Calpine, an independent power producer with 102 sites across the country, is required to conduct network compliance audits for regulators. Nearly a year ago, however, Calpines infrastructure engineering manager, Sean Curry, realized there was way too much firewall data for his team to track.
"Each of our six firewalls were generating 60GB of log data, about 2,200 events per second per day," Curry said. "Wed lock it to the Unix server to flat file, and then wed compress it and roll it off. We had to sift through terabytes of data, and we couldnt file a report for two weeks. That wasnt good enough. We couldnt see anything in those logs even though we had the data."
Curry said that he and his IT staff could have created a solution in-house. But Calpines IT department has a policy to treat information technology as a commodity and seek outside help whenever possible.
"If someone outside the company has expertise that could help us solve a problem, we dont want to reinvent the wheel," Curry said. "If its not an industry-specific technology problem—and this was more of a common technology problem—we dont want to solve the problem over and over."
Curry collaborated with Todd Wiederstein, an account manager at Accudata Systems Inc., a Houston-based data solutions company, and purchased a Network Intelligence Corp. Network Intelligence Engine HA appliance. Curry said he chose Accudata over several solutions integrators for two reasons. First, Accudata offered a sound solution to Calpines problem. Second, and just as important, Curry and his staff had worked with Accudata on previous projects and were comfortable with the company.
"We knew they did good work, and we had worked well together in the past," Curry said.
Network Intelligences Engine HA provided a cost-effective solution that collected and managed the firewall data and allowed Curry to quickly create meaningful network usage reports.
"Calpine had a tremendous amount of reportable data, but the reporting module wasnt digested," said Wiederstein. "It was like an entire phone book that was out of order. With the Network Intelligence box, you can identify the most important aspects of the data. If theres an attempt to log in to your network by a hacker, it wont go unnoticed."
Curry manages security, networking and applications for Calpine, which is based in San Jose, Calif. The company produces and sells power to major energy consumers, such as oil refineries and large retailers.
To manage 60GB of log data each day, Curry and his team would compress the data every other night and then erase it on a weekly basis. This placed a huge strain on company IT resources and was at odds with security and compliance best practices. Curry was even unable to produce acceptable-use reports to show what Calpine employees were viewing on the Internet.
"Wed conduct internal audits, and wed get hit for not analyzing the information," said Curry. "For example, we never knew whether the database administrators were abusing their network privileges."
To appease external auditors, Calpine would hire five or six system administrators on a six-month contract to pull and read the log data. At $65 per hour per administrator, the costs added up for Currys department. And when the Northeastern portion of the United States experienced a power blackout a few years back, auditors subsequently required Calpine to file a report that Curry admits provided no insight.
"We had no analysis on the data," Curry said. "We just provided raw data. They werent too pleased." Thats when Curry said he decided to make a change.