Implementing Security Solutions at a Growing Company
When he joined mobile attribution and analytics leader App
sFlyer in January 2018, CISO Guy Flechter began implementing a wide-ranging cybersecurity program to protect his heterogenous environment.
“The nature of our business coupled with how quickly we’ve grown has led to an environment that is far from uniform,” said Flechter. “With Windows devices in AD, Macs managed by JAMF, Linux devices managed by Chef, various security tools (such as: end point protection, EDR, deception and more) on every laptop, MDM solutions, deception agents, and so on, the result was a patchwork of security solutions. And although adopting best-of-breed solutions is the right strategy, it becomes a management headache.”
Ensuring Policy Adherence
After implementing the best security tools for every device type, the AppsFlyer team realized that they needed an automated way to ensure that every device had the required solutions installed, and that users had the correct permissions to adhere to the overall security policy.
“We needed an easy and automated way to have clear visibility into which agents were missing from each device, and a way to know when users had rights that conflicted with our security policies. For example, I want to immediately see all Windows devices missing an endpoint agent, unmanaged devices in various VLANs, and I want to know any time a user has been active but hasn’t changed their password in the past 60 days. These are really foundational elements of any cybersecurity program, and there were no good ways to get the answers,” said Flechter.