For the law firm of Sonnenschein, Nath & Rosenthal, there was no catastrophic incident—no defaced Web site or data theft—that pushed IT administrators to a security crossroads.
For Adam Hansen, manager of IT security at the Chicago firm, the need for change came in a swelling, relentless wave of alerts and security events his staff could no longer prioritize or manage.
After mulling the typical choices of adding staff or farming out the work, Hansen opted for a more radical process overhaul that has since saved money and improved performance.
Hansen prioritized his security needs and decided that his top goal was to better correlate events from multiple sources with management technology that was included with the firms Nokia Corp. firewalls.
"What we did is not for everyone, but its an alternative to more staff or outsourcing that you should at least consider," said Hansen.
Hansen looked at IBMs Tivoli and Hewlett-Packard Co.s OpenView security management software but settled on Security Threat Manager from OpenService Inc. "It was the easiest to open and use, and it does a great job of identifying real security threats and alerting us in real time so we can respond quickly," said Hansen. "Instead of dealing with [duplicate events] buried in our logs because we have more than 100 devices, now we have one-stop monitoring and management for all our threats."
The choice has been the answer to a long-simmering problem at the law firm.
When Hansen joined Sonnenschein in 1998, the law firm had seven offices around the country. "Everybody had a desktop, and everything came through one office," he said. "Our job then was easier—making sure all desktops were compliant and our Internet policies were adhered to."
As the firm grew to nine U.S. offices and a staff that met with clients across the globe, communications became primarily e-mail-based. Staff members flocked to the Internet to conduct legal research, Hansen said. In the meantime, Sonnenscheins Web site was receiving more hits from clients, prospective clients and other parties. As Sonnenscheins Internet traffic increased exponentially, so did the number of potential firewall breaches, viruses, spam messages and other headaches.
Hansen had less time to address the security issue because his responsibilities were expanding as his employer grew. "We handle security violation investigations, crisis management, you name it," he said.
By last year, Hansen and his team were confronting as many as 9 million security events each day. "We kept running into issues—anti-virus infrastructure, assessment infrastructure, you name it. It came down to patch management most of the time," he said.
Compounding the problem, Hansens budget was growing, and his superiors viewed the costs related to his department with an increasingly critical eye. He was forced to think more like a business manager than an IT administrator. "You manage the top line and the bottom line just like any other department," Hansen said. "Everything else is ancillary. You want to add value to the company and cut costs."
Thus, the expense of hiring more staff was out of the question. Outsourcing seemed more attractive, so Hansen surveyed his peers and dutifully interviewed IT security vendors, looking for the perfect combination of price and service. None left Hansen satisfied. "It turns out they didnt have the tuning for a shop our size," Hansen said. "We were either too big or too small."