Monday, July 22, 2024

Casino Stacks the Deck with New IDS System

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The saying goes, ‘What happens in Vegas, stays in Vegas’.

For the casino owners, though, the saying should be more along the lines

of, ‘What money they make in Vegas should stay in their bank accounts’.

So when computer hackers try to steal vital information out of the

customer databases of the major Las Vegas hotels and casinos, it’s a big

concern. To combat the hackers — and to keep their information and

money in place — the casinos have worked hard to develop sophisticated

security systems.

The Riviera Hotel & Casino, for example, is one of them. The hotel,

which will celebrate its golden anniversary next year, has more than

2,000 guest rooms.

Like most other businesses of any significant size, the Riviera was

subject to a wide range of attacks from purveyors of malicious

code. But being a player in the glaring lights of Las Vegas, draws even more attention from the blackhat crowd.

”We’re being constantly attacked,” says Tim Wilbur, network

security specialist with the Riviera.

The company recently decided to shop for an intrusion detection system

(IDS) to better identify and manage the threats. The Riveria’s security

staff had been monitoring attacks by ”drudging” through firewall logs,

watching the network for traffic spikes and trying to monitor the

network infrastructure.

”But we wanted to take the guesswork out of our security approach,”

says Wilbur. ”I wanted to know the when’s, where’s, how’s and how


The staff decided to look at a few alternatives for intrusion detection

solutions. They considered a product from Recourse Technology, but after

Symantec acquired that company, the Riviera staff detected a dropoff in

customer service and got turned off. They also looked at the Snort open

source software, and its GUI with log consolidation. But in the end, the

team decided on Sentivist from NFR Security.

”Ultimately, we went with NFR based on price and product,” Wilbur

says. ”NFR offered more information in a consolidated way for less

money. The level of detection was more in-depth and provided more

information, including information about ‘false positive’ situations and

a reference guide with information on suggested corrective actions.”

The implementation required a ”crash course in Linux,” since Sentivist

uses a hardened Linux OS within its appliance. That, however, did not

prove to be much of a stumbling block for the Riviera team. The product

has met the IT team’s expectations, and they report a positive


”The Riviera is not just a hotel. It is in the gaming industry,” says

Andre Yee, CEO of NFR. ”So there are many credit card transactions in

their environment, and other confidential financial information related

to clients and guests. They all need to be protected, and a firewall is

not enough. A skillful attacker can circumvent a firewall.”

NFR differentiates on its use of both protocol anomaly detection and

signature pattern matching, in a hybrid approach. The product is priced

at $11,000 for 100Mbps throughput, to $22,000 for 1Gbps throughput.

The biggest trend in the IDS market is the move to intrusion prevention,

says Andrew Braunberg, senior analyst for information security with

Current Analysis, an industry research firm based in Sterling, Va.

These competitors, in addition to NFR in the IDS market, include Cisco

Systems, Inc., ISS, Inc., Network Associates Technology, Inc., and

Symantec Corp. NFR does have plans to move into intrusion prevention in

the second half of this year.

”It has interesting technical advantages,” says CEO Yee. ”Many

security administrators are not comfortable putting an appliance in

line, so we put in a mechanism that allows customers to calibrate the

risk of dropping legitimate traffic.”

A key trend is the ability to reduce false positives and prioritize

threats, says Braunberg of Current Analysis.

”If you have vulnerability assessment data married to threat management

data, that allows you to prioritize what the really important threats

are to the network at any one time,” Braunberg says. ”That is what an

effective IPS does, theoretically. And all these companies are looking

at that.”

The Riviera’s Wilbur offers some advice about the search for an IDS

implementation: ”Product demonstrations are absolutely necessary.

Intrusion detection can become very labor intensive due to the amount of

information passing through the lines today. In my case, consolidation

and explanation was key.”

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles