Acumen Solutions

Intrusion Prevention
Specialty Pharmaceutical Firm

Business Challenge

The firm had been experiencing outbreaks of Internet worms and other malicious code severe enough to impact business operations. Several incidents were so severe that they caused delays in the delivery of life-saving chemotherapy drugs to patients. Like most businesses that rely on the availability of computers and applications, the firm could not afford the service disruptions and potential patient care impact of this growing security threat. The company called on Acumen Solutions, a Cisco Premier Certified Partner, to assess the situation and recommend a solution. After analyzing the environment, Acumen Solutions consultants recommended an Acumen Solutions Prevent TM intrusion-prevention solution.

Early on in the project, the firm's use of low-memory, thin-client PC systems emerged as a significant technical challenge. On one hand, the lack of "upgradeability" makes thin-client systems a perfect match for intrusion prevention software. On the other, the machines in use did not have enough onboard memory to support a traditional installation of the intrusion prevention agent. Since the systems were running Windows XP Embedded, they we difficult or impossible to upgrade or patch to address new security vulnerabilities that are routinely identified by Microsoft. Intrusion prevent agent software became the only effective tool for threat mitigation. Due to the small memory size on these systems, Acumen Solutions engineered a custom installation and boot sequence that allowed the agent to load properly, run in real-time and effectively protect the host machines.

Solution

The scope of the project includes 350 clients and 65 servers in 2 management domains. Acumen Solutions and the client agreed that the Cisco Security Agent software was the best technical solution to the security threats that they had experienced. Acumen Solutions and the firm decided on a phased rollout approach. An initial set of 10 clients and 1 server were used as a prototype to test and fine-tune the solution before widespread deployment. Specific tasks accomplished by Acumen Solutions during the deployment include:

• Reviewing the existing infrastructure and applications in use.
• Addressing the special requirements of the thin client environment with custom configurations.
• Creating Agent Kits for clients and servers.
• Profiling applications to determine legitimate user and application activity.
• Running a series of intrusion tests on the systems, such as virus infection, illegal software deployment and unauthorized system configuration changes.
• Developing and tuning rule sets based on the test results.
• Deploying the management and reporting consoles.
• Instructing firm staff on the operation of the intrusion prevention capability.

Return on Investment

Since the deployment of the Acumen Solutions Prevent solution, the firm has not experienced a single virus or malicious code outbreak. No protected systems have suffered downtime and no business application servers have been failed to operate properly. As a result, the firm has been able to dramatically reduce the cost of security threat response and has been able to address identified security vulnerabilities as part of normal operations rather than as emergencies.