Case Study: Ensuring Endpoint Security at Brookshire Brothers with Versasec and Yubico

The Challenge

Businesses of all sizes need to assess their security posture for any gaps as threats are constantly evolving. Brookshire Brothers recognized a significant gap in its security infrastructure: endpoint security. While the company had implemented various security measures, it lacked an effective solution to safeguard individual user accounts and endpoint devices.

Key challenges included:

• Weak Password Practices: End users often created easy-to-guess passwords, leaving accounts vulnerable to compromise.
• Phishing Concerns: Employees needed a more secure way to authenticate, especially given the growing sophistication of phishing attacks.
• User Resistance to Change: Employees were accustomed to traditional login methods and hesitant to adopt new security measures.

Internal motivation for change:

The drive to implement modern phishing-resistant authentication was an internal initiative. While compliance with insurance and industry requirements was important, the primary motivator was Brookshire Brothers’ commitment to enhancing its overall security posture by adding protection for identified gaps.

The Solution: Deploying Versasec and YubiKeys

After evaluating several options, Brookshire Brothers considered incorporating YubiKeys from Yubico into their security operations. One of the executives, already familiar with the technology from personal use, recommended them to the team. A YubiKey is a hardware device that verifies users’ identities through strong multi-factor authentication (MFA). It’s a small, reliable device that plugs into a computer’s USB port or is tapped against an NFC-enabled device. Once the organization decided the YubiKey was the right fit, the IT department explored various solutions for managing YubiKeys at scale. Through the Yubico Works with YubiKey Catalog, they discovered Versasec alongside other credential management vendors and began testing multiple systems. During this process, they contacted Versasec and were impressed by its consultants’ personalized and direct support. After a few months of thorough evaluation, they confidently chose Versasec’s vSEC:CMS as the ideal solution to complement their YubiKey deployment.

“Two of the primary reasons that Versasec got our business: one, the on-premises feature. We’re not resisting the cloud, but if we can keep it on-premise, we manage our hardware and virtual environment. Two – perpetual licenses. We pay for support, but the licenses are there and will always be. We know that Versasec would be responsive if we need more licenses. Overall – the experience has been exactly what we were looking for.” – Aron Gann, System Administrator, Brookshire Brothers.

Implementation Highlights:

1. Phishing-Resistant Authentication: YubiKeys were deployed across corporate offices, offering modern two-factor authentication through smart card functionality. This eliminated the need for passwords, reducing vulnerabilities to phishing attacks.
2. Granular Credential Management: Versasec’s vSEC:CMS allowed for efficient issuance, management, and revocation of digital certificates. Administrators could enforce security policies, ensuring only authorized users accessed systems and data.
3. Personalized Support: One of the standout features of the deployment was Versasec’s responsive, direct support. Brookshire Brothers appreciated the ability to interact with Versasec’s team for setup, licensing, and troubleshooting without intermediary layers.
4. End-User Training: To ensure a smooth transition, the IT team provided comprehensive training on using YubiKeys and vSEC:CMS. Employees were guided through the process of PIN entry, certificate selection, and general usage.

Implementation Process

The deployment was executed in a phased manner to ensure minimal disruption:

• Initial Testing: The IT team conducted preliminary testing with administrators to identify potential issues and refine configurations.
• Targeted Rollout: The system was gradually introduced to key personnel, network teams, and executives, followed by a broader rollout.
• User Education: Employees received step-by-step guides and in-person support, easing the adoption of the new login process.

Results and Benefits

Security Improvements:

• Endpoints are now protected by phishing-resistant authentication, significantly reducing the risk of unauthorized access.
• Admin accounts are secured with strong credentials, backed by YubiKey’s two-factor authentication.

Operational Efficiency:

• Logging into systems now involves a simple two-step process by inserting a YubiKey and entering a PIN, streamlining user workflows and removing barriers to adoption.
• The solution’s user-friendly interface and self-service capabilities reduced the burden on IT teams for routine tasks.

Cost Management:

• The on-premises solution aligned with Brookshire Brothers’ preference for managing its own infrastructure, avoiding recurring cloud costs.
• Perpetual licensing offered long-term savings and flexibility to scale as needed.

Conclusion

By implementing Versasec’s vSEC:CMS with YubiKey technology, Brookshire Brothers achieved its goal of fortifying endpoint security while maintaining user convenience. The transition was met with initial resistance, but user feedback has been overwhelmingly positive after experiencing the system’s ease of use. Usual feedback from users,

“Oh, this is much better. I can’t believe we haven’t implemented this much earlier.”

Brookshire Brothers continues to expand its deployment, confident that its improved security measures will safeguard its operations well into the future.

“We’re very proud of the progress we’ve made in enhancing our security measures. The experience has been exactly what we were looking for, and this solution is now a critical part of our roadmap moving forward.”

About Versasec

Versasec is the leading credential management software service provider for organizations worldwide. In an increasingly connected world with growing numbers of remote workers, cyber threats, and legacy authenticators, Versasec is a cornerstone in every enterprise security implementation to build a zero-trust architecture.

Trusted by organizations and corporations worldwide, Versasec serves the public and private sectors in government, defense, manufacturing, healthcare, financial services, and more. Versasec is headquartered in Stockholm, Sweden.