ALTHOUGH HIS AUDITORS were completely satisfied, Robert Sheridan K. Smith wasn't. When Smith joined Arch Reinsurance, a subsidiary of Arch Capital Group (US$15.6 billion in total assets), in late 2005, he inherited manual processes for monitoring changes to routers and firewalls. "We only assessed device status monthly," explains Smith, the carrier's IT manager. "In addition, ... since I was the only one qualified, I inspected devices, addressed issues, compiled reports and then reviewed my own work prior to audits."
Beyond improving efficiency, Smith says, he wanted to improve systems security by automating server, workstation and switch monitoring across the Hamilton, Bermuda-based company's two Microsoft (Redmond, Wash.) Windows Server-enabled data centers. Although Smith's predecessor had started piloting a solution by Ecora Software, the tool didn't support some of Arch's hardware, he notes.
After reviewing available options in late 2005, Smith says, he set aside Ecora's (Portsmouth, N.H.) Auditor Professional and opted for Prism Microsystems' EventTracker (Columbia, Md.). EventTracker promised to flag changes to servers, workstations, switches and routers. "Even though it didn't support our Check Point [Tel Aviv] firewalls, EventTracker was the only solution that came close to handling all of our infrastructure components," Smith relates. "Then, we discovered it didn't provide the Cisco [San Jose, Calif.] router monitoring we desired. So we were still without an event monitoring tool for our routers and firewalls."
While Smith continued to watch for technology advances, he began using EventTracker in tandem with products from ScriptLogic (Boca Raton, Fla.) and his Numara (Tampa, Fla.) help desk system to provide daily reports as well as change alerts for servers, workstations and switches. Ultimately, however, expiring site licenses for the unused Ecora product became the conduit to a comprehensive hardware solution. "When Ecora representatives contacted us in the summer of 2007, they told us about new router and firewall capabilities," recalls Smith. "Since Ecora could now work across our infrastructure, we immediately purchased it."
In August, Arch deployed Ecora using an existing server. "We were up and running in an hour or two," Smith asserts.
And Ecora has slashed resources dedicated to audits. "Previously, audits took an equivalent of about three days of my time," says Smith. "We handed off binders filled with printed reports for the auditors." With Ecora, Smith's manual preparation tasks are eliminated, and the time he spends on audits has dropped by half because auditors get information via a Web interface.
Even better, systems security and compliance confidence has soared, Smith says. "Now we immediately detect and correct configuration issues," he notes. "Plus, our auditors can drill down to any day, or even any hour, that they want."
Going forward, Smith says, he plans to use Ecora to streamline server and workstation compliance. "The latest version of Ecora automates the change management process itself," Smith explains. "In other words, I'm now setting up policies in Ecora, which then analyzes hardware, reports noncompliant machines and flags items that need addressing. By utilizing Ecora to complement our other tools, we're building an efficient system with a higher level of confidence than we ever had before."
Case Study Profile
Company: Arch Reinsurance (a subsidiary of Hamilton, Bermuda-based Arch Capital Group; US$15.6 billion in total assets).
Lines of business: Property and casualty reinsurance.
Vendor/technology Ecora Software Corp.'s (Portsmouth, N.H.) Auditor Professional and Prism Microsystems' (Columbia, Md.) EventTracker.
Challenge Improve security and efficiency by automating hardware monitoring and management.
Anne Rawland Gabriel is a technology writer and marketing communications consultant based in the Minneapolis/St. Paul metro area. Among other projects, she's a regular contributor to UBM Tech's Bank Systems & Technology, Insurance & Technology and Wall Street & Technology ... View Full Bio