More feature stories by year:
Return to: 2008 Feature Stories
CLIENT: NETWORK BOX USA
July 21, 2008: Credit Union Journal
SAN ANTONIO - Air Force Credit Union here has made a "world of difference" in network security by purging multiple systems-firewall, intrusion detection and prevention, virtual private network and e-mail and web filtering-and consolidating them into one appliance.
Jeanette Cortez, manager-information systems, reports that that not only does that one appliance do it all, but does it better.
In November, the $260-million CU installed the Network Box E-1000x, a "unified threat management" (UTM) firewall that protects against multiple Internet threats. "Staff doesn't have to worry about monitoring every single network security service every day," Cortez said. "Instead, they just monitor the one box."
"I can log in to the GUI interface and look to see if Network Box has discovered any red alerts on the network," said Chad Day, network administrator. "It takes me 30 minutes. When we had separate systems, we'd spend the entire day trying to identify which network ports were being attacked."
The Network Box e-mail filtering tool, which includes protection against viruses, spyware, spam and phishing, is particularly useful, Cortez said. Since e-mail is now the primary carrier of all malware, Network Box intercepts all incoming e-mails and scans them before sending them to the Air Force CU e-mail server. Malware and intrusion signatures, as well as software packages, are updated automatically and in real-time.
As a result, virus activity is now blocked 100% at Air Force CU, whereas prior to Network Box, the CU had suffered three separate virus incidents in the past year, said Day.
Although 90% of the e-mail sent to the CU is spam, the credit union can rely on Network Box to block all but 1% of that spam, Day said. The CU was subjected to 10% of its spam before Network Box.
The E-1000X isn't the CU's first UTM firewall, Cortez added. Four years ago, when Air Force CU decided to abandon the multi-server, multi-application paradigm to consolidate network security, it found a couple of solutions that were "atrocious," she said.
"We had a lot of downtime with our prior vendor, right off the bat," she explained. "The e-mail filter would get stuck and stop functioning. Firewall changes took forever. They wouldn't share our raw log data with us. And we knew more about the box than the vendor."
One of the previous vendors neglected to update malware and intrusion signatures, said Cortez. "We were unaware, due to insufficient monitoring, that the necessary updates weren't being applied until the FFIEC told us the vendor wasn't updating as promised. After that, we needed to find a vendor that knew what they were doing. We really put Network Box through the grinder," said Cortez.
Now, downtime for updates or fixes is "minimal and well-planned," Day said. The CU routinely reviews the raw log data provided by Network Box to make sure signatures are updated and to check for any changes to the firewall, Cortez said.
"We're able to see trending of all intrusions, memory usage, disc space and processor space in order to gauge whether the box is meeting our needs," he said. "We can also take trends and kill them before they even hit the box."
AFCU pays for two external vendors to perform assessments of the E-1000x, said Cortez. The assessments of Network Box have come out clean, whereas assessments on previous UTMs revealed a "handful" of issues, she said.
The E-Series starts at about $26,000, which includes hardware and first year of service, according to Network Box USA, Inc. The Houston, Texas-based company said it offers discounts to members of the Credit Union Information Security Professionals Association (CUISPA).
Similar unified threat management firewalls can cost up to $30,000 more than Network Box, said Day.
Return to: 2008 Feature Stories