Search this website:

Scratch Beneath The Surface

When Telekom Slovenije needed a security solution that could protect it from attacks and keep its company data safe, while still optimising the performance of its staff, it turned to Sourcefire for help. By Sourcefire.


Date: 1 Jul 2009

Telekom Slovenije is an information and communication service provider. The company provides services to the Government of the Republic of Slovenia and various entities, agencies and companies in which the Slovenian State is either the majority or minority shareholder. In 2007, Telekom Slovenije spread its reach by investing in IP and fibre-optic networks, successfully entering the markets of South Eastern Europe and developing multimedia services.  Today, the company operates across a network of cross-boarder sites throughout Slovenia, Croatia, Bosnia and Herzegovina, Kosovo, Macedonia, Albania, and Gibraltar. In 2007 it reported a 5 percent increase in operating revenues and revenue of 785.9 million Euros.  The operations of Telekom Slovenije were marked by the high growth in broadband connections both in Slovenia and in South Eastern Europe.  The number of broadband connections increased by nearly half reaching 231,000, one quarter of which was in South Eastern Europe, where growth was fourfold.


Just the tip of the iceberg


Telekom Slovenije operates around 2,500 PCs across 50 sites, running a mixture of network types, across a range of operating systems, both open source and commercial. The organisation had suffered from a series of incidents, resulting in disruption to client services and downtime, which the company investigated manually. This meant the company was only dealing with events after an attack had taken place, so it was concerned that these were just the tip of the iceberg and they could be exposed to a more serious data breach without even knowing.


Telekom Slovenije felt it needed a commercial solution to ensure the security of its business critical data, improve business continuity, and maximise the efficiency of its IT team. Dragoslav Radin, Head of IT System Support for Telekom Slovenje, explains: "The telecommunications business in Slovenia is very competitive. We have to be very careful that our data is not exposed to our competitors, because if someone is able to access our systems it could compromise our plans. Also, during some security incidents, users weren't able to use the customer relationship management (CRM) system, which is critical for communicating with our customers. It was crucial that we eliminated the risk of our systems being compromised again.


"Automation was key. We want staff to do the job they were trained to do, using their knowledge for skilled tasks, and if there is a tool which can do the job instead then we believe this should be leveraged." 

The proof is in the pudding


Telekom Slovenije started to look into Intrusion Prevention Systems (IPS) in early 2007. The company was aware of IPS technology as its daughter company had been running a test of the IBM/ISS solution. However the decision was taken to review other market offerings in this space, so Telekom Slovenije spoke to IT security specialists, HIC Salta, which introduced the company to the Sourcefire 3D System. HIC Salta provided Telekom Slovenije with a product demonstration and the company was impressed, but it was keen to see how the solution worked in practice. In particular Telekom Slovenije had concerns about the number of alerts the system would produce. As a result, HIC Salta provided the company with proof of concept, installing the 3D System in a test environment for three months.


Radin continues: "The key criteria that we needed from the product were functionality, rules quality, and having the ability to install and support the system locally. After conducting the proof of concept we could see that Sourcefire provided us with all of these and more. The system was customisable and easy to manage and the rules are always up-to-date. Additionally, RNA does a lot of the searching and gathering of information for you, which reduces the pressures on our systems administrator, and produces far less alerts."


Visibility at last


Following the successful pilot, Telekom Slovenije extended its coverage and implemented the Sourcefire 3D System, with RNA, across its entire network in December 2007. The installation took three months. The company installed two sensors, one between the core and client network, the second to monitor the server to core network. The Sourcefire 3D System gives Telekom Slovenije complete visibility of all network traffic, allowing the organisation to prevent and protect against threats before, during and after a security incident.


The 3D System combines a number of security technologies, such as Intrusion Prevention System (IPS), Network Behavioural Analysis (NBA), and Vulnerability Management and feeds all information into one central management console, the Sourcefire Defense Center™. This integrated approach provides a greater level of understanding when it comes to security alerts and reduces the number of false positives that the security team receives. Additionally, it has deployed Sourcefire RNA to gather network intelligence, providing enhanced context of security threats and an even finer level of network intelligence.


HIC Salta worked with Sourcefire® to help Telekom Slovenije with the implementations of the Sourcefire 3D System. Radin says: "The implementation was very straightforward and we found both HIC Salta and Sourcefire to be extremely knowledgeable and helpful. The project ran on schedule and we actually managed to cut the original estimate for the installation time by half."


Prevention is better than cure


The Sourcefire 3D System has enabled Telekom Slovenije to achieve its stated goals by reducing the number of security incidents, enabling the company to meet its business continuity goals and feel confident that its data is secure. Telekom Slovenije is also seeing efficiency benefits due to the use of RNA. The early intrusion alerts enable the support team to provide a quicker and more efficient response meaning the process of monitoring has less impact on the business and mitigates the risk of loosing or exposing business critical data.


Radin comments: "Today, we have more security incidents, because we are aware of them. Before we were acting in a totally reactive mode. Now we are able to act in a proactive way, dealing with threats before they get to a stage where they impact on the business.


