Casino Stacks the Deck with New IDS System

The Riviera Hotel & Casino in Las Vegas has to deal with more than its share of hacker attacks. To fight off these threats, IT administrators there recently went shopping for an IDS system.
The saying goes, 'What happens in Vegas, stays in Vegas'.

For the casino owners, though, the saying should be more along the lines of, 'What money they make in Vegas should stay in their bank accounts'.

So when computer hackers try to steal vital information out of the customer databases of the major Las Vegas hotels and casinos, it's a big concern. To combat the hackers -- and to keep their information and money in place -- the casinos have worked hard to develop sophisticated security systems.

The Riviera Hotel & Casino, for example, is one of them. The hotel, which will celebrate its golden anniversary next year, has more than 2,000 guest rooms.

Like most other businesses of any significant size, the Riviera was subject to a wide range of attacks from purveyors of malicious code. But being a player in the glaring lights of Las Vegas, draws even more attention from the blackhat crowd.

''We're being constantly attacked,'' says Tim Wilbur, network security specialist with the Riviera.

The company recently decided to shop for an intrusion detection system (IDS) to better identify and manage the threats. The Riveria's security staff had been monitoring attacks by ''drudging'' through firewall logs, watching the network for traffic spikes and trying to monitor the network infrastructure.

''But we wanted to take the guesswork out of our security approach,'' says Wilbur. ''I wanted to know the when's, where's, how's and how often.''

The staff decided to look at a few alternatives for intrusion detection solutions. They considered a product from Recourse Technology, but after Symantec acquired that company, the Riviera staff detected a dropoff in customer service and got turned off. They also looked at the Snort open source software, and its GUI with log consolidation. But in the end, the team decided on Sentivist from NFR Security.

''Ultimately, we went with NFR based on price and product,'' Wilbur says. ''NFR offered more information in a consolidated way for less money. The level of detection was more in-depth and provided more information, including information about 'false positive' situations and a reference guide with information on suggested corrective actions.''

The implementation required a ''crash course in Linux,'' since Sentivist uses a hardened Linux OS within its appliance. That, however, did not prove to be much of a stumbling block for the Riviera team. The product has met the IT team's expectations, and they report a positive experience.

''The Riviera is not just a hotel. It is in the gaming industry,'' says Andre Yee, CEO of NFR. ''So there are many credit card transactions in their environment, and other confidential financial information related to clients and guests. They all need to be protected, and a firewall is not enough. A skillful attacker can circumvent a firewall.''

NFR differentiates on its use of both protocol anomaly detection and signature pattern matching, in a hybrid approach. The product is priced at $11,000 for 100Mbps throughput, to $22,000 for 1Gbps throughput.

The biggest trend in the IDS market is the move to intrusion prevention, says Andrew Braunberg, senior analyst for information security with Current Analysis, an industry research firm based in Sterling, Va.

These competitors, in addition to NFR in the IDS market, include Cisco Systems, Inc., ISS, Inc., Network Associates Technology, Inc., and Symantec Corp. NFR does have plans to move into intrusion prevention in the second half of this year.

''It has interesting technical advantages,'' says CEO Yee. ''Many security administrators are not comfortable putting an appliance in line, so we put in a mechanism that allows customers to calibrate the risk of dropping legitimate traffic.''

A key trend is the ability to reduce false positives and prioritize threats, says Braunberg of Current Analysis.

''If you have vulnerability assessment data married to threat management data, that allows you to prioritize what the really important threats are to the network at any one time,'' Braunberg says. ''That is what an effective IPS does, theoretically. And all these companies are looking at that.''

The Riviera's Wilbur offers some advice about the search for an IDS implementation: ''Product demonstrations are absolutely necessary. Intrusion detection can become very labor intensive due to the amount of information passing through the lines today. In my case, consolidation and explanation was key.''

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.