IPS Unburdens Cannex Firewall

By Cameron Sturdevant  |  Posted 2004-03-29 Print this article Print

UnityOne helps financial services firm duck attacks.

A denial-of-service attack that almost felled the company firewall prompted Steven Waters, vice president of systems at financial services company Cannex Financial Exchanges Ltd., to evaluate intrusion prevention technology.

Cannexs Toronto office, where Waters is based, has 13 employees, about half of whom are involved in automating data analysis. "Our core business is gathering daily volatile interest rates and metal fund prices in Canada, the United States, Australia and New Zealand," said Waters. "Our staff is focused on providing consolidated data feeds to financial institutions and online services such as the Money section of MSN and Intuit."

Last October, firewall logs at the company showed disturbing problems. "We noticed that the firewall utilization was up to about 75 to 80 percent, particularly during the initial Nachi worm outbreak," Waters said.

Waters said he originally looked at intrusion detection systems but found that they required more manpower than Cannex could dedicate.

Case file

  • Company Cannex Financial Exchanges
  • Location Toronto
  • The issue Cannex needed to protect its network while allowing customers to access the consolidated financial information that Cannex collects and processes
  • The solution Deploy a network IPS in front of the company firewall to head off incoming attack traffic
  • Tools TippingPoint Technologies UnityOne-200
  • Whats next Recommend that Cannexs New Zealand office implement an IPS

    Source: eWEEK reporting
  • In consultation with IT security company Access 2 Networks Inc., with which Cannex has worked for many years, Cannex decided to evaluate IPSes (intrusion prevention systems). However, the evaluation didnt get far because the first unit Waters looked at—TippingPoint Technologies Inc.s UnityOne-200—worked so well that the evaluation unit was left up and running.

    "We had a brief look at some other products on the market, but we just saw that TippingPoint was yards ahead of anyone else," said Waters. (See eWEEK Labs review of TippingPoints UnityOne-1200.)

    Cannex installed the UnityOne-200 inline and in front of the firewall to block attacks from the Internet and reduce the load on the firewall. With the appliance installed, firewall CPU utilization dropped to 5 to 10 percent, said Waters.

    The UnityOne-200 has a 200M-bps throughput capacity and lists for $24,995. Cannex is paying Access 2 Networks $250 (Canadian) per month to maintain the system, along with $6,400 (Canadian) to TippingPoint for a Digital Vaccine update subscription, according to Waters. Cannex did not purchase the additional Security Management System because the company has only one UnityOne appliance to manage, he added.

    Although Cannex found that the UnityOne-200 appliance worked well out of the box, IT staffers worked with Access 2 Networks to fine-tune filtering rules after off-hour tests showed that some desired traffic was being blocked. "One night, we put it in block all mode," said Waters. "That didnt work too well for us, so we spent some time with the consultants to tune the rules so that the IPS let through the traffic we needed."

    Waters has recommended the UnityOne IPS to the Cannex office in New Zealand. On Waters wish list for the next version of the appliance is an automated method of downloading Digital Vaccines using TippingPoints Web-based Local Security Manager software.

    The UnityOne does not help Cannex comply with any particular regulatory mandates, but, Waters said, "it does help us meet the service expectations of our customers, who need access to the data we provide."

    Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at cameron.sturdevant@quinstreet.com.

    Submit a Comment

    Loading Comments...
    Manage your Newsletters: Login   Register My Newsletters

    Rocket Fuel