Square One


Ventiv’s urgent need was the identification and elimination of self- replicating automatic threats (malicious worms and/or viruses) from over 3,000 remote users’ computers. These malicious worms had a devastating effect, bringing most business traffic to a complete halt. When infected users would connect to the VPN, the worm(s) would propagate to the internal network, causing production downtime and a significant amount of resources to fix the problem. The client was evaluating several different options including various online(?) solutions that required all network traffic to pass through the device.

The Need:

Troubleshooting the problem required all remote users to be disconnected and a search on the internal network to locate and repair all the infected workstations. After that was performed, the remote users would need to be handled on a user-by-user basis each taking up valuable help desk and network personnel time.

  • A solution to protect the internal network from potential infection by over 3,000 remote access users.
  • Block new malicious worms from reaching the network
  • A solution that wouldn’t change or affect the flow of business traffic in the event of a device failure.

The Solution:

  • Square One’s installation and implementation of ForeScout Technologies’ CounterAct internal security appliance to identify and eliminate the propagation of existing worms and variants
  • Establish a baseline to proactively stop worm propagation at the source.
  • A pass-by appliance that stops zero day threats, worms and other malware with little or no IT maintenance.

The Result:

Zero downtime due to new or existing malicious worms or viruses, thus allowing Ventiv Health to resume business as usual. Square One installed the ForeScout’s CounterAct appliance in the main data center, which has visibility to all the user segments as well as the VPN traffic. Once connected, the device immediately began to analyze traffic. What it found was most interesting: Infected machines were not only on the remote access network, but they were inside the company as well.

  • Zero downtime due to malicious worms -- business as usual.
  • IT resources now have more time to focus on core services and projects.
  • Automatic blocking feature eliminates the need for daily maintenance.

The Organization:

Ventiv Health is the leading provider of late-stage clinical, sales, marketing and compliance solutions to the world’s largest pharmaceutical companies as well as to emerging and specialty pharmaceutical and biotech organizations. Ventiv’s client list includes more than 75 pharmaceutical and biotech organizations, among them virtually all of the top 20 global pharmaceutical companies.

The Details:

After analyzing and evaluating Ventiv’s problem and internal network, Square One installed and implemented ForeScout Technologies’ CounterAct box appliance. With the CounterAct appliance, malicious worms are blocked instantly, thus eliminating the threat before it ever reaches the network.”

Square One set the CounterAct box on “port block,” enabling the client to continue to work on other business applications without interruption. This methodology is unique because it allows the infected host to function without causing other network interruptions and other infections. This solution gave Ventiv the ability to continue to do business while removing the viruses or worms.