many of the attacks he sees are not only zipped archives but contain two files – one a bogus document which the end user discards and a second one – the malware – which silently installs.

On the subject of getting funding for the purchase, Moss explains “It was not a hard sell. The first day we plugged our evaluation unit in, it caught 16 files. All I had to do was show executives what it was identifying. FortiSandbox does everything we’d like it to do.”

Perhaps most important is the value to the business. “Fortinet has delivered enterprise-class security in a product that is manageable for an organization of our size,” said Moss.

“Not only does it help us achieve our company mission of maintaining the peace of mind of our clients, but it also opens new growth opportunities for us by demonstrating the controls demanded by larger partners in the financial community.”

Security Solutions