Collins finds prevention better than detection

Taylor says the primary challenge in implementing the Tipping Point solution was ensuring CDM had an understanding of Collins’ network and what was needed to be protected, such as servers, and potential points of security weakness, such as Internet connections and wireless Networks.

They also needed to organise the network to ensure that data flowing to or from those sources passed through the Tipping Point engine which was then able to classify and protect the organisation from potential threats where necessary.

Smith says that, from Collins’ point of view, the testing and implementation phase of the Tipping Point/CDM solution went remarkable smoothly.

“The Tipping Point box was brought in, we had about 60 seconds of downtime as we plugged it in to our network and from that point on, with the standard rule set in place, Tipping Point began detecting intrusion attempts.”

As the days went on, Smith adds, they were able to tweak some of the rules to better suit what they wanted to monitor or deny, with very little formal training of the product.

Once they had made the decision to go with the solution, the removal of the test equipment and installation was equally seamless, Smith says.

Taylor says the Tipping Point products were extremely intuitive to install, coming with a default set of rules and policies that ensure a high level of protection for the network with no false positives.

“Apart from the momentary interruption to the network link while the Tipping Point box is placed in-line, its operation is transparent to all normal network services,” he says.

Benefits

Taylor says the solution works in-line in the network, effectively as a “bump in the wire”, with specially designed high-speed processing engines to ensure minimal latency on passing traffic. There is therefore no end-user component that has to be installed on desktops or the organisation's servers.

This makes the entire deployment process a relatively simple, and cost effective, affair that does not tie up the time and resources of the organisation’s network administration or server or desktop administration teams.

The protection is also provided transparently at the network layer and traffic generated by end-user devices such as PCs and laptops is inspected and removed from the network, if classified as dangerous.

Smith says Collins had derived numerous security benefits from the new system. Firstly, he says they can now easily control what is happening to their network traffic. Instead of having to scroll through reams of logs which they were previously forced to do, they were now pointed “by exception” to significant events.

“We also have piece of mind that Tipping Point is not just reporting these incidents, but doing something about them, unlike a traditional intrusion detection system.”

Smith says they were also surprised at the number of “attacks” and “attention” the organisation’s servers were receiving. “Although our servers were patched correctly and all security exploits were failing, it was easy to see how simple it would be for someone if we were slow to apply our Microsoft patches.

Interestingly, over time these attacks have died down because the Tipping Point IPS is just dropping this traffic, so to a hacker, it is like our servers just don't exist.”

Smith says his IT department were still learning about the big bad world of hacking, phishing and DoS attacks, but they now felt completely in control of the situation.

“We have the Tipping Point boxes being constantly updated by experts in the Threat Management Centre. The Digital Vaccines for Tipping Point are downloaded automatically via the server and applied so we are constantly protected from the growing and ever changing risks from the Internet,” he adds.

Another major benefit of the system, Taylor says, was that once the Tipping Point management server and IPS are placed into the network, they can be set to automatically update themselves with the continually refined and improved rules and policies being produced from the Tipping Point Threat Management Center.

Future upgrades

Smith also says that, whilst they couldn’t rule out the possibility of having to make further network security upgrades in the foreseeable future, at this point in time they felt they had installed a very successful solution to the ongoing and increasingly inventive risks from the Internet.

“We have no plans to add any more equipment, but we can simply do more with our existing Tipping Point box to further segment our network if we so desire,” he says.

Taylor adds that CDM and Tipping Point are continuing to work with Collins to ensure that they not only get the best protection for their network but are able to refine and retrieve valuable management level reports that give an overview of the security pressures their network is under.