Join us June 8th to hear first-hand experiences from Bain Capital’s VP and CISO, Mark Sutton, in our webinar “Lessons Learned Building Bain Capital’s Insider Threat Program.” Register Now
Coca-Cola Case Study
The Central Bottling Company Group is the local bottling and distribution representative of Coca-Cola in Israel, with product lines that include a wide variety of beverages and dairy products. Having numerous production facilities and country-wide sales distribution processes, CBC Group relies on a strong corporate computing platform as well as a centralized ERP platform for sales, fulfillment and compensation.
Some of these platforms are managed by external third-party solution providers, who are responsible for system development, deployment and support. To perform this role, the vendors require administrator access to the corporate network, using RDP to connect.
Historically, whenever a system outage occurred, CBC Group was left wondering what the cause of the outage was, and whether the remote vendors were at fault. "Trying to piece together who did what sometimes led to 'fireworks'" commented Moti Landes, CBC Group's IT Infrastructure Manager & IT Division CISO.
In addition to the remote vendor sensitivity, CBC Group also sought to increase their security layers for internal IT systems, most notably their domain admin environment.
CBC deployed ObserveIT across each system that is managed by remote vendors, including the country-wide ERP platform. This provided precise replay of exactly what took place during each remote user session.
"As soon as vendors discovered that all actions are being recorded, it became much easier to manage them", added Mr. Landes. "The process of troubleshooting errors and holding vendors accountable became much smoother, which led to greater stability in our applications." In some cases, vendors attempted to disable the ObserveIT agent service in order to prevent session recording, but OberveIT's watchdog mechanism prevented them from succeeding.
In addition to the third-party vendor activity, CBC also records all internal IT users who access the sensitive domain admin servers, providing the IT department a greater level of security.