"With Sourcefire RNA and Defense Center we are able to get all the data we need about the source of a threat and what it will impact on all in one place. We do not have to run around gathering information from a number of different sources, so it is simple for IT administrators to understand.   This leaves my team free to deal with the most pressing problems."


Some surprise additional benefits


In addition to its planned goals, the Sourcefire 3D System has provided the company with visibility of all network activity, including network usage. Having this additional information has allowed Telekom Slovenije to reduce bandwidth usage and the number of servers the company runs, optimising the company's IT operations. This in turn has allowed Telekom Slovenije to reduce investments in new network devices, optimise server utilisation for business applications, reduce the operational costs of running its network, reduce investment in new servers, and lower energy consumption.


Radin continues: "A benefit that we weren't expecting was that it is also a useful resource for network inventory as the data collected by Sourcefire is also a very good source for our Configuration Management Database (CMDB).


"As we are a telecommunication company, any bandwidth we consume ourselves, we could be selling. Sourcefire has helped us to identify areas where we could make savings where servers or programmes aren't in use but are still running and using up bandwidth and energy. This has made the company more efficient in its energy use, which is very important to us as we are a holder of ISO 14001 certificate and are dedicated to our environmental commitments."


Further automation


Telekom Slovenije has recently been speaking to HIC Salta regarding the possible implementation of Sourcefire RUA™ (Real-time User Awareness), which enables the Defense Center to correlate threat, endpoint, and network intelligence with user identity information, directly correlating individual user IDs with specific IP addresses, traffic, and events.


Radin explains: "RUA would help us to automate even further. Currently if there is a problem or if we need to trace an incident to a user, we have to look in a directory to find what user is behind that system or host or client. With RUA we would be able to bring all that information into one console and eliminate the additional work of investigating manually."


The Sourcefire 3D System has enabled Telekom Slovenije to optimise IT operations costs and improve the productivity of its IT resources. Radin concludes: "We have been extremely happy with the service and performance from the Sourcefire solution and would happily recommend it."


« Previous article

Next article »

Tags: Green Tech

More Exclusive News

Data security - top tips for senior managers

13 Apr 2015
Ian Kilpatrick, chairman Wick Hill Group, explains why senior managers now need to be more involved in data security and offers his top tips.

NHS Dumfries and Galloway adopts a proactive approach to safeguarding patient data

13 Apr 2015
Guarding against security threats with a state-of-the-art vulnerability management solution.

Making OpenStack enterprise ready with software defined availability

13 Apr 2015
By Jason Andersen, Senior Director, Product Management and Marketing at Stratus Technologies.

SDN – A brave new world underpinned by a traditional technology

13 Apr 2015
Derek Watkins, Vice President of Sales EMEA & India, for Opengear examines the key technologies and adoption trends of Software Defined Networking (SDN) and suggests that data centres getting r...

Bradford Teaching Hospitals completes one of UK’s largest image migration projects

13 Apr 2015
Bradford Teaching Hospitals NHS Foundation Trust (Bradford) has completed one of the UK’s largest image migration projects thanks to a four-way partnership alongside healthcare data managemen...

SteelFusion 4.0 enables 'zero IT' at the branch office

9 Apr 2015
With more powerful software and hardware, SteelFusion 4.0 consolidates all IT at the branch into the data center for instant branch provisioning and recovery, full security and visibility, and apps that simply work.

Lessons to be learned from Zero-day nightmares

6 Apr 2015
By Philip Lieberman, President & CEO Lieberman Software.

In the line of fire

6 Apr 2015
The consequences of a fire in a data centre can be catastrophic and, as well as causing expensive downtime, it can also result in irreparable damage to expensive equipment if not detected quickly. ...

The data centre network of the future

6 Apr 2015
By Roger Keenan, managing director of central London data centre, City Lifeline.

Why automation is the key to a successful private cloud deployment

6 Apr 2015
By Arya Barirani, VP, Product Marketing at Infoblox.

Cloud data backup – is it ready for the data centre?

6 Apr 2015
Over the past 30 years, data backup has been accomplished by using a backup application that makes a copy of the data to tape and, more recently, to disk. A copy of the tape is sent offsite or data...

Public vs. private cloud: The battle is on

6 Apr 2015
By Jeramiah Dooley, Cloud Architect, SolidFire.

IBM connects “Internet of Things” to the enterprise

2 Apr 2015
IBM will invest $3 billion over the next four years to establish a new Internet of Things (IoT) unit, and that it is building a cloud-based open platform designed to help clients and ecosystem partners build IoT solutions.

How to avoid a CryptoWall Nightmare – an unfortunate not-for-profit experience

30 Mar 2015
By David Fisk, EMEA sales director, Quorum.

Kingsfield Consulting adopts CCE Private Cloud to enable collaboration and drive growth

30 Mar 2015
CCE Solution provides UK SME with a flexible IT infrastructure


Latest IT jobs from leading companies.


Click here for full listings»