Alcatel-Lucent Shanghai Bell Co. Ltd. (hereinafter referred to as ASB) is the world’s leading provider of communications solutions that comprise end-to-end product lines encompassing the fixed-line, mobile and dedicated communication network markets. With Bell Labs Research China and several leading international research centres at its disposal, ASB can fully leverage Alcatel-Lucent’s available technical resources worldwide to develop unique technologies for serving both its Chinese clients and Alcatel-Lucent’s global customers. Equipped with a world-class manufacturing platform as well as sales and service networks across China and in more than 50 countries, the company is the global flagship of Alcatel-Lucent that integrates research and development, an industrial supply chain and an information technology service centre.
The Growing Prevalence of Virus Attacks Poses a Threat to ASB’s Networks
As ASB has branches in many cities across China, the workloads undertaken by the company’s information security and network departments are extremely heavy: they not only have to reduce pressure on the company’s network operations and maintenance resources by ensuring normal network operations, but also provide support for, among others, the increasingly complex business processes and remote collaboration. Personnel deployment in the company is highly streamlined, where the entire network department is staffed by less than ten people, and the IT security department is only staffed by a few people. At the same time, due to the vast network distributed across the various branches, the network department of ASB urgently requires a comprehensive monitoring network, to gain deeper insights into the different threats and to provide complete protection to critical business systems such as the data centre.
According to James Jiang, the Information Security Officer at ASB, “Given that security threats are getting increasingly complex and pervasive, the question of how to secure network infrastructure and information with limited resources is a pressing issue that we need to address.”
ASB’s Safety Requirements
As an information technology company, ASB was highly selective in its choice of security vendors. McAfee, with a good reputation in the industry, was noticed. Owing to the positive results achieved during the existing deployment of several McAfee products purchased by the company’s information security department, McAfee’s products emerged as the most preferred choice when the network department was deciding which intrusion prevention system (IPS) to use. It was only after having undergone rigorous assessments that the network department decided on McAfee’s IPS security solution.
McAfee Deploys Network Security Platform for ASB
After carrying out a site survey to obtain an in-depth understanding of its security requirements and existing security products, McAfee’s security experts deployed the McAfee Network Security Platform (NSP) for ASB. McAfee NSP, being the industry’s most advanced and proven intrusion prevention system (IPS), delivers knowledge-driven security that is integrated, automated and actionable. It is the only product in its class that combines both network and system security infrastructures, for securing 100 Mbps to 10 Gbps corporate networks against threats and attacks.
Comprehensive Network Protection
Backed by McAfee’s Global Threat Intelligence (GTI) system, this platform is capable of performing realtime malware detection (through File Reputation) as well as reputation and identity analysis (through Network Connection Reputation), to detect and protect against new threats. These dynamic updates ensure that the latest security protection is continuously made available. At the same time, with the availability of McAfee’s excellent centralised management platform ePolicy Orchestrator (ePO), whenever NSP detects a problem (e.g. a host terminal becoming a Botnet host), you can use McAfee ePO to identify the affected system quickly and take the necessary, corresponding measures, as well as view host data, including detailed prevention-related information such as IPS and malware prevention events of the key hosts.
“Most importantly, McAfee’s solution has helped us minimise the risk of business disruption.”James Jiang
Information Security Officer, Alcatel-Lucent Shanghai Bell
Network-Class Platform with Multi-Gigabit Performance
McAfee NSP is the only IPS to hold the NSS Group’s Multi-Gigabit IPS certification, offering up to 10 Gbps performance with the highest port density on the market.
ASB’s deployment of McAfee NSP was based on its unique VLAN Bridge method, where the virtual serial ports of the IPS devices are deployed at the distribution layer, thereby resolving the security issues caused by internal threats such as worm propagation between access layer switches.
McAfee Solution Yielded Remarkable Results
Ensuring Network Safety
According to the feedbacks from ASB’s IT department, McAfee NSP’s effective monitoring of network traffic has helped to minimise the risk of business disruption. The company is now able to ensure network safety, apart from ensuring the proper high-speed operations of the various research and development centres and laboratories, and this has significantly reduced the risk of unauthorised devices infiltrating the security framework. James Jiang, the company’s Information Security Officer, said frankly that, “most importantly, this solution has helped us minimise the risk of business disruption. McAfee NSP can help us effectively monitor all traffic passing through the network and intercept any harmful traffic.”
In addition, McAfee NSP’s premier prevention system has significantly reduced the number of false reports or alarms and simplified the process of managing Intrusion Prevention System signatures. With Network Security Platform, ASB’s IT department has been able to ensure safe operations of the company’s network almost without adding any workload to its staff or incurring additional operating and maintenance costs.
Effective Integration Leads to Better Control
Every single McAfee product is packed with impressive features. According to James Jiang, “Integration is currently the most strategic trend, and McAfee’s products are capable of achieving seamless integration. In the area of network security, other than Network Security Platform, we have also deployed McAfee Vulnerability Manager for scanning vulnerabilities and McAfee Network Threat Behavior Analysis for analysing network behaviour. Furthermore, in the area of data protection, we have deployed McAfee Host Data Loss Prevention and McAfee Device Control.” McAfee Vulnerability Manager is not merely a network-based scanner. It can integrate vulnerability assessment, asset data, prevention measures and other information and establish task priorities, to assist users in making quick and informed decisions. Through imposing control on USB devices, McAfee Device Control ensures that only authorised removable disks are allowed to use the host terminals, thereby ensuring compliance and reducing the risk of data loss.
James Jiang concluded: “The integrated solution from McAfee brings about efficiency benefits, which helped us cut back on the total cost of ownership significantly. Although the solution requires a certain amount of investment, but this is insignificant as compared to the cost of business disruption.”
Simpifying Operations and Saving Operating and Maintenance Costs
ASB installed and deployed a large number of McAfee products. With regard to this, James Jiang pointed out that “these products provide our networks with comprehensive protection.” According to him, ePO, McAfee’s centralised management platform, is the reason why they could manage so many applications with so few staff. He concluded: “This control console allows us to manage all McAfee products in one central location. At the same time, it can implement every single change without affecting business operations or changing user environments, and this greatly simplifies the deployment of the new solution. If not for McAfee’s centralised management platform, I am afraid our IT administrators would never be able to undertake such a heavy workload.”
Increasing number of Internet hacking attacks
While ensuring network security, there should not be additional operating and maintenance workload for the IT and network departments