IRIS Software Group

High Growth UK Software Company Uses Managed Detection and Response Services to Get New Levels of Visibility and Protection During its Digital Transformation to the Cloud

Background

IRIS Software Group (IRIS) is a high-growth software company that has expanded beyond its core accounting focus into new markets including education, payroll and HR. It faces a unique challenge as it absorbs and manages disparate software systems and network infrastructures inherited from different acquisitions. Network visibility to monitor for cybersecurity threats is critical as it consolidates everything into a single standard technology stack.

The Business:

• Software company that provides operational software to Accountants, Corporates, SMEs and educational establishments
• Strong acquisitive growth
• Over 1,500 employees

• Twenty-fold turnover growth between 2002 and 2019
• Sixteen sites in the UK
• Additional sites in North America
• Investors are Hg Saturn Fund and Intermediate Capital Group

The eSentire Solution:

eSentire provides industry-defining, cloud-native Managed Detection and Response (MDR) that removes blind spots and enables 24/7 threat hunters to contain attacks and stop breaches within minutes.

• eSentire MDR for Network hunts and contains elusive cyberattacks no matter where your environment lives. Our threat hunters work on your behalf to investigate, confirm and disrupt malicious traffic before your operations are disrupted.
• eSentire MDR for Endpoint combines Endpoint Detection and Response (EDR) technology with proprietary machine learning and human expertise to rapidly detect and contain threats that bypass preventative controls.
• eSentire MDR for Log, a cloud-native, SIEM alternative, embedded in eSentire’s MDR services, aggregates meaningful and actionable intelligence across network assets, endpoints, applications and cloud services.
• eSentire Managed Risk - Managed Vulnerability Service identifies vulnerabilities with unsurpassed accuracy across traditional and dynamic IT assets. Security experts act as an extension of the team providing analysis, guidance and prioritization of risk contextual to your business.

The Challenge

UK-based IRIS has grown aggressively through acquisition and organic growth across a range of vertical sectors. As it took on more technology stacks from acquired companies, network visibility and management information--especially being able to identify nefarious activity--became increasingly important for IRIS. The business had reporting from its anti-malware software, but it wasn’t enough, explains David Adams, IT Technical Authority for the Group. “It gave us good visibility on viruses, malware, and malicious sites, but it didn’t give us the ability to see what was happening on the network,” he says.

To accelerate the adoption of new technologies and services that IRIS needed to move at the speed of business and the organisation’s growth, the company developed and began executing on a strategy to move software and workloads to the cloud. Given the additional layer of security complexity and risk cloud brings, IRIS knew they needed a service provider that would keep their hybrid environment secure.

IRIS is moving from almost 10 different CRM packages and multiple ERPs running on various companies’ premises to a single cloud-based model with single applications for ERP, CRM, and marketing. This will leave just a few internal applications handling licensing fulfillment and development engineering environments running on its premises.

This digital transformation required an expansion strategy that included a 100-point strategic security program to overhaul basic cybersecurity hygiene measures like patch management, and bring new security tools such as two-factor authentication to the cloud.

The company realised early on that it couldn’t tackle the challenges ahead and manage growing volumes of network traffic with a small security team. According to Adams, ”it was rapidly becoming apparent that we were going to go international.” IRIS had traditionally been a UK-centric business, however recognised that adversaries work around the clock and internationally.

Extending its cybersecurity coverage across its evolving environment and the need to provide around the clock detection and response, was beyond in-house capabilities, Adams recalls. “The ROI of bringing the expertise and commitment to running a 24/7 SOC is not there for an organization of our size” he said.

The Solution

IRIS ran a thorough tender process and eSentire lined up against nine other candidates during its selection process. It was eSentire’s multi-signal approach to provide visibility across IRIS’ entire IT environment and its 24/7 monitoring that stood out, as well as its flexible approach to pricing and licensing.

The Group began by installing eSentire MDR for Endpoint, eSentire MDR for Network service and eSentire MDR for Log, leveraging the existing Sumo Logic investment at IRIS’ new flagship head office and datacentre. It also used a co-managed version of eSentire Managed Risk - Managed Vulnerability Service, that gave it full visibility into what was happening on its network.

Adams added an option to scan the Group’s external websites as part of that service, enabling it to scan the applications that run on those sites for vulnerabilities. IRIS provides access to several of its products through online portals, and it can feed that vulnerability information directly back to the engineering teams responsible. “We’ve used that to clear up some vulnerabilities that we had on those sites,” Adams says.

The Results

IRIS realised immediate benefits of eSentire services soon after deployment. eSentire Managed Risk - Managed Vulnerability Service revealed several vulnerabilities that could be addressed immediately.

“Even during the deployment period, the data that we looked at exposed a lot of information about our environment that we previously did not know” Adams recalls. “We were aware of vulnerabilities and issues that we had, but eSentire Managed Risk - Managed Vulnerability Service was able to highlight things that had not been caught with others.”

One unknown vulnerability that eSentire Managed Risk - Managed Vulnerability Service caught concerned a VoIP-enabled phone handset that had not been updated with a security patch. This left an open exploit on the phone, which was accessible from outside the network with no authentication. “This could have created a compliance issue, but was resolved,” he pointed out.

eSentire’s Threat Response Unit researches and identifies emerging threats on behalf of its customers and translates the threat into action the customer can take to harden their security stance. One such example involved a phishing attack involving links to Google Drive and Microsoft’s OneDrive. The attack payload would often ask victims to enter their corporate login credentials, IRIS was able to take this new information to spot and block URLs with telltale patterns.

eSentire also identified attack patterns in which threat actors would try to execute malicious code on IRIS’ network, through a website, and notified them of several scans looking for open ports on its firewall. The IRIS security team used this information to block the offending source IP, which originated in the Seychelles.

eSentire MDR for Log has provided unprecedented visibility across IRIS’ environment by gathering information from across its broad array of network products and endpoints. Before eSentire, it would have to manually log into network equipment and download log information manually for analysis, which is a daunting task for a small security team.

“It’s great to have a service that correlates all of that information together automatically, along with people experienced at spotting things outside the norm, investigating, and only alerting us if it’s something that we need to do something about,” Adams says, adding that it could continue to focus on core IT functions without the need to hire or build a Security Operations Centre (SOC) team.

With more large acquisitions planned this year, IRIS will need network visibility more than ever in the future. Partnering with eSentire gives it the platform it needs to deliver a strong cybersecurity strategy that will protect a company with aggressive growth ambitions.