Intrusion Prevention Case Study

Document Sample
Intrusion Prevention Case Study Powered By Docstoc
					Case Study | 2006

Energieversorger MAINOVA AG
Frankfurt energy supplier Mainova AG relies on McAfee for its network security

At a Glance
The industry
Public sector

The customer
Mainova AG, Frankfurt

The Mainova AG company, formed from the 1998 merger of Stadtwerke Frankfurt am Main GmbH and Maingas AG, provides the Rhine-Main region with a reliable supply of environmentally-friendly electricity, natural gas, heat, and water. The organisation develops innovative supply strategies, advises its customers on energy-saving, and operates ultra-modern power plants. Widely Dispersed Network
Mainova AG’s IT department, therefore, provides services to organisations including the Stadtwerke Frankfurt am Main Holding GmbH, the VGF (Frankfurt’s transport authority) and the BBF (Frankfurt’s swimming-pool operating authority). One of its tasks is to run the entire network, parts of which are located across different buildings. And one of the important issues it faces is network security when handling customer service online. So Mainova AG’s IT department is responsible for securing all the email traffic and web interactions with end customers. The network’s security strategy spans, for example, the web sites of the Stadtwerke holding company itself ( and of the transport company for the Main metropolitan area (, plus all the services that can be accessed there. These include online forms, downloadable information brochures, transport timetable information, online ticket sales, and options to view meter readings and alter banking details. Power stations and various premises also form part of the network. The whole network, which internally alone can be accessed by 3.000 employees, comprises two IT centres, the network infrastructure in around 80 buildings, and about 300 servers. In 2004, Mainova AG’s IT department was faced with the task of installing a new security solution for the entire network. The system had to provide protection for the intranet and Internet, so a modern intrusion detection system (IDS) and intrusion prevention system (IPS) had to be installed. The previous solution, which had been in place since 2000, would have required extensive updating, and the maintenance agreement for the existing IDS/IPS was due to expire. There were also problems in interpreting the logs that were being provided and with setting system parameters. The aim was to eliminate these problems, because a network of this size produces around 60.000 logs per day. With the old system, the IT staff was unable to fi lter log reports using its own criteria, or to sort or order them by event type. When setting parameters, there was no way of configuring exceptions, for example, so that logs might be ignored if they were classified as false alarms or irrelevant messages.

The network environment
Mainova AG has 3.000 employees. The network spans 80 buildings, two data centers, and approximately 300 servers.

Business challenge
In 2004, a new, network-wide security solution had to be introduced. The implementation of a state-of-the-art intrusion detection and intrusion prevention system was required.

Technology solution
McAfee IntruShield 2600

For more information on products, worldwide services, and support, contact your authorized McAfee sales representative.

Case Study | 2006

Appliance-based Solution Selected
When possible alternatives came to be evaluated, the debate centred round the existing software supplier’s follow-up solution, an outsourcing solution, and a McAfee® proposal. A server was installed on Mainova AG’s premises to run two tests to assess both in-house solutions. One disadvantage of outsourcing was the fact that it was undesirable for such a vital issue as security to be handled externally. The cost argument also went against the outsourcing option—the proposed annual outsourcing charge was substantially higher than the cost of procuring the McAfee solution and paying for annual support. The test results having been analysed, the decision was taken to opt for an appliance-based solution from McAfee. The solution designed for Mainova AG is based on two McAfee IntruShield® 2600 sensor appliances and the IntruShield Starter Manager. McAfee IntruShield 2600 is a powerful, flexible sensor-appliance solution for corporate networks’ feeder areas. The system enables companies to cost-effectively integrate an IPS into networks with diverse locations. The protective shield, which uses patented recognition procedures, secures the network resources and infrastructure against the full spectrum of currently known viruses and zero-day and Denial of Service (DoS) attacks. The IntruShield system includes an extensive range of integrated security management functions. The system thus considerably simplifies and accelerates the complex tasks that occur with older IDS when administering configuration and guidelines, handling threats, and providing adequate defence. The new IPS works using patented procedures that enable threats to be precisely and fully identified and repelled in real time. McAfee’s appliances are deployed at various critical points in the corporate network and act as sensors that transmit information to the main management server and receive updates from it.

Easy Integration, Rapid Problem-solving
McAfee integrated the solution for Mainova AG, a process which took two days, or 16 person-hours. Another half day was required afterwards to set the necessary parameters. The log volume from the practical test was studied to fi nd indications as to how to set effective parameters. After two weeks of training for the administration team and once the defi nitive parameters had been set, the security solution was taken live. Its extreme efficiency immediately made a positive impression. All that was required was to remedy some minor MySQL database problems where inconsistencies were identified with logs and configurations in the management system. But to date all these problems have been rapidly solved using McAfee’s online tutorial portal, McAfee Knowledge Base. The appliance solution has dispensed with the need for labour-intensive operatingsystem tuning and for administering patches for sensors at multiple separate sites. All threats are precisely identified and blocked in real time. The new security solution has brought significant time savings. Only three of the 160 staff in Mainova AG’s IT department work on monitoring the IDS/IPS solution. Automatic signature updating is highly reliable. “The key benefits of McAfee’s solution are that any virus spread via IP connections becomes visible very quickly, and that the use of messenger services like Yahoo can be blocked at individual workplaces,” explained Klaus Dieter Hollstein, Leiter der IT-Infrastruktur at Mainova AG.

Case Study | 2006

Complete Protection for the Entire Network
Using plug-and-play-capable sensor appliances and centralised, web-based monitoring and policy management, Mainova AG’s entire network was given complete protection at a low operating cost. Full transparency when monitoring network traffic is the key strength of this customised IDS/IPS solution from McAfee. Another vital factor is its high degree of scalability, which is particularly beneficial with a large installation such as that at Mainova AG. Their overall positive experiences have also persuaded Mainova AG to take the decision to install McAfee VirusScan® on terminals. They are also talking about securing individual PC workplaces using McAfee Desktop Firewall.™

McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054, 888.847.8766, McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2006 McAfee, Inc. All rights reserved. 5-cor-mnva-001-1006

Shared By: