The Rotterdam Library (Bibliotheek Rotterdam), one of the largest in the Netherlands, is deploying ThreatSTOP Botnet Defense Cloud atop a Juniper SRX 240H Services Gateway to keep the library’s Wi-Fi network free from malware infestation. Before using ThreatSTOP, the library was regularly blacklisted by its ISP and its Internet service shut down due to recurring malware infestation. Now that ThreatSTOP is deployed, in a joint solution supported by Juniper, the library no longer has to constantly deal with trouble tickets and service interruptions due to malware.
The problem was that every day about 1,000 visitors, mostly students, connect their devices to the library’s free Wi-Fi network. The result was recurring malware infections on the network and the public access terminals. Before ThreatSTOP, security consisted of blacklisting on a SQUID proxy and OpenDNS as a backup. This clearly wasn’t enough.
“We had to delete data from the public PCs every night, clean it up, and start all over again every day!” said Nikola Nikolic, Bibliotheek’s Contracts and Services Manager. “It was a nightmare, with constant escalations with the ISP and service stoppages.” With the ThreatSTOP/Juniper SRX 240 solution, more than 4,000 pieces of outbound malware are blocked every day. “Now we have no service stoppages, no escalations with the ISP, and no manual cleanups. We just look at the ThreatSTOP reports and respond to any issues very quickly. ThreatSTOP has solved a big headache for us,” said Nikolic.
“The ThreatSTOP service was very easy to install with a simple script and integrated with the SRX nicely as if it’s part of the firewall,” said Dennie Spreeuwenberg, manager of services networking and security at Avnet Benelux. “ThreatSTOP on the SRX worked exactly as it should, and immediately blocked the botnets that have been plaguing the library for years.”
This success story again shows that ThreatSTOP is the most effective and easily implemented botnet/malware protection service. We turn customers’ existing firewalls into much more powerful enforcement devices, enabling them to protect against the worst and latest threats. ThreatSTOP currently supports more than 80% of the global firewall installed base, including: Juniper SRX, Cisco ASA/PIX/ISR, Checkpoint, Vyatta, pfSense and iptables-based products.
This also shows that existing AV, anti-spam, IDP and other traditional products don't work against advanced persistent threats. Before ThreatSTOP, The Juniper SRX 240 with its Unified Threat Management bundle (Kaspersky AV, Sophos spam filter etc.) was used as a solution, but it did not solve the problem of malware “calling home” to botnet command and control hosts, and then doing their bidding. After a year of analysis, reconfiguration, troubleshooting—and mounting frustration—to no avail, the library and its managed service provider Avnet finally found ThreatSTOP through a recommendation from Juniper. Within two months, after a quick trial activated directly from ThreatSTOP’s website, ThreatSTOP was up and running and immediately solved the problem.