Search this website:

Scratch Beneath The Surface

When Telekom Slovenije needed a security solution that could protect it from attacks and keep its company data safe, while still optimising the performance of its staff, it turned to Sourcefire for help. By Sourcefire.


Date: 1 Jul 2009

Telekom Slovenije is an information and communication service provider. The company provides services to the Government of the Republic of Slovenia and various entities, agencies and companies in which the Slovenian State is either the majority or minority shareholder. In 2007, Telekom Slovenije spread its reach by investing in IP and fibre-optic networks, successfully entering the markets of South Eastern Europe and developing multimedia services.  Today, the company operates across a network of cross-boarder sites throughout Slovenia, Croatia, Bosnia and Herzegovina, Kosovo, Macedonia, Albania, and Gibraltar. In 2007 it reported a 5 percent increase in operating revenues and revenue of 785.9 million Euros.  The operations of Telekom Slovenije were marked by the high growth in broadband connections both in Slovenia and in South Eastern Europe.  The number of broadband connections increased by nearly half reaching 231,000, one quarter of which was in South Eastern Europe, where growth was fourfold.


Just the tip of the iceberg


Telekom Slovenije operates around 2,500 PCs across 50 sites, running a mixture of network types, across a range of operating systems, both open source and commercial. The organisation had suffered from a series of incidents, resulting in disruption to client services and downtime, which the company investigated manually. This meant the company was only dealing with events after an attack had taken place, so it was concerned that these were just the tip of the iceberg and they could be exposed to a more serious data breach without even knowing.


Telekom Slovenije felt it needed a commercial solution to ensure the security of its business critical data, improve business continuity, and maximise the efficiency of its IT team. Dragoslav Radin, Head of IT System Support for Telekom Slovenje, explains: "The telecommunications business in Slovenia is very competitive. We have to be very careful that our data is not exposed to our competitors, because if someone is able to access our systems it could compromise our plans. Also, during some security incidents, users weren't able to use the customer relationship management (CRM) system, which is critical for communicating with our customers. It was crucial that we eliminated the risk of our systems being compromised again.


"Automation was key. We want staff to do the job they were trained to do, using their knowledge for skilled tasks, and if there is a tool which can do the job instead then we believe this should be leveraged." 

The proof is in the pudding


Telekom Slovenije started to look into Intrusion Prevention Systems (IPS) in early 2007. The company was aware of IPS technology as its daughter company had been running a test of the IBM/ISS solution. However the decision was taken to review other market offerings in this space, so Telekom Slovenije spoke to IT security specialists, HIC Salta, which introduced the company to the Sourcefire 3D System. HIC Salta provided Telekom Slovenije with a product demonstration and the company was impressed, but it was keen to see how the solution worked in practice. In particular Telekom Slovenije had concerns about the number of alerts the system would produce. As a result, HIC Salta provided the company with proof of concept, installing the 3D System in a test environment for three months.


Radin continues: "The key criteria that we needed from the product were functionality, rules quality, and having the ability to install and support the system locally. After conducting the proof of concept we could see that Sourcefire provided us with all of these and more. The system was customisable and easy to manage and the rules are always up-to-date. Additionally, RNA does a lot of the searching and gathering of information for you, which reduces the pressures on our systems administrator, and produces far less alerts."


Visibility at last


Following the successful pilot, Telekom Slovenije extended its coverage and implemented the Sourcefire 3D System, with RNA, across its entire network in December 2007. The installation took three months. The company installed two sensors, one between the core and client network, the second to monitor the server to core network. The Sourcefire 3D System gives Telekom Slovenije complete visibility of all network traffic, allowing the organisation to prevent and protect against threats before, during and after a security incident.


The 3D System combines a number of security technologies, such as Intrusion Prevention System (IPS), Network Behavioural Analysis (NBA), and Vulnerability Management and feeds all information into one central management console, the Sourcefire Defense Center™. This integrated approach provides a greater level of understanding when it comes to security alerts and reduces the number of false positives that the security team receives. Additionally, it has deployed Sourcefire RNA to gather network intelligence, providing enhanced context of security threats and an even finer level of network intelligence.


HIC Salta worked with Sourcefire® to help Telekom Slovenije with the implementations of the Sourcefire 3D System. Radin says: "The implementation was very straightforward and we found both HIC Salta and Sourcefire to be extremely knowledgeable and helpful. The project ran on schedule and we actually managed to cut the original estimate for the installation time by half."


Prevention is better than cure


The Sourcefire 3D System has enabled Telekom Slovenije to achieve its stated goals by reducing the number of security incidents, enabling the company to meet its business continuity goals and feel confident that its data is secure. Telekom Slovenije is also seeing efficiency benefits due to the use of RNA. The early intrusion alerts enable the support team to provide a quicker and more efficient response meaning the process of monitoring has less impact on the business and mitigates the risk of loosing or exposing business critical data.


