Saving a huge enterprise intrusion detection & prevention management project when the original vendor abandoned it 30 days before go-live.
A Fortune 500 telecom giant with a multi-national operation was building an internal cloud to support its enterprise business needs. The company had selected Sourcefire for its Intrusion Detection System and a professional services vendor to provide support for the new Sourcefire devices. Unfortunately, the selected vendor withdrew from the project less than 30 days prior to the go-live date for the internal cloud. VIMRO was called upon to step in and pick up the pieces of the broken project with as little interruption, wasted cost and repeated work as possible.
While it was an internal cloud project, there were many use-cases for traffic flows and the IDS was used for perimeter security as well as for the Internet-facing traffic. The client lacked internal staff with knowledge and skills to support Sourcefire devices. Due to an existing partnership with VIMRO, the telecom company trusted us to provide operational cybersecurity support to keep the project on schedule.
What We Did:
A VIMRO Senior Network Security Engineer was assigned to manage the support for the project. The VIMRO Network Cybersecurity Engineering team was able to complete the installation of the IDS consisting of 7 pairs of Sourcefire 3D8250 chassis and 7 Sourcefire DC1500 Defense Centers and begin support on schedule. VIMRO supported this IDS environment for over 3 years. During this time, the VIMRO Network Cybersecurity Engineering Team documented the environment and trained the internal staff to take over ongoing support.
- Intrusion detection – Implemented packet inspection for suspicious traffic to determine its legitimacy, determined and implemented network security policies and mitigated malicious traffic following detection.
- Intrusion protection – Defined policies and rules based on traffic baselines, monitored traffic flow and ceased traffic outside the baselines. • DDoS – Defined policies for rate-based (volumetric) attacks based on baseline traffic patterns.
- Firewalling – Standard layer 3 packet filtering on source/destination/ports.
- Mitigation of any discovered attack through firewall policy, blacklist or blackhole.
- Traffic analysis, pattern recognition and correlation policies to alert the team of anomalies.
- Signature updates and continuous testing and upgrades of the operating system with an emphasis on uptime through high-availability.
Losing a critical vendor less than 30 days before a go-live could have been a crisis. The datacenter environment included approximately 1,000 production zone Virtual Machines with 10Gbps in physical connectivity and a sustained traffic pattern average of about 4Gbps at the most popular datacenter. VIMRO responded to fill the gap with virtually no advance notice, establishing 24/7/365 response for mission critical systems and cybersecurity functions with no downtime for the telecom company. Additionally, the client greatly reduced its operational support costs as VIMRO was able to leverage existing staff on an as-needed basis.
Due to the flexibility, diligence and dependability of the VIMRO team, this leading telecom company is able to mitigate thousands of cybersecurity network threats each month.