Transend Secures its Data Center and Preserves Availability with McAfee

Transend Networks transports high voltage electricity from power stations to substations around the island of Tasmania, Australia's southernmost state. The company also provides specialist communications services to other members of the Tasmanian electricity supply industry and other external customers.

Support for Virtualization and Cloud Computing
High network availability is vitally important to Transend, and the company has always ensured that it is well protected 24/7. For 11 years, McAfee® products have been at the forefront of the company's security arsenal, with anti-virus software protecting its endpoints and intrusion prevention systems safeguarding its networks.

Transend knows that today's protection is tomorrow's vulnerability, and the company constantly keeps its security munitions up to date. Transend understands the importance of keeping the network itself technologically current, taking advantage of recent developments in fields such as cloud computing and virtualization. In the past few years, Transend has embraced cloud computing in a major way for cost-effective high availability. The company set up a pair of totally redundant data centers in the private cloud, either of which can be switched on at a moment's notice to provide service to the firm's corporate network. Complete redundancy helps achieve high availability. Redundancy and failover capabilities also make upgrading easier because the company can upgrade one data center and verify that it is working properly before upgrading the second, knowing that in the event of issues with the new device, it can always automatically switch to the old one in the other data center. Transend was the first company in Tasmania to fully virtualize its infrastructure, a move that brought substantial cost savings and flexibility advantages in meeting availability requirements.

When the firm introduces new technology, it must maintain the necessary level of security against cyberattacks. As the firm's IT Security Engineer Andrew Bain explains, "Staying at the cutting edge with our network architecture requires security solutions that are equally in tune with technology and fit well with the advances we have made," he says. "McAfee is one of the very few vendors that provides the virtual appliances we need for reaping the full benefits of our virtualized infrastructure. For example, we are in the process right now of replacing our old web gateways with McAfee Web Gateway devices, which are the only such products we could find that can work as virtualized appliances. That allows us to easily move them around as needed in the cloud, which means we only need one virtual device instead of two physical appliances. It also allows us flexibilities such as turning scanning on or off on the fly." The McAfee solution ensures that Transend has the protection, speed, and agility it needs to enhance business operations.

Optimal McAfee Network Security Platform Configuration from McAfee Professional Services
Concern for implementing state-of-the-art technology also drives Transend to stay completely current with its network intrusion prevention. The company is now on its third generation of the McAfee intrusion prevention system (IPS), McAfee Network Security Platform.

Transend's upgrade to McAfee Security Platform was driven, once again, by technological advances in its corporate IT infrastructure. "We had moved into the virtual world and [had] seen the benefits at the server level for virtualization, so we wanted to keep up to date with that at the physical layer," Bain states. "Also, we had moved to faster networks and wanted devices that were capable of gigabit speeds. McAfee Network Security Platforms fit the bill perfectly."

Transend deployed two McAfee Network Security Platform appliances, again, one per data center. To optimize the configuration, the firm engaged McAfee Professional Services. "We find that if we get a vendor to assist with an installation, it makes support that much easier," Bain explains. "That way the devices are configured the way the vendor expects them to be. The only catch is that sometimes vendors wind up taking their knowledge away with them, leaving our technical staff poorly equipped to deal with issues. But that was not the case with McAfee Professional Services. We are very happy with the documentation our McAfee consultants delivered at the end of the project, and we plan to continue using them to help with upgrades in the future."

Staying at the cutting edge with our network architecture requires security solutions that are equally in tune with technology and fit well with the advances we have made. McAfee is one of the very few vendors that provide the virtual appliances we need.

Andrew Bain
IT Security Engineer, Transend Networks

Protection at the Technological Edge
While McAfee Network Security Platform and McAfee Web Gateway do an excellent job of blocking many sources of malware, there is another source that skirts these layers—USB sticks that users plug into their endpoints. For this, Transend relies on its McAfee Total Protection for Endpoint suite. "From a pure security standpoint, we would like to ban USB sticks since they are responsible for 60 percent of the malware entering our network, but that is just not practical. They enable the business," states Bain. "Fortunately, the strong, up-to-date protection we get from McAfee Total Protection for Endpoint keeps the problem in check."

