Gaining insight into security devices, SCADA networks

Industry analysis by Beth Schultz, plus the latest news headlines.

There is no shortage of data that can be collected across complex distributed networks, but often network managers are challenged to extract meaningful information from the volumes of metrics pulled out of multiple proprietary systems.

For Matthew Shoemaker, network/systems engineer at Georgia's Henry County Water and Sewage Authority (HCWSA) near Atlanta, the need to centralize data across intrusion detection systems (IDS) was magnified by his organization's dependence also on SCADA (Supervisory Control and Data Acquisition) systems. Shoemaker says he went in search of technology that would help him centralize data collection from security systems, monitor network traffic and troubleshoot unknown threats.

"We were looking for a centralized way to look into network traffic, provisioning and diagnosis. We had a lot of IDS boxes, and it got to be too much to handle. There was no correlation of the information we were collecting, so it wasn't necessarily useful to us," Shoemaker explains.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

There is no shortage of data that can be collected across complex distributed networks, but often network managers are challenged to extract meaningful information from the volumes of metrics pulled out of multiple proprietary systems.

For Matthew Shoemaker, network/systems engineer at Georgia's Henry County Water and Sewage Authority (HCWSA) near Atlanta, the need to centralize data across intrusion detection systems (IDS) was magnified by his organization's dependence also on SCADA (Supervisory Control and Data Acquisition) systems. Shoemaker says he went in search of technology that would help him centralize data collection from security systems, monitor network traffic and troubleshoot unknown threats.

"We were looking for a centralized way to look into network traffic, provisioning and diagnosis. We had a lot of IDS boxes, and it got to be too much to handle. There was no correlation of the information we were collecting, so it wasn't necessarily useful to us," Shoemaker explains.

Not only did he need to pull together data from disparate IDS appliances, but also Shoemaker wanted to get a better look at HCWSA's SCADA environment. Mostly Shoemaker had concerns over security with the SCADA systems.

"SCADA equipment manufacturers are proprietary so I needed something that could pull that proprietary information into the centralized repository," he says.

That's when Shoemaker learned of StealthWatch from Lancope. StealthWatch is software packaged on appliances that are distributed across a network, near a core switch or data center router. Upon installation, it performs a benchmark of normal traffic behavior and continuously monitors for changes. The product does not sit in line of network traffic, but passively monitors conversations between hosts and clients. Administrators can tap into the appliances via a Web-based interface or use the management console to configure, monitor and generate reports from multiple distributed appliances.
Sometimes called network behavior analysis technology, products like StealthWatch can learn normal patterns of an environment and then alert network managers when anomalies occur. That capabilities helped Shoemaker determine that Lancope was right for HCWSA's varied environment.

"We are short-staffed and most of us wear more than one hat so it helps that the products can point out when there is a problem," Shoemaker says. "It helps us collect and make sense of our data, but how well it deals with undocumented vulnerabilities is an invaluable benefit."

Read more about infrastructure management in Network World's Infrastructure Management section.

Schultz is a longtime IT journalist. You can email her or find her here.