- What is Managed Security?
Most IT professionals are keenly aware of the need for information security. A day hardly goes by where they are not reminded of the dangers to their data from viruses, worms and backdoor programs. At the same time, it's rarely the primary responsibility for most of those professionals. As a result, most of them often lack the tools and experience to properly secure their company's systems. Even in those cases where the knowledge exists, vigilance is often neglected in favor of issues that seem more urgent.
Good security is not a singular event or a series of individual steps. It is a process that should be executed every single day. Yet, if you asked most IT professionals what steps they take to ensure the security of the systems they manage, they will usually mention measures such as installing firewalls or anti-virus software.
These are good first steps; however, it's not likely that the IT manager will review the firewall logs every day or review systems each day to make sure anti-virus software is up to date or check to be sure that untrusted software was not loaded onto a computer. In fact, threats often come from sources that they don't even suspect such as file sharing networks or instant messaging. If an employee visits the wrong Website or downloads the wrong file or program, the threat may go completely undetected, even if anti-virus software and firewalls have done their job.
The bottom line is that if security to your organization is simply having a firewall and anti-virus, you will likely be one of the thousands of businesses that will suffer some loss due to an attack. If yours is one of the small percentage of companies that have deployed Intrusion Detection/Prevention Systems (IDS/IPS), it's still necessary to review the data from these systems every day. Without that constant review, it's like having an alarm system without the alarm company to call the police or fire department.
- Is Managed Security Right For Your Company?
There are only a couple of decisions to make when considering managed security. First of all, you have to decide whether the services of a managed security provider should be performed at all. If you decide that systems should be constantly monitored, then you only have to decide whether it will be performed by internal staff or by an outside organization.
Let's first consider whether it is worth monitoring your networks for threats. According to the 2005 annual report by the Computer Security Institute and the FBI, all of the companies surveyed used anti-virus and firewalls. At the same time more than half reported losses due to a variety of attacks. That means that in spite of taking the two most common steps to protect their systems, the overwhelming majority of those companies experienced losses anyway.
The fact is that most companies are largely unaware of the tremendous number of sources and methods of threats. In fact, many have active viruses and backdoor programs on one or more systems on their network and are completely unaware until the symptoms become obvious, if ever.
- Why Managed Security From Bright House Networks?
Even if you are one of the few companies that have deployed Intrusion Prevention Systems, if you do nothing with the information they generate, you are only half way there. Maybe you're not concerned with the dozens of attacks that are attempted against your Web server each day. Therefore, you don't bother looking at the logs or respond to the dozens of alerts. After all, the system stopped the intruder even though your server might not have been properly updated with the latest security patch. But what about Dan in shipping? Wouldn't you want to know that he was attempting to break into someone's system even if the IPS stopped it? If no one is monitoring those systems, how will you know?
Hopefully, you are convinced that monitoring the activity of your network is a worthwhile effort. What's left is to determine who should do it. Consider the following facts.
- Most IT professionals have had little if any training on how to secure their networks.
- Monitoring requires time that they may not have.
- The cost for deploying internal systems required for analyzing and alerting in the event of a threat is significant or even prohibitive for many companies.
- If it's worth doing, it's worth doing every day and few IT managers will devote the time.
Over the past two to three years, there has been a significant change in the form and frequency of security threats. Most hackers or virus writers assume that most companies have a firewall and that most firewalls are in a minimally secure configuration. The most common firewall configuration allows all data to travel from the inside of the network to the Internet without any restrictions, while denying any traffic from the outside coming into the internal network. It seems like a safe configuration, yet what most hackers attempt to do is to get a program on a trusted computer that will initiate the conversation from the inside. Once that happens an attacker may have complete control over that computer and access to all of the information on a network you thought was safe.
- What Are The Challenges To Securing Your Network?
One of the biggest challenges to IT professionals is making sure that all of their security measures are working properly, everywhere, all the time. That means that every computer has to have the latest security updates for their applications and operating systems and that all anti-virus is turned on and up-to-date. It also means that no one on the network has downloaded and installed any program that might give access to anyone else and that the program would be detected by anti-virus. The odds of all of these things being true all the time are quite small.
