Signal Sciences Case Studies Maritz Enhances Security and Compliance with Next-Gen WAF

	Maritz Enhances Security and Compliance with Next-Gen WAF Signal Sciences

Maritz Enhances Security and Compliance with Next-Gen WAF

Signal Sciences

Technology Category	Application Infrastructure & Middleware - Event-Driven Application Infrastructure as a Service (IaaS) - Virtual Private Cloud
Applicable Industries	Cement National Security & Defense
Applicable Functions	Product Research & Development
Use Cases	Tamper Detection Traffic Monitoring
Challenge	Maritz, a holding company providing a range of services to Fortune 500 companies, faced a significant challenge in enhancing its security posture to support PCI DSS requirement 6.6. Several of its business units accept credit card information, necessitating annual reporting on PCI DSS compliance. The company decided to implement a web application firewall as an additional layer of security for its PCI environment. However, with numerous business units, applications, and diverse technology stacks, Maritz needed a single product that could be deployed across all current and future hosting environments, whether physical or virtual, on-premises or cloud. The company was also seeking a solution that was easy to use, with automated blocking and simple deployment, to replace their previous open-source solution that required extensive manual effort to operate. Read More
About Customer	Maritz is a holding company that provides a variety of services to Fortune 500 companies and beyond. Its businesses offer market and customer research, customer loyalty programs, sales incentives, employee rewards and recognition programs, and meeting, event, and travel incentive services. The company has multiple business units and applications, each with different technology stacks. Maritz hosts a PCI environment, as several of its business units accept credit card information, and therefore must report annually on PCI DSS compliance. The company was seeking a solution to enhance its security posture in support of PCI DSS requirement 6.6. Read More
Solution	Maritz chose to deploy Signal Sciences, initially rolling it out to 5% of its corporate application footprint. The deployment was so successful that Maritz decided to expand it to cover 90% of total applications across multiple business units. Signal Sciences' simple agent and module software was deployed directly to the web server, without requiring changes to traffic flow or impacting legitimate traffic or performance. Maritz uses Signal Sciences' API to ensure agents are up to date and functioning properly, and the dashboards provide visibility into flagged and identified malicious IPs. The solution's ease of deployment and effectiveness led to its acceptance across the organization, and it will now be a corporate-wide offering with an opt-in model. Importantly, Signal Sciences did not require Maritz to set up a new team to manage the product, fitting in seamlessly with their existing Security Operations Center and standard operating procedures. Read More Log in to view content
Contents

Technology Category

Application Infrastructure & Middleware - Event-Driven Application

Infrastructure as a Service (IaaS) - Virtual Private Cloud

Applicable Industries

Cement

National Security & Defense

Applicable Functions

Product Research & Development

Use Cases

Tamper Detection

Traffic Monitoring

Challenge

Maritz, a holding company providing a range of services to Fortune 500 companies, faced a significant challenge in enhancing its security posture to support PCI DSS requirement 6.6. Several of its business units accept credit card information, necessitating annual reporting on PCI DSS compliance. The company decided to implement a web application firewall as an additional layer of security for its PCI environment. However, with numerous business units, applications, and diverse technology stacks, Maritz needed a single product that could be deployed across all current and future hosting environments, whether physical or virtual, on-premises or cloud. The company was also seeking a solution that was easy to use, with automated blocking and simple deployment, to replace their previous open-source solution that required extensive manual effort to operate.

About Customer

Maritz is a holding company that provides a variety of services to Fortune 500 companies and beyond. Its businesses offer market and customer research, customer loyalty programs, sales incentives, employee rewards and recognition programs, and meeting, event, and travel incentive services. The company has multiple business units and applications, each with different technology stacks. Maritz hosts a PCI environment, as several of its business units accept credit card information, and therefore must report annually on PCI DSS compliance. The company was seeking a solution to enhance its security posture in support of PCI DSS requirement 6.6.

Solution

Maritz chose to deploy Signal Sciences, initially rolling it out to 5% of its corporate application footprint. The deployment was so successful that Maritz decided to expand it to cover 90% of total applications across multiple business units. Signal Sciences' simple agent and module software was deployed directly to the web server, without requiring changes to traffic flow or impacting legitimate traffic or performance. Maritz uses Signal Sciences' API to ensure agents are up to date and functioning properly, and the dashboards provide visibility into flagged and identified malicious IPs. The solution's ease of deployment and effectiveness led to its acceptance across the organization, and it will now be a corporate-wide offering with an opt-in model. Importantly, Signal Sciences did not require Maritz to set up a new team to manage the product, fitting in seamlessly with their existing Security Operations Center and standard operating procedures.

Impact #1	The deployment of Signal Sciences has brought several operational benefits to Maritz. It has provided visibility at the application layer, enabling more meaningful conversations about application security between the infrastructure services group and engineers. Developers can now see attacks in real-time and take immediate action. Signal Sciences' automatic traffic categories also provide application engineers with insight into anomalies, many of which can be cleaned up with minimal effort. The solution's virtual patching capability has provided insights into common vulnerabilities exposure (CVEs), allowing the team to block malicious attempts and buy time to fix the underlying vulnerability. As Signal Sciences continues to build out its CVE library, this will become even more valuable and time-saving.

Impact #1

The deployment of Signal Sciences has brought several operational benefits to Maritz. It has provided visibility at the application layer, enabling more meaningful conversations about application security between the infrastructure services group and engineers. Developers can now see attacks in real-time and take immediate action. Signal Sciences' automatic traffic categories also provide application engineers with insight into anomalies, many of which can be cleaned up with minimal effort. The solution's virtual patching capability has provided insights into common vulnerabilities exposure (CVEs), allowing the team to block malicious attempts and buy time to fix the underlying vulnerability. As Signal Sciences continues to build out its CVE library, this will become even more valuable and time-saving.

Benefit #1	Expanded coverage to 90% of total applications across multiple business units
Benefit #2	Automated blocking of certain attack patterns that previously required manual investigation and mitigation
Benefit #3	Integration with existing Security Operations Center, eliminating the need for dedicated FTEs to manage the product

Benefit #1

Expanded coverage to 90% of total applications across multiple business units

Benefit #2

Automated blocking of certain attack patterns that previously required manual investigation and mitigation

Benefit #3

Integration with existing Security Operations Center, eliminating the need for dedicated FTEs to manage the product

Download PDF Version

Overview

Maritz Enhances Security and Compliance with Next-Gen WAF

Operational Impact

Quantitative Benefit