Ironically, the timing of a network attack can be a blessing and a curse, as fast-growing Infinity Insurance ($2 billion in total assets) can attest. When random, phantom network disruptions struck in April 2005, the Birmingham-based nonstandard auto insurer was preparing to relocate. "We experienced a major outage," recalls Jodey Hogeland, Infinity's Unix system administrator. "But it occurred on the weekend when we were literally moving across the city to our new headquarters building. So we were already scheduled to be down."
After contacting the FBI, Infinity immediately consulted a professional security firm and was directed to an intrusion protection system (IPS) from Top Layer Networks (Westboro, Mass). A survey of Infinity's business partners provided the same answer. "So we contacted Top Layer mid-week following our move," Hogeland recalls. "At 6:30 a.m. the next morning, FedEx was waiting at our doors with our [IPS] device."
That same afternoon, Top Layer's lead engineer flew in and installation commenced. "We placed the IPS at the edge of our network, between our DS3-connected external router and our internal firewall," notes Hogeland. "Plugging it in and testing in 'bypass mode' took less than a half hour."
When Hogeland clicked from "bypass" to "mitigate" in the appliance's Web-based interface, his network instantly stabilized. "We were expecting measurable results in a couple of hours," Hogeland says. "Instead, the device immediately detected and shut out approximately 9,000 unique IP addresses that were attempting [unauthorized] access. For the first time, the attack's type and significance was clear." After a few hours of tuning, spyware, viruses and other garbage traffic disappeared as well.
Since implementation, the IPS has even helped identify culprits in the act. "Top Layer's device includes name service tools for point-and-click discovery of who owns attacking IP addresses," Hogeland explains. "Using this tool, we've provided law enforcement with information for investigating the major attack we were experiencing at deployment. Plus we've detected several smaller attacks and notified the providers so they could take action."
The IPS even thwarted a security audit. "The person who knew the audit's details was on vacation," Hogeland relates. "When the device reported suspicious traffic, I quickly identified the attacking IP address and surprised the security techs while they were still attempting access. They said, 'We can't get in to audit your security. Would you mind turning off your IPS?'" chuckles Hogeland.
Hogeland says other Top Layer pluses include automatic updating, often four times a week, and unlimited telephone technical support for both investigating and mitigating an attack. "We've been approached by another leading vendor, but have no desire to evaluate anything else," he says. "In fact, we deployed a second Top Layer device for redundancy in the first half of 2007."
While he admits the IPS' interface could stand improvements, Hogeland says the GUI is beside the point. "With the IPS fully up and running, our network performance improved 50 to 60 percent," he reports. "And we've experienced absolutely zero measurable latency because the IPS ... is based on ASICs [application-specific integrated circuit]. As far as the architecture, it's definitely the coolest box I've ever seen."
Infinity Insurance (Birmingham; $2 billion in total assets).
Lines of business:
Eliminate phantom network disruptions, improve system performance and enhance security profile.
Anne Rawland Gabriel is a technology writer and marketing communications consultant based in the Minneapolis/St. Paul metro area. Among other projects, she's a regular contributor to UBM Tech's Bank Systems & Technology, Insurance & Technology and Wall Street & Technology ... View Full Bio