Pay-for-TV IPS Deployment

Company Profile

A leading pay-for-TV operator.

Challenges

Security posture is very important to this company, so they wanted to deploy a network wide IPS while remaining within budget guidelines.  There was an added necessity to meet a drop dead installation date.

Selection Criteria

As this upgrade was a long-term investment, the company wanted to work with leading manufacturers in the industry.  This would help ensure the solution would be coming from a viable and stable company with proven technology.

This company’s security infrastructure was managed by Symantec Managed Services (SMS).  The cutover and handover of the solution had to be coordinated with SMS so that the SMS support team was ready for the solution to be in place.  Because of this, there was a mandatory installation date to ensure that the company would not risk having an unmanaged solution in place for several days while SMS resources were organized.  The internal IT staff also needed to be trained on any new solutions in a timely fashion.

Solution

The company wanted to be able to inspect traffic at the edge of their network.  Sourcefire was the best fit for them because of their high rate of accuracy and their Real-time Network Awareness (RNA) feature.  Gigamon was used to aggregate network SPAN ports and to TAP into the 1G and 10G links between the core routers, giving visibility into all network traffic.  Gigamon then fed the traffic to the Sourcefire IPS and RNA sensors.  An additional benefit of the Gigamon solution was that it minimized the number of Sourcefire sensors required on the network.

Results

The Sourcefire IPS and RNA sensors provided maximum visibility into the current security posture of the environment.  The Sourcefire RNA process is configured to see the same traffic as the 3D sensor.  Over time, it creates a traffic profile of the data flow which allows the RNA process to determine which signatures should be enabled or disabled.  The RNA sensor has the ability to make management more proactive by automatically instructing the 3D sensor to apply these new signatures for protection. This allowed the customer to feel comfortable with rolling out new revenue generating services across their network.  

By deploying Gigamon, the customer was able to create a new “Data Access Network”, or DAN.  A DAN works by having data acquired from multiple SPAN ports or TAPs and multicast to multiple tools, aggregated to a few consolidated tools, and filtered or divided across many instances of the same tools.   This worked to simplify the deployment of the Sourcefire solution and also allowed for future ad hoc tools, such as network sniffers and VOIP analyzers, to be deployed without impact to the production network.  Gigamon was able to allow visibility into 1G and 10G network segments, which otherwise would have required more expensive Sourcefire sensors.