Search this website:

Conditions Change. Adapt Faster. Learn more > Conditions Change. Adapt Faster. Learn more >

Scratch Beneath The Surface

When Telekom Slovenije needed a security solution that could protect it from attacks and keep its company data safe, while still optimising the performance of its staff, it turned to Sourcefire for help. By Sourcefire.


Date: 20150802

Telekom Slovenije is an information and communication service provider. The company provides services to the Government of the Republic of Slovenia and various entities, agencies and companies in which the Slovenian State is either the majority or minority shareholder. In 2007, Telekom Slovenije spread its reach by investing in IP and fibre-optic networks, successfully entering the markets of South Eastern Europe and developing multimedia services.  Today, the company operates across a network of cross-boarder sites throughout Slovenia, Croatia, Bosnia and Herzegovina, Kosovo, Macedonia, Albania, and Gibraltar. In 2007 it reported a 5 percent increase in operating revenues and revenue of 785.9 million Euros.  The operations of Telekom Slovenije were marked by the high growth in broadband connections both in Slovenia and in South Eastern Europe.  The number of broadband connections increased by nearly half reaching 231,000, one quarter of which was in South Eastern Europe, where growth was fourfold.


Just the tip of the iceberg


Telekom Slovenije operates around 2,500 PCs across 50 sites, running a mixture of network types, across a range of operating systems, both open source and commercial. The organisation had suffered from a series of incidents, resulting in disruption to client services and downtime, which the company investigated manually. This meant the company was only dealing with events after an attack had taken place, so it was concerned that these were just the tip of the iceberg and they could be exposed to a more serious data breach without even knowing.


Telekom Slovenije felt it needed a commercial solution to ensure the security of its business critical data, improve business continuity, and maximise the efficiency of its IT team. Dragoslav Radin, Head of IT System Support for Telekom Slovenje, explains: "The telecommunications business in Slovenia is very competitive. We have to be very careful that our data is not exposed to our competitors, because if someone is able to access our systems it could compromise our plans. Also, during some security incidents, users weren't able to use the customer relationship management (CRM) system, which is critical for communicating with our customers. It was crucial that we eliminated the risk of our systems being compromised again.


"Automation was key. We want staff to do the job they were trained to do, using their knowledge for skilled tasks, and if there is a tool which can do the job instead then we believe this should be leveraged." 

The proof is in the pudding


Telekom Slovenije started to look into Intrusion Prevention Systems (IPS) in early 2007. The company was aware of IPS technology as its daughter company had been running a test of the IBM/ISS solution. However the decision was taken to review other market offerings in this space, so Telekom Slovenije spoke to IT security specialists, HIC Salta, which introduced the company to the Sourcefire 3D System. HIC Salta provided Telekom Slovenije with a product demonstration and the company was impressed, but it was keen to see how the solution worked in practice. In particular Telekom Slovenije had concerns about the number of alerts the system would produce. As a result, HIC Salta provided the company with proof of concept, installing the 3D System in a test environment for three months.


Radin continues: "The key criteria that we needed from the product were functionality, rules quality, and having the ability to install and support the system locally. After conducting the proof of concept we could see that Sourcefire provided us with all of these and more. The system was customisable and easy to manage and the rules are always up-to-date. Additionally, RNA does a lot of the searching and gathering of information for you, which reduces the pressures on our systems administrator, and produces far less alerts."


Visibility at last


Following the successful pilot, Telekom Slovenije extended its coverage and implemented the Sourcefire 3D System, with RNA, across its entire network in December 2007. The installation took three months. The company installed two sensors, one between the core and client network, the second to monitor the server to core network. The Sourcefire 3D System gives Telekom Slovenije complete visibility of all network traffic, allowing the organisation to prevent and protect against threats before, during and after a security incident.


The 3D System combines a number of security technologies, such as Intrusion Prevention System (IPS), Network Behavioural Analysis (NBA), and Vulnerability Management and feeds all information into one central management console, the Sourcefire Defense Center™. This integrated approach provides a greater level of understanding when it comes to security alerts and reduces the number of false positives that the security team receives. Additionally, it has deployed Sourcefire RNA to gather network intelligence, providing enhanced context of security threats and an even finer level of network intelligence.


HIC Salta worked with Sourcefire® to help Telekom Slovenije with the implementations of the Sourcefire 3D System. Radin says: "The implementation was very straightforward and we found both HIC Salta and Sourcefire to be extremely knowledgeable and helpful. The project ran on schedule and we actually managed to cut the original estimate for the installation time by half."


Prevention is better than cure


The Sourcefire 3D System has enabled Telekom Slovenije to achieve its stated goals by reducing the number of security incidents, enabling the company to meet its business continuity goals and feel confident that its data is secure. Telekom Slovenije is also seeing efficiency benefits due to the use of RNA. The early intrusion alerts enable the support team to provide a quicker and more efficient response meaning the process of monitoring has less impact on the business and mitigates the risk of loosing or exposing business critical data.


