Search this website:

Scratch Beneath The Surface

When Telekom Slovenije needed a security solution that could protect it from attacks and keep its company data safe, while still optimising the performance of its staff, it turned to Sourcefire for help. By Sourcefire.


Date: 1 Jul 2009

Telekom Slovenije is an information and communication service provider. The company provides services to the Government of the Republic of Slovenia and various entities, agencies and companies in which the Slovenian State is either the majority or minority shareholder. In 2007, Telekom Slovenije spread its reach by investing in IP and fibre-optic networks, successfully entering the markets of South Eastern Europe and developing multimedia services.  Today, the company operates across a network of cross-boarder sites throughout Slovenia, Croatia, Bosnia and Herzegovina, Kosovo, Macedonia, Albania, and Gibraltar. In 2007 it reported a 5 percent increase in operating revenues and revenue of 785.9 million Euros.  The operations of Telekom Slovenije were marked by the high growth in broadband connections both in Slovenia and in South Eastern Europe.  The number of broadband connections increased by nearly half reaching 231,000, one quarter of which was in South Eastern Europe, where growth was fourfold.


Just the tip of the iceberg


Telekom Slovenije operates around 2,500 PCs across 50 sites, running a mixture of network types, across a range of operating systems, both open source and commercial. The organisation had suffered from a series of incidents, resulting in disruption to client services and downtime, which the company investigated manually. This meant the company was only dealing with events after an attack had taken place, so it was concerned that these were just the tip of the iceberg and they could be exposed to a more serious data breach without even knowing.


Telekom Slovenije felt it needed a commercial solution to ensure the security of its business critical data, improve business continuity, and maximise the efficiency of its IT team. Dragoslav Radin, Head of IT System Support for Telekom Slovenje, explains: "The telecommunications business in Slovenia is very competitive. We have to be very careful that our data is not exposed to our competitors, because if someone is able to access our systems it could compromise our plans. Also, during some security incidents, users weren't able to use the customer relationship management (CRM) system, which is critical for communicating with our customers. It was crucial that we eliminated the risk of our systems being compromised again.


"Automation was key. We want staff to do the job they were trained to do, using their knowledge for skilled tasks, and if there is a tool which can do the job instead then we believe this should be leveraged." 

The proof is in the pudding


Telekom Slovenije started to look into Intrusion Prevention Systems (IPS) in early 2007. The company was aware of IPS technology as its daughter company had been running a test of the IBM/ISS solution. However the decision was taken to review other market offerings in this space, so Telekom Slovenije spoke to IT security specialists, HIC Salta, which introduced the company to the Sourcefire 3D System. HIC Salta provided Telekom Slovenije with a product demonstration and the company was impressed, but it was keen to see how the solution worked in practice. In particular Telekom Slovenije had concerns about the number of alerts the system would produce. As a result, HIC Salta provided the company with proof of concept, installing the 3D System in a test environment for three months.


Radin continues: "The key criteria that we needed from the product were functionality, rules quality, and having the ability to install and support the system locally. After conducting the proof of concept we could see that Sourcefire provided us with all of these and more. The system was customisable and easy to manage and the rules are always up-to-date. Additionally, RNA does a lot of the searching and gathering of information for you, which reduces the pressures on our systems administrator, and produces far less alerts."


Visibility at last


Following the successful pilot, Telekom Slovenije extended its coverage and implemented the Sourcefire 3D System, with RNA, across its entire network in December 2007. The installation took three months. The company installed two sensors, one between the core and client network, the second to monitor the server to core network. The Sourcefire 3D System gives Telekom Slovenije complete visibility of all network traffic, allowing the organisation to prevent and protect against threats before, during and after a security incident.


The 3D System combines a number of security technologies, such as Intrusion Prevention System (IPS), Network Behavioural Analysis (NBA), and Vulnerability Management and feeds all information into one central management console, the Sourcefire Defense Center™. This integrated approach provides a greater level of understanding when it comes to security alerts and reduces the number of false positives that the security team receives. Additionally, it has deployed Sourcefire RNA to gather network intelligence, providing enhanced context of security threats and an even finer level of network intelligence.


HIC Salta worked with Sourcefire® to help Telekom Slovenije with the implementations of the Sourcefire 3D System. Radin says: "The implementation was very straightforward and we found both HIC Salta and Sourcefire to be extremely knowledgeable and helpful. The project ran on schedule and we actually managed to cut the original estimate for the installation time by half."


Prevention is better than cure


The Sourcefire 3D System has enabled Telekom Slovenije to achieve its stated goals by reducing the number of security incidents, enabling the company to meet its business continuity goals and feel confident that its data is secure. Telekom Slovenije is also seeing efficiency benefits due to the use of RNA. The early intrusion alerts enable the support team to provide a quicker and more efficient response meaning the process of monitoring has less impact on the business and mitigates the risk of loosing or exposing business critical data.


