Search this website:


Scratch Beneath The Surface

When Telekom Slovenije needed a security solution that could protect it from attacks and keep its company data safe, while still optimising the performance of its staff, it turned to Sourcefire for help. By Sourcefire.

 

Date: 1 Jul 2009

Telekom Slovenije is an information and communication service provider. The company provides services to the Government of the Republic of Slovenia and various entities, agencies and companies in which the Slovenian State is either the majority or minority shareholder. In 2007, Telekom Slovenije spread its reach by investing in IP and fibre-optic networks, successfully entering the markets of South Eastern Europe and developing multimedia services.  Today, the company operates across a network of cross-boarder sites throughout Slovenia, Croatia, Bosnia and Herzegovina, Kosovo, Macedonia, Albania, and Gibraltar. In 2007 it reported a 5 percent increase in operating revenues and revenue of 785.9 million Euros.  The operations of Telekom Slovenije were marked by the high growth in broadband connections both in Slovenia and in South Eastern Europe.  The number of broadband connections increased by nearly half reaching 231,000, one quarter of which was in South Eastern Europe, where growth was fourfold.

 

Just the tip of the iceberg

 

Telekom Slovenije operates around 2,500 PCs across 50 sites, running a mixture of network types, across a range of operating systems, both open source and commercial. The organisation had suffered from a series of incidents, resulting in disruption to client services and downtime, which the company investigated manually. This meant the company was only dealing with events after an attack had taken place, so it was concerned that these were just the tip of the iceberg and they could be exposed to a more serious data breach without even knowing.

 

Telekom Slovenije felt it needed a commercial solution to ensure the security of its business critical data, improve business continuity, and maximise the efficiency of its IT team. Dragoslav Radin, Head of IT System Support for Telekom Slovenje, explains: "The telecommunications business in Slovenia is very competitive. We have to be very careful that our data is not exposed to our competitors, because if someone is able to access our systems it could compromise our plans. Also, during some security incidents, users weren't able to use the customer relationship management (CRM) system, which is critical for communicating with our customers. It was crucial that we eliminated the risk of our systems being compromised again.

 

"Automation was key. We want staff to do the job they were trained to do, using their knowledge for skilled tasks, and if there is a tool which can do the job instead then we believe this should be leveraged." 

The proof is in the pudding

 

Telekom Slovenije started to look into Intrusion Prevention Systems (IPS) in early 2007. The company was aware of IPS technology as its daughter company had been running a test of the IBM/ISS solution. However the decision was taken to review other market offerings in this space, so Telekom Slovenije spoke to IT security specialists, HIC Salta, which introduced the company to the Sourcefire 3D System. HIC Salta provided Telekom Slovenije with a product demonstration and the company was impressed, but it was keen to see how the solution worked in practice. In particular Telekom Slovenije had concerns about the number of alerts the system would produce. As a result, HIC Salta provided the company with proof of concept, installing the 3D System in a test environment for three months.

 

Radin continues: "The key criteria that we needed from the product were functionality, rules quality, and having the ability to install and support the system locally. After conducting the proof of concept we could see that Sourcefire provided us with all of these and more. The system was customisable and easy to manage and the rules are always up-to-date. Additionally, RNA does a lot of the searching and gathering of information for you, which reduces the pressures on our systems administrator, and produces far less alerts."

 

Visibility at last

 

Following the successful pilot, Telekom Slovenije extended its coverage and implemented the Sourcefire 3D System, with RNA, across its entire network in December 2007. The installation took three months. The company installed two sensors, one between the core and client network, the second to monitor the server to core network. The Sourcefire 3D System gives Telekom Slovenije complete visibility of all network traffic, allowing the organisation to prevent and protect against threats before, during and after a security incident.

 

The 3D System combines a number of security technologies, such as Intrusion Prevention System (IPS), Network Behavioural Analysis (NBA), and Vulnerability Management and feeds all information into one central management console, the Sourcefire Defense Center™. This integrated approach provides a greater level of understanding when it comes to security alerts and reduces the number of false positives that the security team receives. Additionally, it has deployed Sourcefire RNA to gather network intelligence, providing enhanced context of security threats and an even finer level of network intelligence.

 

HIC Salta worked with Sourcefire® to help Telekom Slovenije with the implementations of the Sourcefire 3D System. Radin says: "The implementation was very straightforward and we found both HIC Salta and Sourcefire to be extremely knowledgeable and helpful. The project ran on schedule and we actually managed to cut the original estimate for the installation time by half."

