For One US Public Utility District, Security Starts at the Corporate Perimeter

American public utilities are chartered with providing clean, affordable power to the communities they serve. Their mission is made more complex when the internal IT department has to balance the security needs of critical infrastructure networks with the productivity requirements of internal users. Even though protecting the utility grid isn’t part of his job description, the Network Systems and Security Supervisor of a major American Public Utility District (PUD) knows that hackers are targeting his corporate network as a possible penetration point into the critical infrastructure system.

Protecting critical infrastructure without impacting user efficiency
Public utilities around the country need to provide strong security in order to protect sensitive data and critical assets. But at the same time, users need to have productive and efficient tools in order to do their jobs. What keeps PUD IT Security professionals up at night is making sure that the balancing act works for both the company and its workers. “Users can be very resistant to changing the way they use systems and applications. What we’ve tried to stress in our awareness training is that our security measures are designed to protect them, as well as our company,” says the spokesperson of a major PUD. “This positioning helps our employees understand that security isn’t just about IT saying NO to everything... it’s about allowing them to operate the way they want to, but without the risks. And, let’s face it. While I’m worried about all types of threats, the biggest one is from insiders. It doesn’t matter whether the threat comes from someone with malicious intent or someone just inadvertently hitting the wrong button at the wrong time,” he concludes.

"McAfee does the job with less overhead, less administration, at a lower cost, and with better support."

Network Administrator, Large Public Utility District

Fast, flexible and reliable solutions
Despite the difficulty of balancing security with productivity, this PUD has been successful on several fronts. Understanding the inherent insecurity of passwords, the PUD implemented a strong two-factor authentication token from McAfee’s Network Security Business Unit (formerly SecureComputing). While users were initially resistant, they found it easy to use and appreciated the additional protection it provides for their own personal identities and business needs. On the email side, the PUD implemented McAfee Email Gateway (IronMail). The PUD network supervisor believes that the McAfee Email Gateway facilitates even greater productivity for the PUD than the two-factor tokens. By eliminating 30,000-50,000 unwanted email messages a day, users don’t have to spend time deleting spam from their inboxes; email administrators don’t have to buy additional servers to process increased mail volumes; the Exchange server has less to process; spam messages don’t have to be archived; and security is higher.

Recognizing that perimeter security is paramount, the PUD selected McAfee Secure Firewall Enterprise Edition (Sidewinder) to sit between its corporate IT network and the Internet, as well as between the corporate IT network and the control network. This doubles the protection for the control network and still allows users to go where they want to on the Internet without introducing malware and threats. McAfee Firewall Enterprise Edition’s high availability, processing and scanning performance are all “top notch” and packets get processed as fast as the wire can handle them. “As we already used McAfee Firewall Enterprise Edition on the IT side, putting it on the control network as well was an easy choice. We already knew the product well and loved the security, the administration and the support. I know that in the middle of the night, I can call someone and they actually help,” says the network administrator.

The PUD’s network administrator also has advice for his peers: “Don’t be afraid of segmentation. It’s actually a good thing. Segment as much as necessary and let your network topology and corporate requirements dictate how to deploy the security. Also, I recommend listening to your peers above salespeople. You should seek out those companies and products that are already working successfully at other companies like yours. And, make the vendors prove their claims. Make sure the sales pitch matches reality.”

Measurable success and ease of use
The network administrator is satisfied with the results of both the McAfee Firewall Enterprise Edition and the McAfee Email Gateway. Malware and spam have been blocked with over 99% success rates. As packet inspection is not enough, the McAfee Firewall Enterprise Edition has provided effective security above layer 6. Finally, the robust performance, reasonable cost, and the ease of both implementation and administration are a winning combination for the PUD. The network administrator concludes, “McAfee does the job with less overhead, less administration, at a lower cost, and with better support.”

Public Utility District, United States

Customer profile

A large public utility district in the United States

Industry

Power

IT environment

Critical infrastructure networks; productivity requirements of internal users

Challenges

Protect critical infrastructure from inside and outside threats; provide users with flexible and efficient tools; provide strong security that doesn’t jeopardize reliability and performance; create infrastructure that is easy to implement and administer; use defense-in-depth concepts to protect against email and network threats

McAfee solution

  • McAfee Email Gateway (IronMail)
  • McAfee Firewall Enterprise Edition (Sidewinder)

Results

  • Prevents 30,000 – 50,000 unwanted emails from entering the network each day
  • Increases user productivity without jeopardizing security
  • Provides strong security for both corporate IT and critical infrastructure networks
  • Protects against blended Internet and insider threats
  • Improves efficiency for IT department with less administration, lower overhead and reduced costs