Radin comments: "Today, we have more security incidents, because we are aware of them. Before we were acting in a totally reactive mode. Now we are able to act in a proactive way, dealing with threats before they get to a stage where they impact on the business.


"With Sourcefire RNA and Defense Center we are able to get all the data we need about the source of a threat and what it will impact on all in one place. We do not have to run around gathering information from a number of different sources, so it is simple for IT administrators to understand.   This leaves my team free to deal with the most pressing problems."


Some surprise additional benefits


In addition to its planned goals, the Sourcefire 3D System has provided the company with visibility of all network activity, including network usage. Having this additional information has allowed Telekom Slovenije to reduce bandwidth usage and the number of servers the company runs, optimising the company's IT operations. This in turn has allowed Telekom Slovenije to reduce investments in new network devices, optimise server utilisation for business applications, reduce the operational costs of running its network, reduce investment in new servers, and lower energy consumption.


Radin continues: "A benefit that we weren't expecting was that it is also a useful resource for network inventory as the data collected by Sourcefire is also a very good source for our Configuration Management Database (CMDB).


"As we are a telecommunication company, any bandwidth we consume ourselves, we could be selling. Sourcefire has helped us to identify areas where we could make savings where servers or programmes aren't in use but are still running and using up bandwidth and energy. This has made the company more efficient in its energy use, which is very important to us as we are a holder of ISO 14001 certificate and are dedicated to our environmental commitments."


Further automation


Telekom Slovenije has recently been speaking to HIC Salta regarding the possible implementation of Sourcefire RUA™ (Real-time User Awareness), which enables the Defense Center to correlate threat, endpoint, and network intelligence with user identity information, directly correlating individual user IDs with specific IP addresses, traffic, and events.


Radin explains: "RUA would help us to automate even further. Currently if there is a problem or if we need to trace an incident to a user, we have to look in a directory to find what user is behind that system or host or client. With RUA we would be able to bring all that information into one console and eliminate the additional work of investigating manually."


The Sourcefire 3D System has enabled Telekom Slovenije to optimise IT operations costs and improve the productivity of its IT resources. Radin concludes: "We have been extremely happy with the service and performance from the Sourcefire solution and would happily recommend it."


« Previous article

Next article »

Tags: Green Tech

More Exclusive News

Tackling the success conundrum with data warehouse automation

25 May 2015
By Miriam Cook, UK, Ireland & Channel Islands Country Manager, WhereScape.

Data Centre Consolidation - A Cyber Security perspective

25 May 2015
By Tony Marques, Encode’s Cyber Security Architect.

‘On-demand’ on steroids: A data centre delivered to your door

25 May 2015
Forget the expansion contracts and the headaches of planning a bricks and mortar extension. What do you do if you need an entire new facility? Everything. Scott Baker, head of business development,...

Nimble Storage improves infrastructure for Fruition Partners UK

25 May 2015
Nimble Storage has delivered a 3x reduction in data centre footprint and a 4x reduction in power use.

Unified Communications – the key to enterprise efficiency

25 May 2015
Sergio de Oliveira, Unified Communications Product Manager NTT Europe.

Improvements instead of incidents: Optimize and align IT Services

25 May 2015
By Per Bauer, Director of Global Services at TeamQuest, a global leader in IT Capacity Planning and Management solutions. 

Why storing data in an on-premise server is like stashing cash under your mattress

18 May 2015
By Jonathan Levine, Chief Technology Officer at Intermedia.

Positive Security: A new spin on Whitelisting

18 May 2015
By David Fisk, EMEA sales director, Quorum.

Why should data centre customers go green?

18 May 2015
asks Daniel Beazer, Senior Consulting Analyst, Peer 1 Hosting.

SDN: definitions, benefits, and misconceptions

18 May 2015
By Brian Levy, CTO EMEA, Brocade.

Cloud, migration and impact on data centres

17 May 2015
A Q&A with Ian Masters, Vice President Cloud and Strategic Alliances, Vision Solutions.

Why IT Security Managers can’t rely on traditional security solutions to tackle the latest sophisticated cyber attacks

11 May 2015
By Hervé Dhelin, Marketing Director at EfficientIP.

You need different types of archiving to meet different data needs

11 May 2015
By Nik Stanbridge, Marketing Director, Arkivum.

BYOD is the new black – but how should IT policy support it?

11 May 2015
By Paul Le Messurier, Programme and Operations Manager at Kroll Ontrack.

Head in the cloud? Keep your feet on the ground

11 May 2015
By Jack Bedell-Pearce, Managing Director, 4D-DC.


Latest IT jobs from leading companies.


Click here for full listings»