- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
![]() |
||||
|
In late 2004, a version of the Welchia worm hit the Mine Safety and Health Administration network, its ping of death disabling 17 remote offices in an hour. That's when George Fesak knew he had made the right decision to invest in security information management (SIM).
"It took less than three hours to block the Welchia traffic, quarantine the 298 infected machines and restore connections to our 17 field offices," says Fesak, who is director for Program Evaluation and Information Resources (PEIR) at MSHA, a U.S. Department of Labor (DOL) agency in Arlington, Va. "Right there was the ROI. I remember when ILOVEU tore through here without SIM in place. It took us four or five days to get our people back to work."
Using netForensics' nFX Open Security Platform, MSHA security engineers and network administrators can see security events as they unfold, changing security configurations. The system integrated with MSHA's intrusion-detection systems, firewalls, routers and SSL VPN devices to take network event information for analysis and correlation. Using nFX wizards to create agents for MSHA's critical business servers, administrators created role-based connectivity for departments requiring access. In this way, the security, operations and applications groups can get correlated intelligence on the gathered data as needed.
Fesak credits much of MSHA's success to Syed Hafeez, information systems security officer for the agency. Since 2001, Hafeez has worked with the organizational business units to raise awareness and involve the business in structural security upgrades. In March 2003, Hafeez undertook the SIM project, completing Phase I (security device integration) and Phase II (server integration) in October that year.
SIM has had a major impact on MSHA's security ratings. Less than one year into the deployment, MSHA's security score within DOL increased to an "all green." This in turn contributed to the DOL's overall Federal Computer Security Compliance Scorecard grade, issued by the Office of Management and Budget, rising from F to B. The effort also lifted MSHA's security scores from low to one of the best at the agency level using that scorecard, says Jay Mattos, MSHA's deputy director.
"This project honed in on being able to supply security awareness at multiple technical and business levels in real time, without an entire SOC [security operations center] infrastructure added on," Hafeez says. "Now, security, operations and application groups have a comprehensive view of security data in any configuration they need."
Partner Content
Blue Stripe Software
www.bluestripe.com/
Improving Application Performance Troubleshooting
Diagnosing why an application is slow is hard, at times taking days or weeks to isolate and resolve. This paper explains the challenges involved using current management tools, provides a 'wish list' for application management and analysis, and explains the need for an application system-wide approach that monitors entire applications, not components.
Download Whitepaper
Virtual Vigilance: Managing Application Performance in Virtual Environments
This paper highlights the impact of virtualization on application performance. "Managing Application Performance in Virtual Environments" states: "Best-in-Class organizations are predominately taking actions around improving visibility across both physical and virtual systems, assessing the business impact of application performance and understanding interdependencies of applications in virtualized environments."
Download Whitepaper
Application Service Requests: The Missing Link for Pragmatic ITSM
Forrester Research analyst Glenn O'Donnell and BlueStripe co-founder Vic Nyman discuss a breakthrough approach to application problem management. Learn the new approach for ITSM problem management, which provides: Rapid isolation of application slow-downs to specific components for quick problem resolution, 24/7 monitoring for proactive notification of potential issues before end users are impacted and much more.
Register for Webcast
Comment