So let's assume that sooner or later there will be a threat to your information in spite of your best efforts. The odds on stopping it before it becomes a problem are tremendously higher if someone is watching the activity every day.
So what does a managed security provider do to help? They analyze the data coming from firewalls and Intrusion Detection/Prevention Systems and when they detect a problem, they act on it. Consider a couple of examples.
Mary in customer service loves music. So much so, that she has installed a popular file sharing program called LimeWire. It seems harmless enough. She gets to trade songs with people all over the world. Unfortunately, some of those songs have embedded backdoor programs that have been placed there by hackers who want to gain access to other people's systems. Mary is none the wiser because everything seems to be working just fine. Even if the IT manager has locked the firewall down for all but standard Web traffic and other services such as email, file sharing programs can be configured to operate on those trusted ports. A managed security provider will detect that Mary has installed that software and contact the IT manager before it becomes a problem.
One of the key ways that the viruses mentioned above spread is by road warriors. Bob in accounting has cable Internet at home. Unfortunately, since he's often out of the office with his notebook, the IT manager wasn't aware that Bob had never had his operating system updated with the latest patches. Or maybe it had been updated, but that was 3 months ago. Bob plugs his computer into his cable modem (without a firewall), is issued a public address and he begins to surf the Web. The problem is that within seconds, one of the hundreds of thousands of other computers that are still infected have scanned his address and determined that he is vulnerable. Now Bob's notebook computer is infected. Bob now brings it into the corporate network (behind the firewall), plugs it in and goes to work. Within a few minutes, his computer has attempted to spread to thousands of computer addresses, some of which could be addresses on the internal network. A managed security provider will detect this activity within minutes and help the IT manager find Bob's computer and correct the problem before it becomes a catastrophe.
- What are the benefits of Managed Security?
Managed Security from Bright House Networks Business Solutions is more than just security. The technology used to deliver our state-of-the-art security solutions also helps solve every day business challenges. Here are just a few examples:
Secure Internal and Guest Wireless Access - Virtually every notebook PC sold today has built-in wireless capabilities. Many companies have been reluctant to deploy wireless because of concerns over security. Our security experts will help design a wireless solution that is highly secure. In addition, we can help solve other challenges. For example, you want to provide wireless access to your guests so they can connect to the Internet, we can help deploy wireless guest services so that guests can connect to the Customer's wireless network, enter a user ID and password and have access to the Internet for Web browsing or email without having access to the private wireless network.
Virtual Private Networks (VPNs) - If you have employees at more than one location or employees that travel, they will likely need access to the network and information stores. With VPN solutions from Bright House Networks Business Solutions we can extend the secure network to anywhere in the world as long as there is Internet access, even if the remote location has Internet service from another provider.
Content Management - Utilizing SonicWALL's Content Filtering Service and Gateway Anti-Virus/Anti-Spyware/Intrusion Prevention capabilities allows businesses to determine how employees can use the network. Access to objectionable sites can be blocked. In addition, this technology allows Customers to control their users' ability to access and use streaming media, Peer-to-Peer networks and Instant Messaging. Benefits include:
- Increased worker productivity
- Reduced legal risks from inappropriate Web browsing
- Increased network bandwidth
Wireless Hot Spot Services - Bright House Networks Business Solutions can help retail and restaurant organizations deploy "hot spot" services for their customers. Customers can provide Internet services to their customers through their own custom login/consent page. We help Customers create and deploy their "consent page" and we provide statistics such as the number of unique users during a specific time period. Customers can use the same network to provide secure connections from remote locations to their corporate network.
- Is online help available?
Bright House maintains a website with useful information describing the Managed Security service at:
http://mysecurity.brightbiz.com/
General information regarding network security and firewall technology is available online at:
- Does Bright House Networks provide installation and ongoing support?
Bright House Networks Business Solutions certified personnel install and configure Customer firewalls or VPNs for maximum security. Our services include unlimited technical support, system maintenance, configuration backup and repair or replacement of defective equipment. Our automated incident and response escalation begins whenever a security event or system failure is detected.
