“We had implemented various components,” he says. “Basic stuff like firewall infrastructure, routing infrastructure, anti-virus and so forth. Then, once we had those basic building blocks in place, we started to add more sophisticated tools such as intrusion protection, anti-spam and more sophisticated network monitoring.”

And along with the new tools, says Stoodley, came the requirement for a greater level of staff commitment to on-going monitoring and analysis. It was not a commitment TVNZ could realistically make, he says. “Basically the security architecture we had implemented had grown bigger than we could efficiently manage – and that's where Secure24 came in.”

The security monitored enterprise
Stoodley says when considering TVNZ’s options, the inherent ‘intelligence’ incorporated into IBM’s Secure24, became a deciding factor. “We had an existing relationship with IBM that stretched back several years,” he says, “and I’d watched the Secure24 solution evolving. Once it had incorporated a forensics module, I felt it was something we should take a close look at.”

Stoodley says large enterprises need a coherent overview of everything that’s occurring in the security space, and while organisations with a dedicated back room ‘security’ person, may seemingly be managing  technical faults and isolated security incidents competently, in reality it is often a fragmented and incoherent view of enterprise security.

“With a managed service like Security24,” he says, “feeds from the component parts of our network security infrastructure are evaluated based on agreed parameters. For example, if this has happened here and that happened there and we have not seen anything from this sector, then Secure24 might identify this as a ‘level 2 incident’ and needing to be managed in a certain way. Similarly, a different combination of alerts might identify a different scenario with different management action required.”

Stoodley says Secure24’s forensic “value-added” functionality allows security managers to make more informed decisions. “It ties everything together coherently and given that information we can then take the appropriate action faster.”

Easy installation
Physically implementing Secure24 at TVNZ only required the installation of a single high-speed server in TVNZ’s office, which now passes network status information through to IBM via a Virtual Private Network.

Once the hardware was in place, Stoodley says TVNZ and IBM then worked through service level agreements. “We established under what conditions Secure24 would notify us of an issue – for example, did we really want to be notified at three in the morning if a worm was detected and had been confined to a single desktop? So it was a case of working out under what conditions should we be alerted and by what mechanism – via e-mails, for example, or if the intrusion was severe enough, then directly via mobile phone.”

Low cost ‘Peace of Mind’
Measuring the worth of Secure24 for TVNZ can be summed up in a single phrase says Stoodley – peace of mind. “I am not interested in pretty looking reports after the fact,” he says. “All my efforts as a security manager are focused on two things – pre-empting an incident, and if one does occur, then having early notification of it so that we can quickly take the appropriate action – having Secure24 in place has certainly lowered the stress levels.”

But there are other less obvious benefits he says, particularly in the area of better utilising TVNZ’s personnel resources. “I guess it all boils down to a lower management overhead,” he says. “Now we’re freed from monitoring server logs and processes, we can spend more time on things like compliance auditing and talking security with other staff. Security is not just a ‘technical’ issue, our team is now able to better focus on bigger picture stuff.”

For more information contact
IBM New Zealand
Ph: 0800 801 800
www.ibm.com/nz/

August 2005