Mining SIM

Security information management helps the Mine Safety and Health Administration boost its security score from F to B.

Introduction WINNERS BY INDUSTRY Education | Financial services | Government | Healthcare | Manufacturing | Transportation | Hospitality | More WINNERS BY TECHNOLOGY Applications | Convergence | E-commerce | Management | Security | Servers | Storage | WAN | Wireless John Gallant on being an All-Star

In late 2004, a version of the Welchia worm hit the Mine Safety and Health Administration network, its ping of death disabling 17 remote offices in an hour. That's when George Fesak knew he had made the right decision to invest in security information management (SIM).

"It took less than three hours to block the Welchia traffic, quarantine the 298 infected machines and restore connections to our 17 field offices," says Fesak, who is director for Program Evaluation and Information Resources (PEIR) at MSHA, a U.S. Department of Labor (DOL) agency in Arlington, Va. "Right there was the ROI. I remember when ILOVEU tore through here without SIM in place. It took us four or five days to get our people back to work."

Using netForensics' nFX Open Security Platform, MSHA security engineers and network administrators can see security events as they unfold, changing security configurations. The system integrated with MSHA's intrusion-detection systems, firewalls, routers and SSL VPN devices to take network event information for analysis and correlation. Using nFX wizards to create agents for MSHA's critical business servers, administrators created role-based connectivity for departments requiring access. In this way, the security, operations and applications groups can get correlated intelligence on the gathered data as needed.

Fesak credits much of MSHA's success to Syed Hafeez, information systems security officer for the agency. Since 2001, Hafeez has worked with the organizational business units to raise awareness and involve the business in structural security upgrades. In March 2003, Hafeez undertook the SIM project, completing Phase I (security device integration) and Phase II (server integration) in October that year.

SIM has had a major impact on MSHA's security ratings. Less than one year into the deployment, MSHA's security score within DOL increased to an "all green." This in turn contributed to the DOL's overall Federal Computer Security Compliance Scorecard grade, issued by the Office of Management and Budget, rising from F to B. The effort also lifted MSHA's security scores from low to one of the best at the agency level using that scorecard, says Jay Mattos, MSHA's deputy director.

"This project honed in on being able to supply security awareness at multiple technical and business levels in real time, without an entire SOC [security operations center] infrastructure added on," Hafeez says. "Now, security, operations and application groups have a comprehensive view of security data in any configuration they need."