No longer is a managed firewall adequate to protect vital network and information assets. A complete security offering requires a multiple-layer approach that includes an intrusion prevention solution. A reason why Telecom Egypt, the incumbent operator, deployed an intrusion prevention system to protect its massive network against hackers and other vulnerabilities.
Telecom Egypt is the largest provider of fixed line services in the Middle East and Africa with 11.75 million subscribers, and employs around 54,000 people. The telecom behemoth controls Egypt’s only fixed line network, servicing both retail voice and wholesale demand for reliable telecommunications connections. The company also currently participates in the mobile segment in Egypt via its 45% ownership of Vodafone Egypt, one of the three existing Egyptian mobile operators. Through its internet subsidiary, TE Data, Telecom Egypt has more than 60% market share broadband internet access in Egypt.
Telecom Egypt’s IT network infrastructure includes hundreds of routers, switches, servers, and more than 8,000 computers. “Though we haven’t had any security breaches, we decided to deploy IPS to protect the sensitive information assets that we have on the network, and security is a top priority for us,” says Khaled Marmoush, CIO of Telecom Egypt. The network based intrusion prevention systems complements the company’s IT security policy and currently protects all of its core business support systems, including billing, ERP, order entry, etc.
Marmoush says another reason to deploy IPS was the service provider’s data centre consolidation project. “We are in the process of centralizing our IT infrastructure, and consolidating geographically scattered data centres onto a new data centre. It’s extremely critical to protect this backbone of our business”
Marmoush and his teams scouted the market for a suitable IPS solution before zeroing in on TippingPoint. “We followed the normal selection criteria including position in the market, features and partner support,” he says. Blocking attacks and allowing Telecom Egypt’s IT staff to test security patches before deployment was another important factor, and TippingPoint’s Digital Vaccine filters proved to be an interesting proposition as it alleviated the need for ad-hoc and emergency patching. “Most environments cannot control all end user desktop PCs. TippingPoint provides network segmentation to stop the spread of malicious traffic from infected users, while notifying the administrator where the attacks are originating from,” adds Ayman Ahmed, the Local Area Network Manager at Telecom Egypt.
Configuration is a huge issue with IPS devices. However, Telecom Egypt’s IT team rolled out the systems without any glitches with the help of TippingPoint’s local partner FVC. “The main challenge was the downtime of the network. Given the size and scope of the change, the implementation team had to execute diligently, with a rollback plan always at hand as a last resort. The team had to work out of office hours and followed innovative plans to manage the implementation of the project. All the work was completed within a night and everything was back online before the start of the next business day. As a result of the thorough planning and quality execution, the team didn’t face any problem whatsoever and the project turned out to be a great success and was appreciated by the corporate senior management,” says Ahmed.
Through its infrastructure protection capabilities, the TippingPoint IPS (Intrusion Prevention System) protects Telecom Egypt’s data centres, network infrastructure including routers, switches and other mission critical infrastructure from targeted attacks and traffic anomalies. “The biggest benefit is the granular visibility we have into the network. We can now see who is doing what on the network at any given point of time, and the IPS protects us from internal threats as well,” says Marmoush. The new system also enables Telecom Egypt to throttle non-mission critical applications on the network, and thereby freeing up valuable bandwidth. Mamoush says it helped Telecom Egypt to optimise the network resources and enhance the overall performance of applications.
While most organisations aren't equipped to monitor the changing threats in the wild, analyse the data and revise security policies in a timely manner, it’s a different scenario at Telecom Egypt. “TippingPoint IPS gives our IT team the ability to anticipate threats and adjust our IPS policies based on our network security requirements. With TippingPoint, we can now eliminate malicious traffic from the network, manage non-mission critical application usage, ensure protection against user-to-network and user-to-user attacks, and implement new and value-added services, confident that our security and network performance is assured,” Marmoush explained.
According to Ayman, Telecom Egypt’s next plans include working on a centralised management system for the IPS units. “This will enable discovering, monitoring, configuring, diagnosing and reporting on multiple TippingPoint systems. While that is being worked on, we are targeting to scale our security systems, by deploying core controller to enable automated, in-line 10Gbps inspection, thus protecting network devices, operating systems and applications from various security attacks. This will also balance traffic inspection loads across multiple IPS units, allowing Telecom Egypt to effectively use only the amount of IPS capacity required.” Plans are also afoot to replicate the IPS solution to different locations within the country.