Skip to content

Republic National Distributing Company Industry - Conficker

Automating Threat Discovery and Mitigation on RNDC Hub & Spoke Network

Trend Micro™ Deep Discovery proactively spots potential threats before they affect endpoints or impact business at national distributing company

Republic National Distributing Company (RNDC) is built on the strong foundations of long-term, well- established family owned companies. The earliest RNDC predecessor company traces back to a single distributorship that was founded back in 1898 in Pensacola, Florida. Today, RNDC is the second largest beverage alcohol distributor of premium wine and spirits in the U.S. with wholly-owned operations in 21 states. RNDC also operates in Arizona, Indiana, Kentucky, Ohio, Oklahoma, and South Carolina through venture partnerships. In total, RNDC employs more than 8,000 workers nationwide.













From its central data center in Atlanta, Georgia, the IT infrastructure team at RNDC must safeguard business continuity for the second-largest distributor of premium wines and spirits in the United States.

With a long history of innovation, RNDC has evolved its infrastructure based on best-in-class technologies and solutions. Multiyear support contracts are part of its normal mode of deployment. This made it especially frustrating when a security attack almost brought the company to a standstill a few years ago.

“Even with several layers of protection and solutions from multiple well-known security providers, we were hit hard by the Conficker virus,” explained John Dickson, director, IT infrastructure, RNDC. “We were in a mad scramble for three weeks, and support from our vendors was still not helping us get a handle on the attack. It was interrupting our business and the disruptions were progressively getting worse.”

More than mere inconveniences, the disruptions were impacting every aspect of operations. Employees were blocked from access to critical file servers one day, and automated warehouse systems would be down another day. Trucks couldn’t be loaded and deliveries were being delayed. One night the virus would hit one location; another day it would impact other sites. This went on for weeks.

RNDC turned to a trusted technology reseller for advice. They specifically asked for a solution that they could plug in—a solution that could identify the source of the infections. The reseller pointed them to Trend Micro. “The local Trend Micro representative came in with a demonstration box,” said Dickson. “In 15 minutes, we could see the sources of the virus. In just one day, we had the outbreak completely shut down. The Trend Micro solution succeeded where our in-place security solutions and tools had failed for three weeks. It got the results that had previously eluded us for over 5,000 hours of effort.”

The answer to the crisis had been the Trend Micro™ Threat Discovery Appliance, the predecessor of the current Trend Micro Deep Discovery solution. The appliance was deployed to monitor all of the traffic on the RNDC hub and spoke network. This gave the IT team the visibility they needed to identify the sources of traffic related to the infection. The Threat Discovery Appliance also identified other issues within their network that were missed by their in-place endpoint security solution.

“Trend Micro knew what to do—they came in and set up the Threat Discovery Appliance for us and then trained us on the solution,” said Doro Victor, responsible for support and administration of antivirus and data protection at RNDC. “As a result, we were able to immediately grasp how it could work for us and how it could be customized to our unique network.”

The successful demonstration led to executive approval of RNDC’s purchase of the appliance. Shortly after that, RNDC also purchased the Trend Micro Threat Mitigator solution. The combination put an end to the seemingly endless efforts previously required for cleaning up servers. Since then, RNDC has made major changes to its corporate wide-area network (WAN). When network bandwidth was approaching the maximum scanning capacity for the Threat Discovery Appliance, they again turned to Trend Micro for advice.

RNDC wanted a solution with the same features plus support for higher bandwidth networks. Trend Micro set up another demonstration, this time for the new Deep Discovery appliance. “Compared to its predecessor, Deep Discovery handles much higher bandwidth and also supports many additional protocols and features such as sandboxing,” said Dickson. “We can now capture traffic that was previously invisible, and we can quickly investigate suspicious behaviors and applications. We saw that Deep Discovery could be very important, and our executive team agreed—they approved it without making us wait till January when proposed technology purchases are typically reviewed.”

“With Threat Discovery Appliance, and now with Deep Discovery, it has been like turning on a light bulb in a dark room,” said Dickson. Victor, the person with day-to-day responsibility for Deep Discovery at RNDC, explains its benefits to the company: “Our antivirus endpoint solution looks at endpoints. But if there is an endpoint without antivirus software, the security can’t see it. Deep Discovery looks at the network traffic—every endpoint and application that generates traffic is visible and that’s the big difference between regular antivirus solutions and this intrusion prevention system.

“I am a total fan of Deep Discovery—I don’t want to think about doing my job without it,” said Victor. “Any enterprise or security professional that is really concerned about security can eliminate guesswork with Deep Discovery—you will learn things about your network with this solution. Deep Discovery actually helps you ‘discover’ the whole network, and not just threats.”

Besides the business continuity that is now safeguarded by Deep Discovery’s ability to identify potential threats, the solution gives RNDC the ability to save administration time. “In its first two months on our network, Deep Discovery has spotted and stopped 5,000 anonymous events on our WAN that were not caught by any other security layer,” said Dickson. “Each of those events could have potentially led to a major outbreak such as Conficker. Trend Micro has proven beyond a shadow of a doubt that its technology works as advertised.”

Victor added, “The amount of work that goes into manually investigating a process is incredibly high. Trend Micro™ Deep Discovery Inspector, with sandboxing, does the work for us. Yes, this is a very helpful feature for us.”

Connect with us on