Radin comments: "Today, we have more security incidents, because we are aware of them. Before we were acting in a totally reactive mode. Now we are able to act in a proactive way, dealing with threats before they get to a stage where they impact on the business.


"With Sourcefire RNA and Defense Center we are able to get all the data we need about the source of a threat and what it will impact on all in one place. We do not have to run around gathering information from a number of different sources, so it is simple for IT administrators to understand.   This leaves my team free to deal with the most pressing problems."


Some surprise additional benefits


In addition to its planned goals, the Sourcefire 3D System has provided the company with visibility of all network activity, including network usage. Having this additional information has allowed Telekom Slovenije to reduce bandwidth usage and the number of servers the company runs, optimising the company's IT operations. This in turn has allowed Telekom Slovenije to reduce investments in new network devices, optimise server utilisation for business applications, reduce the operational costs of running its network, reduce investment in new servers, and lower energy consumption.


Radin continues: "A benefit that we weren't expecting was that it is also a useful resource for network inventory as the data collected by Sourcefire is also a very good source for our Configuration Management Database (CMDB).


"As we are a telecommunication company, any bandwidth we consume ourselves, we could be selling. Sourcefire has helped us to identify areas where we could make savings where servers or programmes aren't in use but are still running and using up bandwidth and energy. This has made the company more efficient in its energy use, which is very important to us as we are a holder of ISO 14001 certificate and are dedicated to our environmental commitments."


Further automation


Telekom Slovenije has recently been speaking to HIC Salta regarding the possible implementation of Sourcefire RUA™ (Real-time User Awareness), which enables the Defense Center to correlate threat, endpoint, and network intelligence with user identity information, directly correlating individual user IDs with specific IP addresses, traffic, and events.


Radin explains: "RUA would help us to automate even further. Currently if there is a problem or if we need to trace an incident to a user, we have to look in a directory to find what user is behind that system or host or client. With RUA we would be able to bring all that information into one console and eliminate the additional work of investigating manually."


The Sourcefire 3D System has enabled Telekom Slovenije to optimise IT operations costs and improve the productivity of its IT resources. Radin concludes: "We have been extremely happy with the service and performance from the Sourcefire solution and would happily recommend it."


« Previous article

Next article »

Tags: Green Tech

More Exclusive News

Network access control - changed for the better

27 Jul 2015
Christian Buecker, CEO, macmon secure gmbh, says network access control (NAC) is needed now more than ever. And what’s more, it really has changed. From the cumbersome, expensive systems of o...

How the agile businesses will win

27 Jul 2015
By Daniel Naor, VP International Sales at Zadara Storage.

IoT helps financial services re-engage their customers

27 Jul 2015
By Matthew Larbey, Director of Product Strategy, VIRTUS Data Centres.

Meeting future standards

27 Jul 2015
Future-proofing investments with clever cabling. By Dr. Thomas Wellinger, Market Manager Data Centre R&M.

The counterintuitive CIO: The more advanced the business, the simpler the IT  

27 Jul 2015
By Nigel Moulton, CTO, EMEA – VCE.

Prevention: Survival of the fittest as data centre cyber threats evolve

27 Jul 2015
By Mike Langley, Regional Vice President, Western Europe and South Africa at Palo Alto Networks.

Six network security checks to mitigate the risk of data security breaches

20 Jul 2015
By Luke Potter, Operations Manager, SureCloud.

Control your HVAC motors anywhere!

20 Jul 2015
When Global Building Controls was asked to produce an effective VSD system that would help to keep energy costs under control for a data centre client, the company chose VACON 100X drives as the basis of its solution.

Are you energy efficient?

20 Jul 2015
By David Wilcox, Data Centre and ITaaS General Manager: Europe, Dimension Data.

A question of trust  

20 Jul 2015
By Jonathan Birch, Product Manager for Infrastructure and Data Services at Redcentric.

Improvements instead of incidents: optimize and align IT services

20 Jul 2015
By Per Bauer, Director of Global Services at TeamQuest, a global leader in IT Capacity Planning and Management solutions.

What does DR have in common with the Tour de France?

20 Jul 2015
By Marc Goroff, CTO at Quorum.

How to be a security policy management saint, not a sinner

13 Jul 2015
The path to policy righteousness demands the right processes, visibility and automation – but the rewards are improved security and better business agility. By Nimmy Reichenberg, VP marketing & strategy for AlgoSec.

Tallac Networks & Milton Keynes Council – a case study

13 Jul 2015
By Steve Broadhead, Broadband-Testing (

Computacenter enriches IT support experience and increases staff productivity with Next Generation Service Desk

13 Jul 2015
As part of its digitisation strategy, Computacenter needed to rethink its approach to delivering IT support services to both its employees and customers. The new approach would need to deliver an e...


Latest IT jobs from leading companies.


Click here for full listings»