WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
Less than a decade ago, the Circuit Court of Cook County (Chicago)--the second largest county in the U.S.--operated completely on thin client terminals and paper, and without Internet access. That began to change in 2000, when Dorothy Brown, the newly elected clerk of the Circuit Court, which has 2,100 employees and an operating budget of $100 million, moved to bring more efficiency through the use of technology. But as the court's use of technology grew, so did its need for IT security.
That included the need to secure its $5 million integrated cashiering system, which maintains all of the county's cash transactions, such as traffic ticket fines and filing fees, its case management system and its records management systems.
At first, the primary lines of defense were the use of Norton antivirus software and constant patching.
Despite those precautions, trouble still hit at times. Cook County shares its network with many other agencies on the county's wide area network, segmented by IP addresses. "What wound up happening was that if other agencies got a virus, we'd get infected too," Circuit Court CIO Bridget Dancy recalls. "We had to do more to protect our environment. We were getting attacks, and as soon as we cleaned one, another virus hit."
Dancy recommended that the Circuit Court Clerk's Office expand its security protection beyond antivirus and patch management and put into place a hardware-based UTM that included intrusion protection. "Installing additional and separate antivirus, intrusion prevention and network firewalls would have been a budget buster for us," Dancy says. For $25,000, the county chose to deploy Fortinet's Fortigate 1000. The UTM appliance keeps the court's 17 separate locations protected behind its antivirus, intrusion prevention and network firewalls. The appliance's antivirus also protects the Circuit Court's 2,100 employees' e-mail inboxes and provides intrusion protection for its intranet and help desk applications.
One primary concern of organizations considering a move to UTM is the potential impact on network performance from running multiple security applications on a single appliance. But the Circuit Court's experience was positive. By clearing useless and malicious traffic and bandwidth, its server availability soared.
Prior to installing the UTM, it was common for the county's servers to reach 95 percent usage levels. "Utilization went down to 10 percent after we installed the appliance; from that point on, we were sold," Dancy says. "Although we experienced 381,407 attempted attacks against our network, the Fortinet solution blocked and protected us from every single one."
The implementation also helped increase efficiency of the court's small IT support team. Previously, administrators would have to travel to each of the 800 computers in various locations whenever there was a network security incident. Now, they can centrally manage the network.
That's what Sonnenschein Nath and Rosenthal found. The Chicago-based multinational law firm has more than 700 attorneys in the U.S., Europe, Asia, the Middle East and Latin America.
The firm relies largely on IBM Proventia Network Multi-Function Security UTM devices to keep much of its infrastructure secure, with additional intrusion prevention systems installed on the network, as well as IBM RealSecure Server Sensors, which provide additional preemptive intrusion prevention defenses for its servers.
Sonnenschein centrally manages each of these security technologies using the IBM's Site- Protector, which simplifies the monitoring of its overall security processes and network health. "We're able to centrally manage all of these devices," says Adam Hansen, director of security at Sonnenschein. "It's proven to be a great move for us. Throughput hasn't been a problem."
Beyond simplifying security management, Hansen says, moving to UTM has helped the law firm provide faster, nimbler services to its clients without security being the corporate bottleneck it often is. "We don't have to slow down business for the sake of security," he says.
That certainly was true when the firm decided to deploy VoIP to hundreds of attorneys so they could work more efficiently from their homes. Because the firm couldn't control how the home PCs are used, how Web sites are visited or even enforce the security of those homeoffice systems, Sonnenschein needed to make some tough choices when it came to securing its move to VoIP. "We looked at whether we could manage device security at each home office, or centrally manage security in-house," Hansen says.
Using IBM's Proventia UTM devices, it became clear that the best choice would be to secure the devices centrally. "In this way, we can provide inline antivirus and intrusion prevention," Hansen says. The Proventia UTMs are placed behind the corporate VPN concentrators at both of the firm's data centers, where the traffic is decrypted and analyzed by the UTM before it is sent to critical internal systems. "If the UTM spots anything bad, it's blocked or cleansed," Hansen says. "So far, the set-up has protected us from anything bad that can come across that wire."
Sonnenschein considered managing antimalware, intrusion prevention and other security technologies from a set of separate appliances, but found it wouldn't be cost effective. "From our perspective, [UTM] has been a godsend," Hansen says. "These devices take 15 minutes to configure and to integrate into your console. It takes us more time to get the paperwork done and stage the box than to configure it."
Ask your CSO:
Is security proving to be a bottleneck on certain projects?
Ask your operations teams:
Which security functions are too time-consuming?