 

Prevention is better than cure

 

The Sourcefire 3D System has enabled Telekom Slovenije to achieve its stated goals by reducing the number of security incidents, enabling the company to meet its business continuity goals and feel confident that its data is secure. Telekom Slovenije is also seeing efficiency benefits due to the use of RNA. The early intrusion alerts enable the support team to provide a quicker and more efficient response meaning the process of monitoring has less impact on the business and mitigates the risk of loosing or exposing business critical data.

 

Radin comments: "Today, we have more security incidents, because we are aware of them. Before we were acting in a totally reactive mode. Now we are able to act in a proactive way, dealing with threats before they get to a stage where they impact on the business.

 

"With Sourcefire RNA and Defense Center we are able to get all the data we need about the source of a threat and what it will impact on all in one place. We do not have to run around gathering information from a number of different sources, so it is simple for IT administrators to understand.   This leaves my team free to deal with the most pressing problems."

 

Some surprise additional benefits

 

In addition to its planned goals, the Sourcefire 3D System has provided the company with visibility of all network activity, including network usage. Having this additional information has allowed Telekom Slovenije to reduce bandwidth usage and the number of servers the company runs, optimising the company's IT operations. This in turn has allowed Telekom Slovenije to reduce investments in new network devices, optimise server utilisation for business applications, reduce the operational costs of running its network, reduce investment in new servers, and lower energy consumption.

 

Radin continues: "A benefit that we weren't expecting was that it is also a useful resource for network inventory as the data collected by Sourcefire is also a very good source for our Configuration Management Database (CMDB).

 

"As we are a telecommunication company, any bandwidth we consume ourselves, we could be selling. Sourcefire has helped us to identify areas where we could make savings where servers or programmes aren't in use but are still running and using up bandwidth and energy. This has made the company more efficient in its energy use, which is very important to us as we are a holder of ISO 14001 certificate and are dedicated to our environmental commitments."

 

Further automation

 

Telekom Slovenije has recently been speaking to HIC Salta regarding the possible implementation of Sourcefire RUA™ (Real-time User Awareness), which enables the Defense Center to correlate threat, endpoint, and network intelligence with user identity information, directly correlating individual user IDs with specific IP addresses, traffic, and events.

 

Radin explains: "RUA would help us to automate even further. Currently if there is a problem or if we need to trace an incident to a user, we have to look in a directory to find what user is behind that system or host or client. With RUA we would be able to bring all that information into one console and eliminate the additional work of investigating manually."

 

The Sourcefire 3D System has enabled Telekom Slovenije to optimise IT operations costs and improve the productivity of its IT resources. Radin concludes: "We have been extremely happy with the service and performance from the Sourcefire solution and would happily recommend it."

ShareThis

« Previous article

Next article »

Tags: Green Tech

Related White Papers

15 Apr 2011 | White Papers

Flattening the Data Center Architecture by Juniper

The Juniper Networks QFabric Architecture A Revolution in Data Center Network Design Download white paper

15 Apr 2011 | White Papers

The Cloud-Ready Data Center Network by Juniper

Applying the lessons of cloud computing to vastly improve conomics of networking and the user experience Download white paper

Read more White Papers»

Related News

3 Oct 2011 | The Cloud

29 Sep 2011 | Design & Facilities Management

26 Sep 2011 | Power & Cooling

23 Sep 2011 | Green Tech

Read more News »
Related Web Exclusives

3 Aug 2011 | Power & Cooling

4 Jul 2011 | Power & Cooling

23 May 2011 | Hosting & Colocation

Read more Web Exclusives»

Related Magazine Articles

October 2010 | Green Tech

  • Green storage

    IT has been extremely focussed on cost cutting recently. The chance to take a fresh view of IT, and to reconsider the parameters within which it is managed, ... Read more

October 2010 | Green Tech

September 2010 | Power & Cooling

September 2010 | Green Tech

  • Powering green energy

    Wind farm developer assesses sites 20 times faster and cuts power use by around 75 per cent with Dell blade cluster. DCS reports. Read more

Read more Magazine Articles»

Related Supplements

14 Oct 2011 | The Cloud

Qlogic - Evolution of the data center

Please click here to download this supplement

04 - Consolidation - Optimizing Data Center Resources
07 - Virtualization - Increasing resource utilization availability and agility
13 - Convergence - A unified data center fabric
15 - Cloud Computing - Completing the Journey

Click here to learn more »

Read more Supplements »

Recruitment

Latest IT jobs from leading companies.

 

Click here for full listings»

Advertisement