CARR Auto Group Enhances Security Compliance and Saves Time with Action1

• Cybersecurity & Privacy - Network Security
• Cybersecurity & Privacy - Security Compliance

• Automotive
• National Security & Defense

• Quality Assurance

• Leasing Finance Automation
• Tamper Detection

• Cloud Planning, Design & Implementation Services
• Cybersecurity Services

In October 2021, the Federal Trade Commission issued amendments to the Standards for Safeguarding Customer Information (Safeguards Rule) under the Gramm-Leach-Bliley Act (GLBA), which required auto dealerships to enhance their information security, including automated patch management. CARR Auto Group, a family-owned business that sells and services Chevrolet, Subaru, Buick, and GMC vehicles, was faced with the challenge of complying with these updated regulations by June 9, 2023. The system administrator at CARR Auto Group, Matt Lutjen, was struggling to keep all endpoints updated with the latest security patches, a task that was proving to be difficult and time-consuming. As the sole person responsible for everything from basic desktop support to server and network security, he was using WSUS for patching, which did not provide a way for him to ensure updates were deployed successfully or to obtain visibility into endpoints. This led to him spending 15 hours per week outside of work to keep all PCs updated, a process that was inefficient and left the company open to security vulnerabilities.

CARR Auto Group is a family-owned business that sells and services Chevrolet, Subaru, Buick, and GMC vehicles. The company has several locations across Northwest Oregon and Southwest Washington and serves customers local to the Pacific Northwest and well beyond. The company was faced with the challenge of complying with the updated Standards for Safeguarding Customer Information (Safeguards Rule) under the Gramm-Leach-Bliley Act (GLBA), which required enhanced information security, including automated patch management. The system administrator at CARR Auto Group, Matt Lutjen, was responsible for ensuring compliance with these regulations.

To address the challenge, Matt started looking for a replacement for WSUS. He needed a solution that would not only do the job quickly but also provide visibility into his endpoints. After ruling out PDQ Deploy due to its lack of reporting features, he chose Action1 for its straightforward patching functionality. Action1 allowed him to automate deployment for both OS and third-party updates, a feature that WSUS lacked. Additionally, Action1 provided him with valuable extra capabilities, such as reporting, scripting, and a built-in remote desktop. With Action1, Matt was able to develop intelligent policies for OS and third-party updates to automatically remediate security vulnerabilities as required by the updated Safeguards Rule. He also used Action1's reporting feature to document all key events across his endpoints and collect audit trails, which helped him establish cybersecurity practices in line with the FFIEC guidelines for GLBA compliance.

• The implementation of Action1 resulted in significant operational benefits for CARR Auto Group. The company was able to reduce security risks and ensure continuous patch compliance, which was crucial for meeting the updated Safeguards Rule. The solution provided complete visibility into the patching status across remote and in-office endpoints, enabling the development of intelligent policies for OS and third-party updates. This helped to automatically remediate security vulnerabilities, reducing the risk of potential fines. Additionally, the reporting feature of Action1 helped document all key events across endpoints and collect audit trails, aiding in investigations and root cause analysis. The solution also saved Matt 15 hours per week on patch management by eliminating the need for manual checks on each update. Furthermore, Action1 provided full control over endpoints, with functionalities such as running scripts from the cloud, automating the deployment of applications, and providing remote IT support.

• Reduced security risks and continuous patch compliance
• Saved 15 hours per week on patch management
• Full control over 200+ endpoints