Clover Technologies Group, a leading global remanufacturer and distributor of imaging supplies, recently replaced a third-party endpoint security solution with Windows Defender Advanced Threat Protection (ATP) as part of a company-wide migration to Windows 10 and Windows Server 2016. The security team at Clover uses Windows Defender ATP to efficiently manage, monitor, and respond to a range of security threats from one unified cloud-based portal. Users have experienced significant performance gains, and the company can easily measure and communicate security improvements using Microsoft Secure Score.
Founded in 1996, Clover Technologies Group is the world’s largest remanufacturer and distributor of imaging supplies. It provides remanufactured laser and inkjet cartridges and printer parts from its high-tech factories around the world.
To be an ever-more-trusted partner to its customers, Clover increased its focus on security. “Every time you turn on the TV, you see that someone has been compromised, or leaked sensitive data,” says David J. Kueffner, Vice President of IT Infrastructure at Clover Technologies “We want to be proactive and protect our data. That requires managing endpoints effectively to prevent infection, ensuring we have the visibility necessary to manage and remediate incidents in real time—while making sure users stay productive.”
Clover understands the value of technology capabilities that are designed to work together. “We’re fully integrated on the Microsoft platform—the more we can use the tools available to us, the greater value we can provide to Clover,” notes Kueffner.
This streamlined experience was a major driver behind the company’s decision to adopt Windows Defender Advanced Threat Protection (ATP) for its next-generation antivirus, exploit protection, and endpoint detection and response (EDR) capabilities as part of its recent upgrade from Windows 7 to Windows 10 across its desktop ecosystem. “The deployment process was very smooth,” recalls Kueffner. “We rolled it out as we upgraded existing devices, and then put domain policy in place to make sure any new device with the minimum requirements gets Windows Defender ATP operational.”
Working closely with Microsoft Partner Network member Concurrency through the rollout, Clover performed a direct, side-by-side comparison of the preventative protection capabilities in Windows Defender ATP and its previous endpoint security tool. It found that Windows Defender ATP provides equal or better protection with much less effort. “We haven’t seen any instances where the previous solution caught something that Windows Defender ATP didn’t, and the interface is so much easier to use—especially when investigating malware root causes,” says Kueffner. “That means we can truly understand what’s going on in our IT ecosystem and know faster how to remediate issues.”
Clover engineers wear many hats. “They are deploying infrastructure and applications while managing security, so we greatly value the simplicity and automation provided by Windows Defender ATP technologies,” says Kueffner. “With Windows Defender ATP, we can roll up security information, get alerts, interrogate and lock down devices, and remediate issues all from one highly secure cloud-based tool.” And real-time alerts help the team stay proactive and agile. “Thanks to the alerting capabilities in Windows Defender ATP, my team responds to threats as they happen, so we never fall behind,” Kueffner says.
Bill Hughes, Technical Architect at Concurrency, concurs: “Windows Defender ATP worked flawlessly with Clover’s Windows 10 environment, as it’s a cloud-based tool, and it was very effective at automatically remediating security events,” says Hughes.
Clover engineers also use other ATP capabilities in the Microsoft cloud to protect against advanced threats. “Every company is vulnerable,” notes Kueffner. “We’ve had vendors that were hacked and sent phishing emails to our users from accounts that are legitimate. Office 365 ATP helps identify those emails to users to prevent identity theft in the first place, and Azure ATP gives us the ability to rapidly disable accounts, change passwords, and lock out attackers if anything ever gets through.”
Security that doesn’t slow people down
While preventing cyberattacks and data leaks is a top priority for Clover, the less users have to think about it, the better. Unfortunately, security tools that do not interoperate with the operating system can result in major performance impacts. “Our previous solution hit the hard drives and network connections pretty hard with scans and updates,” says Kueffner. “Moving to Windows Defender ATP has resulted in a significant increase in usability for our Windows 10 devices compared to using third-party software. The start times are faster, and people have access to the full functionality of their devices whenever they need it.”
The shift has also supported greater use of self-service approaches to device management, which helps keep employees happy, while reducing the need for IT intervention. “We have implemented enforcement of strong passwords to help keep user accounts from being penetrated by hackers,” says Kueffner. “Using Microsoft Enterprise Mobility + Security and Azure Active Directory, we have enabled secure self-service password reset so our employees don’t have to contact IT as often.”
Showing, not telling
Windows Defender ATP helps Clover comply with external and internal requirements. “The breach notification reports available in Windows Defender ATP will make it simpler for us to comply with the European General Data Protection Regulation,” predicts Kueffner. “We will also show that we can better meet customer needs around security when we respond to requests for proposals, helping us win more customers. We can demonstrate that we have the up-to-date antivirus software, malware detection, centralized monitoring, and other capabilities they expect.”
Clover makes extensive use of the Microsoft Secure Score dashboard in Windows Defender ATP, which provides visibility into the overall security posture of the organization. The Secure Score quantifies the Windows Defender ATP security controls and best practices in place, while the dashboard highlights improvement opportunities and shows the changes in the Secure Score over time. “We are aggressively implementing the recommendations we see in the Secure Score dashboard, such as ensuring BitLocker drive encryption is available on all our Windows devices,” says Kueffner. “With Secure Score, we can see improvements over time—and demonstrate them to company leadership.”
With Windows Defender ATP as part of the Microsoft ecosystem, Clover has a clear path to modern IT management. “We are currently running a pilot program of Microsoft Intune in anticipation of adopting a cloud-based approach to managing app, data, and device access,” says Kueffner. “That will help us reduce our on-premises infrastructure and free our team from mundane tasks such as server and update management so they can focus on implementing advanced security.”
To read the original Microsoft case study, please click here