Royal Caribbean is a global cruise vacation company that operates Royal Caribbean International, Celebrity Cruises, Pullmantur, Azamara Cruises, and CDF Croisières de France. It has 30 ships in service and also offers land-tour vacations in Alaska, Asia, Australia, Canada, Europe, Latin and South America, and New Zealand.
The company strives to continually improve its shoreside and shipboard technologies to keep pace with business demands and to meet client expectations. Over the past decade, there’s also been a dramatic increase in the volume and importance of critical business information that must be protected and managed in support of revenue and cost-containment initiatives. As a result, hardening Royal Caribbean Cruises' intrusion defenses became a top priority.
Ship to shore
On the fleet, Royal Caribbean Cruises hosts iCafes (Internet cafes) available for passengers and crew. The shoreside offices house a broad Internet-facing presence as well as ship-to-shore corporate traffic for the fleet. With 24/7 inbound and outbound Internet traffic, e-commerce and online business partners, and growing network interconnectivity among office locations, the company identified multiple points where network traffic inspection and attack mitigation made sense.
“We have firewalls in our environment and they do what firewalls are good at — allowing or denying traffic based on protocol, source, destination IP address, and port,” explains Michael Pella, Royal Caribbean Cruises senior information security engineer. “But we needed devices that could look deeper into the traffic and at the higher layers identifying and mitigating application layer attacks, malware, malicious traffic, and policy violations.”
Pella recognized that over the last several years, malicious activity had steadily shifted higher up the stack, using common ports such as 25, 53, and 80, which traditionally carry authorized, non-malicious network traffic. For example, SMTP (email) uses port 25 and web traffic, port 80. But today, malware, data leaks, and unauthorized communications are also tunneled over those and other well-known ports. Royal Caribbean Cruises needed additional visibility and mitigation capability to deal with those threats effectively. The company also wanted further coverage for testing and deployment during the first critical hours and days after a new security patch release.
“When software vendors release critical security patches, it takes time to test and apply those patches,” Pella says. “With an inline IPS, we have the capability to monitor for new threats and enable mitigation in short order, while our other teams are in the process of testing and implementing the patches. We gain the additional coverage during that critical window.”
McAfee wins the “bake-off”
“We had a previous IPS solution,” explains Pella. “But it was an earlier technology. The market had matured, so it was worth a fresh look at the top IPS vendors out there. We did our due diligence and it eventually boiled down to a proof of concept and bake-off with the finalists. Based on multiple factors and criteria, we chose McAfee’s Network Security Platform.”
When Royal Caribbean Cruises engineers were evaluating vendor proof of concepts, one of the unique requirements concerned ship fleet deployments and the potential impact of IPS centralized management and support over high-latency/low-bandwidth satellite communications.
"With Network Security Platform, we’ve substantially lowered risk over our previous solution and have been able to gain overall security visibility and mitigation, and precious time and coverage during those critical patch cycle windows."Michael Pella
Senior Information Security Engineer, Royal Caribbean Cruises
“We needed to ensure that the management, alerting, and support traffic over satellite to our remote IPSs would be as efficient as possible,” remarks Pella. “And this was a definite strong point of the McAfee Network Security Platform. It uses bandwidth very efficiently, which distinguishes it from other IPS products. Also, the ability to Secure Shell [SSH] into the sensors for command-line access was an additional low-overhead and reliable management feature we were looking for.”
An appliance—not just software
McAfee Network Security Platform (formerly McAfee IntruShield Network Intrusion Prevention System) won accolades as a purpose-built appliance with excellent redundancy.
“We always intended an inline deployment and we really liked the fact that Network Security Platform was not an off-the-shelf server loaded with a general-purpose operating system and a software solution,” says Pella. “We also liked its redundancy capabilities and the fact that if needed in an extreme situation, total power loss could be configured to fail-open with no damage to the appliance. We’ve never had to use it, but it was an important fail-safe contingency for us and the onboard staff since the IPS would be deployed on vessels half way around the world.”
Pella’s team also appreciated the depth and variety of Network Security Platform’s signature coverage, especially tested, out-of-the-box signatures set to block by default. Network Security Platform also delivered anomaly and DOS mitigation, granular policies and virtual policies, packet capture, and the ability to apply a simple ACL to the appliance or import SSL certificates for visibility into attacks on their secure corporate websites.
“As is often the case when validating a new potential threat, it is nice to be able to easily launch Wireshark right from the Alert view and examine at the raw packet level to quickly verify what is really going on,” Pella points out.
A phased deployment
Over 12 months, Royal Caribbean Cruises deployed Network Security Platform appliances shoreside, where it protects corporate, Internet-facing infrastructure, outbound traffic, and internal segmented secure environments. Royal Caribbean Cruises then deployed the appliances on its Celebrity fleet and on the newer Royal ships, with plans to eventually roll out to all cruise vessels.
“With Network Security Platform, we’ve substantially lowered risk over our previous solution and have been able to gain overall security visibility and mitigation, and precious time and coverage during those critical patch cycle windows,” Pella concludes.
“We’re definitely expanding our portfolio of new ships and part of that process is ensuring that the security infrastructure is built in,” adds Greg Martin, Royal Caribbean Cruises enterprise architect. “We’re enhancing the integration of our security products and beginning to look at the endpoint. That’s the next step.”