A denial-of-service attack that almost felled the company firewall prompted Steven Waters, vice president of systems at financial services company Cannex Financial Exchanges Ltd., to evaluate intrusion prevention technology.
Cannexs Toronto office, where Waters is based, has 13 employees, about half of whom are involved in automating data analysis. "Our core business is gathering daily volatile interest rates and metal fund prices in Canada, the United States, Australia and New Zealand," said Waters. "Our staff is focused on providing consolidated data feeds to financial institutions and online services such as the Money section of MSN and Intuit."
Last October, firewall logs at the company showed disturbing problems. "We noticed that the firewall utilization was up to about 75 to 80 percent, particularly during the initial Nachi worm outbreak," Waters said.
Waters said he originally looked at intrusion detection systems but found that they required more manpower than Cannex could dedicate.
In consultation with IT security company Access 2 Networks Inc., with which Cannex has worked for many years, Cannex decided to evaluate IPSes (intrusion prevention systems). However, the evaluation didnt get far because the first unit Waters looked at—TippingPoint Technologies Inc.s UnityOne-200—worked so well that the evaluation unit was left up and running.
"We had a brief look at some other products on the market, but we just saw that TippingPoint was yards ahead of anyone else," said Waters. (See eWEEK Labs review of TippingPoints UnityOne-1200.)
Cannex installed the UnityOne-200 inline and in front of the firewall to block attacks from the Internet and reduce the load on the firewall. With the appliance installed, firewall CPU utilization dropped to 5 to 10 percent, said Waters.
The UnityOne-200 has a 200M-bps throughput capacity and lists for $24,995. Cannex is paying Access 2 Networks $250 (Canadian) per month to maintain the system, along with $6,400 (Canadian) to TippingPoint for a Digital Vaccine update subscription, according to Waters. Cannex did not purchase the additional Security Management System because the company has only one UnityOne appliance to manage, he added.
Although Cannex found that the UnityOne-200 appliance worked well out of the box, IT staffers worked with Access 2 Networks to fine-tune filtering rules after off-hour tests showed that some desired traffic was being blocked. "One night, we put it in block all mode," said Waters. "That didnt work too well for us, so we spent some time with the consultants to tune the rules so that the IPS let through the traffic we needed."
Waters has recommended the UnityOne IPS to the Cannex office in New Zealand. On Waters wish list for the next version of the appliance is an automated method of downloading Digital Vaccines using TippingPoints Web-based Local Security Manager software.
The UnityOne does not help Cannex comply with any particular regulatory mandates, but, Waters said, "it does help us meet the service expectations of our customers, who need access to the data we provide."