Every year, millions of people pass through Fenway Park’s gates, not just for baseball, but for concerts, events, and experiences at the iconic venue. But beyond the roar of the crowd, Fenway operates as a fully connected digital ecosystem. Ticketing and payment systems, fan Wi-Fi, surveillance cameras, beacons, and analytics platforms all work together to create a seamless, digital experience. Yet, with every new connection, the attack surface expands—offering cybercriminals more ways to get in. While fans focus on the game, a different kind of defense is at play behind the scenes.
“The amount of digital touchpoints in a ballpark has increased exponentially, we didn’t have WiFi when I got here. Now, we have 5G, thousands of television sets, 65 cameras doing baseball analytics, beacons, and all sorts of connected devices that interact with fans.”
With every new digital innovation, the Red Sox attack surface expanded—and so did the threats. They faced them continuously, all aimed at their critical networks. The problem wasn’t just the sheer volume of threats, but the reality that traditional cybersecurity tools weren’t built to keep up.
Firewalls and endpoint solutions could only react, detecting incidents after they had already breached the network. A reactive approach wasn’t just risky—it was unsustainable. The numbers painted a stark picture of the scale and persistence of these threats over a period of just three weeks:
- 1.8 million+ outbound events to suspicious or malicious domains—many linked to phishing, malware, or fraudulent activity.
- 2.2 million+ inbound scanning attempts probing for vulnerabilities across high-risk ports.
- Credential leaks in external dumps, providing attackers with a direct pathway in.
- Malvertising and unwanted ad traffic, increasing risk exposure with zero business value.
“Protecting a ballpark, the fans, and our digital assets is a never-ending task,” explains Brian Shield, Senior Vice President and Chief Technology Officer of the Boston Red Sox. “We’re balancing fan experience with cybersecurity at all times.”
A ransomware attack could cripple ticketing systems on game day. A compromised camera feed could be manipulated or sold. A data breach could erode the trust of millions. Despite their best efforts, their security strategy remained inherently reactive—because that was all traditional tools allowed for.
The question wasn’t if they would be attacked—but how they could shift from reacting to threats to stopping them before they could ever reach their network.
A New Era of Defense: A Game-Changing Intelligence Powered Solution
The Red Sox have always taken a proactive and innovative approach to cybersecurity, staying ahead of the constantly evolving threat landscape as they actively engage with the cybersecurity community, collaborate with Major League Baseball’s cyber initiatives, and adopt emerging technologies. Yet, like every modern enterprise, they face a fundamental challenge: a legacy security model built to react rather than prevent.
Adding to the complexity, Fenway Park operates within a complex web of third-party partners—concessions, merchandise, and service providers—all connected to the same ecosystem. “You’re only as good as your weakest link,” says Shield.
With real-time feedback now available to the Security Operations Center team, they could conduct network research; IOCs could be identified and attributed to activity on known internal network hosts in multiple locations. With this real-time information and insights, Incident response teams were able to target their efforts on the most severe and urgent security incidents.
“We do have to worry about every system that comes online that’s attached to the network,” George says, “and worry about how vulnerable they are, what [the] attack vectors to those systems are.”
With every additional technology —from mobile food ordering and ballpark apps to facial recognition for seamless entry—the fan experience improved, and with it their attack surface increased. More access points. More potential vulnerabilities. And, more opportunities for cyber threats to break through.
The team needed a solution that could cut through the noise—separating real threats from the overwhelming flood of security events. They needed to stop attacks at the network’s edge before they could escalate. And most importantly, they needed a solution that worked in real-time.
When the Red Sox security team first heard about CleanINTERNET®, they were skeptical. The idea of using intelligence to block threats before they reached the network sounded too good to be true.
“When I heard there’s this solution that uses intelligence that can protect you before you even exist, I was a little bit skeptical,” Shield shares. “But when we first sat down and had a chance to do a proof of concept, I was shocked at two things in particular. One, the amount of exploits that could be identified in advance. And two, the fact that there was no noticeable impact on our network.”
For the first time, the Red Sox had a security tool that didn’t just identify threats—it blocked them before they could ever pose a risk. CleanINTERNET® leveraged real-time intelligence to proactively shield the network, keeping malicious activity from infiltrating their critical systems.
The impact was immediate:
- Over 5 million security events were shielded per day, preventing attacks before they reached the network.
- More than 150 million threats were blocked each month, dramatically reducing risk exposure.
- A 99.94% shielding effectiveness, eliminating nearly all high-risk traffic.
- A 97% decrease in reconnaissance activity, cutting scanning attempts from 1.4 million to just over 36,000.
By proactively filtering out threats before they could ever reach the Red Sox network, CleanINTERNET® didn’t just improve security—it transformed operations. It reduced the burden on security operations, increasing their bandwidth so they could focus on more strategic initiatives. And by eliminating unnecessary malicious traffic, the network ran more efficiently.
“Just looking at our reports from the last month, we’re shielding about five plus million events a day from our network, that’s over 150 million a month, which is pretty remarkable.”
CleanINTERNET® wasn’t just another security tool. It was a fundamental shift in how the Red Sox approached cybersecurity. No longer just a necessary cost of doing business, security became an advantage and a proactive force ensuring that the team could focus on what mattered most—both on and off the field.
Building Cyber Resilience: The Red Sox Playbook
Cybersecurity can no longer be just about responding to threats — today it’s also about breaking free from a reactive cycle and taking control with proactive, intelligence-driven defenses. Every organization faces cyber risk, but no two businesses face it the same way. A major sports venue has different vulnerabilities than a financial institution or a hospital—but attackers don’t care. They exploit weaknesses wherever they find them.
“What CleanINTERNET has done for us is just wrap the digital bubble around our entire perimeter environment,” says George. “It’s just a vast ecosystem of threat intel sources that we now have access to.”
For years, security teams have been forced into a reactive posture, scrambling to mitigate threats after the fact. But with CleanINTERNET®, that paradigm has shifted.
- Threats are stopped before they ever reach the network.
- Security teams no longer drown in alerts—intelligence filters out the noise so they can focus on real risks.
- Cyber operations are more efficient, allowing the team to take on high-priority initiatives instead of getting stuck in endless incident response.
Instead of waiting for attacks to unfold inside their network, threats are being neutralized at the perimeter—before they can become a problem.
“Partners like Centripetal are incredibly valuable to us,” Shield said. “We’re reaching a point where just trying to do those things in a reactive manner is no longer good enough.”
With intelligence powered cybersecurity in place, the Red Sox have transformed their defense from reactive to resilient.
“It’s one of the few proactive efforts that we have in the space that is always evolving,” Shield says. “It puts a huge dent in our threat landscape. And I don’t see us ever going back.”
