Mining SIM

Security information management helps the Mine Safety and Health Administration boost its security score from F to B.

Introduction WINNERS BY INDUSTRY Education | Financial services | Government | Healthcare | Manufacturing | Transportation | Hospitality | More WINNERS BY TECHNOLOGY Applications | Convergence | E-commerce | Management | Security | Servers | Storage | WAN | Wireless John Gallant on being an All-Star

In late 2004, a version of the Welchia worm hit the Mine Safety and Health Administration network, its ping of death disabling 17 remote offices in an hour. That's when George Fesak knew he had made the right decision to invest in security information management (SIM).

"It took less than three hours to block the Welchia traffic, quarantine the 298 infected machines and restore connections to our 17 field offices," says Fesak, who is director for Program Evaluation and Information Resources (PEIR) at MSHA, a U.S. Department of Labor (DOL) agency in Arlington, Va. "Right there was the ROI. I remember when ILOVEU tore through here without SIM in place. It took us four or five days to get our people back to work."

Using netForensics' nFX Open Security Platform, MSHA security engineers and network administrators can see security events as they unfold, changing security configurations. The system integrated with MSHA's intrusion-detection systems, firewalls, routers and SSL VPN devices to take network event information for analysis and correlation. Using nFX wizards to create agents for MSHA's critical business servers, administrators created role-based connectivity for departments requiring access. In this way, the security, operations and applications groups can get correlated intelligence on the gathered data as needed.

Fesak credits much of MSHA's success to Syed Hafeez, information systems security officer for the agency. Since 2001, Hafeez has worked with the organizational business units to raise awareness and involve the business in structural security upgrades. In March 2003, Hafeez undertook the SIM project, completing Phase I (security device integration) and Phase II (server integration) in October that year.