Radin comments: "Today, we have more security incidents, because we are aware of them. Before we were acting in a totally reactive mode. Now we are able to act in a proactive way, dealing with threats before they get to a stage where they impact on the business.


"With Sourcefire RNA and Defense Center we are able to get all the data we need about the source of a threat and what it will impact on all in one place. We do not have to run around gathering information from a number of different sources, so it is simple for IT administrators to understand.   This leaves my team free to deal with the most pressing problems."


Some surprise additional benefits


In addition to its planned goals, the Sourcefire 3D System has provided the company with visibility of all network activity, including network usage. Having this additional information has allowed Telekom Slovenije to reduce bandwidth usage and the number of servers the company runs, optimising the company's IT operations. This in turn has allowed Telekom Slovenije to reduce investments in new network devices, optimise server utilisation for business applications, reduce the operational costs of running its network, reduce investment in new servers, and lower energy consumption.


Radin continues: "A benefit that we weren't expecting was that it is also a useful resource for network inventory as the data collected by Sourcefire is also a very good source for our Configuration Management Database (CMDB).


"As we are a telecommunication company, any bandwidth we consume ourselves, we could be selling. Sourcefire has helped us to identify areas where we could make savings where servers or programmes aren't in use but are still running and using up bandwidth and energy. This has made the company more efficient in its energy use, which is very important to us as we are a holder of ISO 14001 certificate and are dedicated to our environmental commitments."


Further automation


Telekom Slovenije has recently been speaking to HIC Salta regarding the possible implementation of Sourcefire RUA™ (Real-time User Awareness), which enables the Defense Center to correlate threat, endpoint, and network intelligence with user identity information, directly correlating individual user IDs with specific IP addresses, traffic, and events.


Radin explains: "RUA would help us to automate even further. Currently if there is a problem or if we need to trace an incident to a user, we have to look in a directory to find what user is behind that system or host or client. With RUA we would be able to bring all that information into one console and eliminate the additional work of investigating manually."


The Sourcefire 3D System has enabled Telekom Slovenije to optimise IT operations costs and improve the productivity of its IT resources. Radin concludes: "We have been extremely happy with the service and performance from the Sourcefire solution and would happily recommend it."


« Previous article

Next article »

Tags: Green Tech

More Exclusive News

Clear outlooks from the Cloud - Giving CFOs assured enterprise visibility

29 Jun 2015
By Mario Spanicciati, Executive Vice President of BlackLine, a provider of automated financial processing software and solutions. He is also the firm’s Executive Director EMEA. 

Not all storage is created equal

29 Jun 2015
By Gavin McLaughlin VP Strategy and Communications.

The keys to preserving information security and risk management

29 Jun 2015
By Chris Sigley, General Manager of Redstor.

Making finance lead the way

29 Jun 2015
By Zahl Limbuwala, CEO, Romonet.

How to avoid ransomware attacks

29 Jun 2015
By Steve Harcourt, Senior Information Security Consultant, Redstor.

Leveraging the Internet of Things to create new opportunities for Real Time Communications

29 Jun 2015
By Federico Descalzo, Italtel Vice President and Chief Marketing Technology Officer.

Key considerations when moving data backup from tape to disk with data deduplication

22 Jun 2015
For decades, IT organisations have performed nightly backup of all their data to tape, which has been used primarily due to low cost. The retention of most organisations is typically 12 weeks onsit...

How do you avoid cloud evaporation?

22 Jun 2015
Written by William Rabie, Head of Cloud, EMEA & APAC, iland.

Content providers are winning - why not do the same?

22 Jun 2015
The latest blog from Willy Rietveld, TE Connectivity. (

Finding the ‘big data’ balance

22 Jun 2015
How UK organisations can apply a data-centric approach to cybersecurity, privacy and other enterprise information challenges. By Lee Meyrick, Director of Information Management at Nuix.

Assessing cyber risk in business is about more than just counting vulnerabilities

22 Jun 2015
By Matt Alderman, VP of Strategy at Tenable Network Security.

Flash – are you buying a solution or just buying time?

22 Jun 2015
By Kieran Harty, CTO & co-founder at Tintri.

Barracuda Networks helps Papergraphics see the writing on the wall

15 Jun 2015
Deploys integrated backup, recovery, archiving and network security.

Hibberts Solicitors looks to the future with Quorum’s simple and effective DR

15 Jun 2015
Tracing its origins back to 1799, long-established legal firm Hibberts Solicitors has five offices in Cheshire and 100 employees. The firm offers a wide variety of legal services to clients in the ...

Security and compliance pragmatism: How to get both in Cloud Storage environments

15 Jun 2015
By Sol Cates, CSO, Vormetric.


Latest IT jobs from leading companies.


Click here for full listings»