Patelco had the protection of intrusion detection systems that were logging tremendous volumes of information about attacks undertaken on its servers, so the problem was not a lack of effort. Rather, it was the ongoing problem of the false-positive alerts that were taking up the time of the IT security staff.
"We wanted a system that was a little smarter and easier," says John Shields, senior vice president of e-business with Patelco.
After an evaluation of several months, Patelco decided to try the IP360 vulnerability management appliance from nCircle, based on the product's ability to proactively discover and assess network vulnerabilities and assign ratings. These ratings enable Patelco's staff to focus on the highest vulnerability priorities, and the false positives have been virtually eliminated.
"We like how the IDS and the scanner work together," Shields says. "The scanner looks at the network and finds everything we have defined that it should look for. Then it finds the vulnerabilities of each device and based on what that is, you get a score. We use that to guide us in what to fix."
Patelco was considering hiring a full-time security person just to handle the alerts coming from the IDS, but the IP360 has saved them so much time that they have been able to avoid the new hire. The appliance resides on the network, receives software and vulnerability updates from nCircle automatically, and has had noticeable impact on network traffic.
An attached console is used to bring up activity reports, which are available at high summary levels for executives, and detailed device level for security administrators.
"Most successful attacks are launched against known vulnerabilities," says Fred Kost, vice president of marketing with nCircle. The IP360 combines a device profiler that finds IP accessible devices on the network and details information about each one, a VnE Manager that aggregates data for analysis, and a threat monitor that watches traffic going to the IP addresses for attacks.
Prices for complete system range from $38,000 to $66,000 based on the number of devices being monitored and threat monitors deployed.