Securing the Gaps in Geographic Connectivity

Atlantic Tele Network
About ATN International

ATN International is a US-based telecommunications company operating both digital wireless and wireline as well as terrestrial and submarine fiber optic networks. The company’s website states that its focus is “operating communications infrastructure and services in underbuilt and underserved markets where there is demand and need for fast and reliable communications infrastructures.”

But ATN International was founded in 1987. This means the company has more than 35 years of global communications investment experience under its belt and knows a thing or two about securing digital infrastructure against cyber threat actors who would exploit rural and underserved customers without a second thought.

While serving these communities is at the core of ATN International’s mission, it poses an inherent challenge: How do they bring service to where their customers need it, often without the ability to build off of existing infrastructure?

As cybersecurity practitioners all know, growth – especially this type of specialized growth in hard-to-reach locales – comes with network security vulnerabilities. The speed of success is very rarely sacrificed for safety. Of course, the ideal state is for those concepts to go hand in hand, but shifting security into a continuous integration/continuous delivery (CI/CD) culture looks different in each organization.

Up to the Task and Up Front with Stakeholders

ATN is made up of multiple operating companies, and my team wants to make sure that we are super clear with the executive teams for each one of those operating companies on where our security stands,” he shared. “I joke that my job isn’t to tell people how great we are at security; it’s to be great at telling people how we are at security, which is different.
Rich Casselberry, Vice President of IT Security, Architecture, and Compliance at ATN International

Simply put, investors typically know what they’re buying when building a relationship with ATN. The company doesn’t have ambitions to just blanket a region with coverage and run fancy ads for plans. It operates in locales like Bermuda, the Cayman Islands, Guyana, the Virgin Islands and rural/western United States, including Alaska.

Their challenge is unique; their mission purpose-based. That means that, every day, ATN’s customers wake up faced with a whole host of challenges from the environment they live in, and it’s up to the company to keep them connected – not deliver excuses. Mr. Casselberry details the challenge of ATN’s IT-operations revolution and how it goes hand in hand with reassuring stakeholders of the company's strong cybersecurity posture – all during a time of continuing global digital transformation.

Operational Evolution

Rich needs security to efficiently work with and across those multiple operating companies he previously mentioned. To accomplish this, ATN built their own dashboard within InsightIDR based off of Gartner’s outcome-driven metric.

One of our favorites is Security Events Reviewed, and all of that comes from InsightIDR. It’s basically our monthly InsightIDR report. There’s a lot of log entries that come in, and InsightIDR converts that into a number of notable events we can choose to review based on priority or type.

But he states that the security organization needed visibility into two other areas: patching and obsolete software. On the patching side, he’s pleased with the data he gets from both InsightVM and Rapid7 partner Automox. Automox enables easy and automatic endpoint patching, configuration, and security.

When ATN integrated Automox with InsightVM, they were able to automatically generate reports and upload to the Automox platform for easy remediation, saving internal teams precious time and effort in managing critically emerging threats – from start to finish. Rich states that these are the aspects of the process he needs to be able to quickly communicate to stakeholders, so it’s an efficiency booster to the organization to automate as many moving parts as possible.

“That data helps us tell stories and helps us convince people why what we do, and why cybersecurity is important,” he explained. “This dashboard has truly allowed us to build credibility with our audit committee and the executive teams, showing that we’re being super honest and transparent.”

Finding a Trustworthy and Effective Partner

There are a great number of security firms who extol the virtues of partnership, but it’s critical to the entirety of Rapid7 to be able to prove this out. Critical to the ATN team was the ability to communicate quickly and effectively with the Rapid7 account team. He states, “They said, very early on, we really want to talk to you on a regular basis. Sure enough, we talk to Rapid7 weekly, sometimes multiple times a week.”

Coupled with a few worrying alerts where the ATN security team tapped Rapid7 managed detection and response (MDR) to help validate – or invalidate – possible malicious activity, Rich is also focusing on extending his internal team’s expertise to leverage Rapid7’s InsightVM to quickly spot emergent threats and critical vulnerabilities. The purposeful responsibility of bringing modern, reliable telecommunications infrastructure and capabilities to rural communities across multiple hard-to-reach geographic locations is something ATN doesn’t take lightly.

Thus, in the face of cyber threat actors who would try and bring down those operations and destroy the links to the great world on which so many of ATN’s customers rely, Rich Casselberry and his team need a partner and tools that can help speedily identify those threats and take them down with decisive action. Rapid7 is here for that.

One platform, more control. Gain a clearer view of your attack surface with the Command Platform for pinpointed, proactive threat detection.

Command Platform CTA for Customer Story