Mainova AG, formed as a result of the 1998 merger between Stadtwerke Frankfurt am Main GmbH and Maingas AG, provides the Rhine-Main region with a reliable supply of environmentally friendly electricity, natural gas, heat, and water. The organisation develops innovative supply strategies, advises its customers on saving energy, and operates ultra-modern power plants.
Widely dispersed network
Mainova AG’s IT department provides services to organisations including the Stadtwerke Frankfurt am Main Holding GmbH, the VGF (Frankfurt’s transport authority), and the BBF (Frankfurt’s swimming-pool operating authority). One of its functions is to run the entire network, parts of which are located across different buildings. One of the important issues it faces is network security when handling customer service online, so Mainova AG’s IT department is tasked with securing all email traffic and web interactions with customers. The network’s security strategy spans the websites of the Stadtwerke holding company and the transport company for the Main metropolitan area, plus all the relevant available services. These include online forms, downloadable information brochures, transport timetable information, online ticket sales, and options to view meter readings and alter banking details. Power stations and other various complex premises also form part of the network. The whole network, which can be accessed by 3,000 employees, comprises two IT centres, the network infrastructure of about 80 buildings, and about 300 servers.
In 2004, Mainova AG’s IT department was faced with the task of installing a new security solution for the entire network. The system had to provide protection for the intranet and Internet, so a modern intrusion detection system (IDS) and intrusion prevention system (IPS) had to be installed. The previous solution, in place since 2000, would have required extensive updating, and the maintenance agreement for the existing IDS/IPS was due to expire. There were also problems in interpreting the logs that were provided and with setting system parameters. The aim was to eliminate these problems, because a network of this size produces around 60,000 logs per day. With the old system, the IT staff was unable to filter log reports using its own criteria, or to sort or order them by event type. When setting parameters, there was no way of configuring exceptions, for example, so that logs might be ignored if they were classified as false alarms or irrelevant messages.
Appliance-based solution selected
When possible alternatives came to be evaluated, the debate centred around the existing software supplier’s follow-up solution, an outsourcing solution, and a McAfee proposal. A server was installed on the Mainova AG premises to run two tests to assess both in-house solutions. One disadvantage of outsourcing was the fact that it was undesirable for such a vital issue as security to be handled externally. The cost argument also went against the outsourcing option—the proposed annual outsourcing charge was substantially higher than the cost of procuring the McAfee solution and paying for annual support. Once the test results were analysed, the decision was made to implement an appliance-based solution from McAfee.
The solution designed for Mainova AG is based on two McAfee Network Security Platform I-2600 (formerly McAfee Intrushield® 2600) sensor appliances and the McAfee Network Security Manager (formerly McAfee IntruShield® Security Manager). McAfee Network Security Platform I-2600 is a powerful, flexible sensor-appliance solution for corporate networks’ feeder areas. The system enables companies to cost-effectively integrate an IPS into networks with diverse locations. The protective shield, which uses patented recognition procedures, secures the network resources and infrastructure against the full spectrum of currently known viruses and zero-day and denial of service (DoS) attacks. The McAfee Network Security Platform I-1600 system includes an extensive range of integrated security management functions. The system thus considerably simplifies and accelerates the complex tasks that occur with older IDS when administering configuration and guidelines, handling threats, and providing adequate defence. The new IPS works using patented procedures that enable threats to be precisely and fully identified and repelled in real time. McAfee’s appliances are deployed at various critical points in the corporate network and act as sensors that transmit information to the main management server and receive updates from it.
Easy integration, rapid problem-solving
McAfee integrated the solution for Mainova AG, a process which took two days, or 16 person-hours. Another half-day was required afterwards to set the necessary parameters. The log volume from the practical test was studied to find indications as to how to set effective parameters. After two weeks of training for the administration team and once the definitive parameters had been set, the security solution was taken live. Its extreme efficiency immediately made a positive impression. All that was required was to remedy some minor MySQL database problems where inconsistencies were identified with logs and configurations in the management system. But to date all these problems have been rapidly solved using McAfee’s online tutorial portal, McAfee KnowledgeBase.
The appliance solution has dispensed with the need for labour-intensive operating-system tuning and for administering patches for sensors at multiple separate sites. All threats are precisely identified and blocked in real time. The new security solution has brought significant time savings. Only three of the 160 staff in Mainova AG’s IT department work on monitoring the IDS/IPS solution. Automatic signature updating is highly reliable. “The key benefits of McAfee’s solution are that any virus spread via IP connections becomes visible very quickly, and that the use of messenger services like Yahoo can be blocked at individual workplaces,” explains Klaus Dieter Hollstein, Head of IT Infrastructure at Mainova AG.
Complete protection for the entire network
Using plug-and-play-capable sensor appliances and centralised, web-based monitoring and policy management, Mainova AG’s entire network was given complete protection at a low operating cost. Full transparency when monitoring network traffic is the key strength of this customised IDS/IPS solution from McAfee. Another vital factor is its high degree of scalability, which is particularly beneficial with a large installation such as that at Mainova AG. The company’s overall positive experiences have also persuaded Mainova AG to take the decision to install McAfee VirusScan® Enterprise on terminals. Mainova AG is also talking about securing individual PC workplaces using McAfee Host Intrusion Prevention.