We\u2019re not the biggest company in the world, but we just happily spent more than $40,000. No, it wasn\u2019t a new midlife crisis Boxster for the CEO \u2013 we just made an investment in gear to protect our various server farms, and we\u2019re tickled pink about it. We\u2019re not the biggest company in the world, but we just happily spent more than $40,000. No, it wasn\u2019t a new midlife crisis Boxster for the CEO \u2013 we just made an investment in gear to protect our various server farms, and we\u2019re tickled pink about it.\u00a0 Now the fact of the matter is that we would have much rather paid a carrier a monthly fee to do it for us, but that option simply was not available from our existing providers.\u00a0 And we have to ask the question (and ask it in a loud tone of voice) \u2013 why the heck not?TeleChoice operates various servers for our internal consultant access, external client and partner access, and topical public sites that we run.\u00a0 Protecting these sites is no different than any other enterprise facing threats from script kiddies, crackers and other ne\u2019er do wells.\u00a0 You have to secure your assets if you do business online.\u00a0The progression of steps we took, of expenses we paid, and functionality we installed is probably no different from that of any other company.\u00a0 We started out spending money on\u00a0patch maintenance\u00a0capabilities to make sure we had the most recent patches from software vendors and that was fine.Then we invested in a dedicated firewall appliance. It did its job, but \u2013 like all\u00a0firewalls\u00a0\u2013\u00a0 was only able to stop network traffic on services we did not use.\u00a0 It was unable to do anything about the most vulnerable service we have in use today, HTTP on port 80.\u00a0 Increasingly our systems \u2013 particularly our development servers (routinely accessed by contract programmers) \u2013 were subject to intrusion attacks.Truth be told, some of these attacks got through our existing security.\u00a0 Tracking these attacks was no easy task \u2013 playing detective on a large server installation takes time.\u00a0 Some intrusions are so subtle that finding them can be just as much luck as experience.\u00a0 It\u2019s not hard to make a business case for stopping this before it happens, so we started, quickly, looking for options.We took our troubles to our service providers and they were happy to offer managed\u00a0intrusion detection\u00a0services from partners\u00a0- none of our providers offered such services on their own. Our providers usually began their pitch with an Intrusion Detection Service.\u00a0This typically amounted to little more than full time monitoring of our firewall (at $2,000 a month!).\u00a0 While cheaper than hiring a full time employee, this services still did not solve our core problem \u2013\u00a0attacks that could get through our firewall and exploit an unpatched hole\u00a0 on our servers.\u00a0 Instead, it just provided a slightly faster means of discovering what we already knew \u2013 that we were under attack!The next step up from our providers (starting at $4,000 per month) was a true Intrusion Prevention service. Unfortunately,\u00a0 this service would have required a wholesale reconfiguration of our network, and that was just something we couldn\u2019t afford to do operationally.\u00a0For us, the solution came not in a managed service, but in the hardware investment we discussed at the beginning of the column. We bought and installed several of TippingPoint\u2019s UnityOne Intrusion Prevention systems. The results were immediate and remarkable.Because a vital production server was under attack, our IT director went it alone and installed the first unit without the help of the sales engineer. In fewer than 20 minutes he had our first box unpacked, installed, turned on, and operating.\u00a0 We fiddled briefly with the reports and the monitor to see what was going on but did not need to make any changes to default configuration of the box.\u00a0 In the first hour the device blocked 10,000 bad packets, all of them direct exploits and attaches to get through our defenses.\u00a0 A quick check on our managed switches showed our internal network traffic dropped 40% which increased our internal network performance by close to 20%.\u00a0The second box we evaluated took 15 minutes and the one after that less than 10 minutes.\u00a0 Over the next month the attacks grew.\u00a0 But none have gotten through, so far, after four months of operation.\u00a0 Exactly the way it should be.\u00a0This success, in our minds, begs the question: why don\u2019t carriers take TippingPoint, or another vendor\u2019s products, and stick them at the carrier interconnection points to stop all of this stuff from getting into and out of their network?\u00a0 Since so much of this traffic comes from machines that have already been compromised it just makes sense to filter out the known obvious exploits and save the capacity for clients (like us) that will happily pay for it if it\u2019s available.\u00a0 The amount of traffic savings we\u2019ve seen has varied, but if 25%, 30%, 35% or more of the network capacity could be freed up by installing such gear at the endpoints, doesn\u2019t that make more sense than just buying more capacity?We think this is really becoming table stakes.\u00a0 We\u2019re past the time when dealing with intrusions was just an annoyance.\u00a0 It\u2019s costing companies money \u2013 it was certainly costing us money.\u00a0 Isn\u2019t solving these kinds of business problems why new products and services are launched in the first place?So while we\u2019re sure that we\u2019ll get a lot of feedback about service and options we didn\u2019t try, the fact remains that no one we spoke with offered a managed solution that would work for us.\u00a0 So we went with the age-old solution.\u00a0 We bought boxes.\u00a0 Good ones too. We would have rather bought a service, and saved the money for the Boxster instead.