One step Transend recently took to keep that protection current was to add McAfee Host Intrusion Prevention to its McAfee Total Protection for Endpoint Suite. "We are very happy with the extra security that it provides for our users, especially the increased protection against zero-day vulnerability," reports Bain. "Zero-day vulnerability is probably our number one security concern, and, fortunately, McAfee does a lot to allay our concerns. We really like Artemis [McAfee Global Threat Intelligence] technology because with it our protection is no longer 48 hours old. With Artemis [McAfee Global Threat Intelligence], if McAfee knows about a threat and has protection from it, then we have protection from it too."

Fear of emerging, previously unknown sources of malware has driven Transend to favor whitelisting over blacklisting as a general approach to security. "Fortunately McAfee sees it the same way we do with its McAfee Application Control product," Bain continues. "Artemis [McAfee Global Threat Intelligence] is all well and good for machines that have Internet access, but we have dedicatedpurpose computers in the field that do not. Nothing is supposed to change on them for decades. We think McAfee Application Control is a good way to make sure nothing does, and so we are testing the product right now for possible deployment."

More Dimensions of Staying Completely Up to Date
Transend knows that attaining high availability 24/7 means more than having the right security products. It also means having support available without delay any time it is needed—and McAfee comes through in full on that front too. "It is a great comfort knowing we can pick up the phone at any time of the day or night and have immediate access to high quality technical help," Bain lauds. "We also have good relationships with our product managers at McAfee."

Staying technologically up to date has yet another dimension, as Bain explains: "We like to stay current on operating systems and applications, which right now means things like Microsoft Windows 7 and Microsoft Office 2000. It is frustrating when security vendors say we cannot do that because they do not provide support yet. Fortunately, that is not something we have to worry about with McAfee."

We always do thorough research and pick whatever is best for our network, but it generally turns out that McAfee products are best for our network. Whenever we have a new security need, McAfee is a pretty easy choice.

Andrew Bain
IT Security Engineer, Transend Networks

Cost Savings in Many Ways
Without a doubt, Transend’s virtualized, cloudbased IT infrastructure is a big cost saver, and McAfee support for these technologies is a key enabler. McAfee also helps keep costs low for the firm by centralizing management of all its security products from one console, McAfee ePO software. "I have been using [McAfee] ePO for so long now that I almost take it for granted," says Bain. "In fact, I went into a meeting recently where someone had to remind me that it is possible to manage desktop anti-virus without [McAfee] ePO. I was scared to think that one could or one would, but I guess some people do. [McAfee] ePO does so much for us, not just in managing protection but in keeping it current by performing incremental updates.

"We have an excellent relationship with McAfee in every respect," Bain summarizes in closing. "Both the people and the products keep coming through for us, helping us stay ahead of the game in protection and in IT infrastructure. We do not just automatically keep choosing McAfee. We always do thorough research and pick whatever is best for our network, but it generally turns out that McAfee products are best for our network. Whenever we have a new security need, McAfee is a pretty easy choice."

Transend Networks

Customer profile

Owner and operator of the electricity transmission system in Australia’s state of Tasmania

Industry

Utilities

IT environment

Transend's corporate network is completely virtual. It consists of two identical, fully redundant data centers in which physical servers host virtual servers in the cloud that serve 600 endpoints.

Challenges

Maintaining a high-availability network 24/7 is critically important to Transend

McAfee solution

  • McAfee Total Protection™ for Endpoint provides anti-virus and host intrusion prevention across the 600 endpoints
  • McAfee ePolicy Orchestrator® (McAfee ePO™) software centralizes security management
  • McAfee Network Security Platform protects against network intrusions
  • McAfee Web Gateway protects against malware entering the network from requested web pages
  • McAfee Professional Services optimized the McAfee Network Security Platform configuration

Results

  • Incident-free network protection with low false positive rate
  • Fit with virtualization and cloud computing approach, providing flexibility and cost savings
  • Up-to-date protection against emerging forms of malware (McAfee Global Threat Intelligence™)