- What types on ongoing support are provided?
Pro-Active Security Monitoring - Pro-active security monitoring by our automated systems and trained security professionals provides a complete security solution for the Customer network. Our Threat Detection System tracks network usage and alerts our staff in the event of suspicious activity. Our personnel investigate those events and, if appropriate, contact the Customer to assist with resolution. We continuously monitor all systems in the field with advanced systems to asses the health of the network. In the event of a failure by any monitored device, our personnel are notified and respond immediately.
Management Reports- Bright House Networks Business Solutions Managed Security provides access to a variety of real-time reports on our Customer Web Portal that help Customers manage their network usage. Reports such as "Top Websites", "top users" or "Bandwidth Usage" help Customers quickly identify problem areas and help them reduce their non-essential network usage.
Firewall Technology - Bright House Networks Business Solutions has chosen network security solutions from SonicWALL. SonicWALL has developed the most advanced and cost effective security solutions in the industry. SonicWALL's Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention Service examine all traffic passing through the firewall. It compares the data to a signature database of thousands of known threats. In the event there is a match, the traffic is stopped before it can do any harm. The database is automatically updated every few hours protecting against frequently occurring zero-day threats. It can also be used to control non-business related internet use such as streaming media, Peer-to-Peer networks, Instant Messaging, etc.
Threat Detection System - Each day our Threat Detection System examines millions of event records from firewalls all over the country. Our automated systems sift through the records that result from normal Internet usage and search for events that indicate a problem. Sometimes the only indication of a problem is a simple change in the behavior of a computer from one day to the next. For example, if a computer that never sends any email suddenly starts sending a large quantity of emails, it is mostly likely infected with malicious software and will trigger an event in our systems. There are dozens of tests we perform every few minutes and every hour to determine if there are threats to the Customer network.
Once our systems determine there is a potential problem, all of the related information is combined and presented to a security analyst whose job it is to investigate the event and determine if there really is a threat. Once we investigate the incident and determine there is a problem, we immediately contact the Customer or the Customer IT administrator to resolve the issues.
- What types of Service Levels are provided for Managed Security?
All Managed Security service offerings include a state-of-the-art firewall from SonicWALL, a world leader in network security products. Our Basic managed firewall service provides traditional firewall protection (e.g. port and address blocking) as well as VPN support. The firewall is configured by security professionals and the service includes unlimited technical support, repair or replacement of defective equipment and up/down monitoring during normal business hours. In addition, Customers will have access to our Customer Web Portal that provides customer support, network health statistics and network usage reports. Our technical support team is available 24x7x365.
Our Managed Security offering includes advanced technology that can be optionally added to the SonicWALL platform that allows us to identify threats to the Customer's network and notify Customers in the event of a problem. Our Threat Detection System is one of the most sophisticated systems in the industry. Our Security Team is always on duty and in the event of a threat to the network we immediately contact the Customer to assist with resolution. The Customer can choose to have their network monitored Mon-Fri 8x5 (Guardian-level service) or 24x7x365 (Sentry-level service).
For added security, the Unified Threat Management (UTM) Enhanced Security Package from SonicWALL which provides Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention as well as Content Filtering can be optionally added to any service level.
For secure remote and mobile access, wireless access support can optionally be added to any service level.
* Response times for non-emergency requests are 4 business hours; Monday through Friday 8:00 a.m. to 5:00 p.m. Response times for emergency requests are 1 hour 24x7.
- Do I have to purchase any special equipment?
Equipment used for Managed Security are owned and installed by the divisions and monitored/managed by Cerdant.
Does the Managed Services product offer VPN Simultaneous-Use License Pricing?
The number of simultaneous VPN connections via licenses installed in the firewall. The 1-10 and 11-50 User Service Levels include one VPN access license at no additional charge. The 51-200 User Service Level includes 10-25 simultaneous-use VPN licenses (depending on the firewall model installed). If additional simultaneous-use VPN licenses are required, they must be purchased separately.
SonicWALL client VPN software (which is installed in the Windows PC or laptop) is freely available for download from SonicWALL.