Emirates takes guard

As part of an ongoing programme to strengthen its IT infrastructure against the dangers posed by security threats, Emirates Group picked TippingPoint IPS devices to protect its perimeter.

  • E-Mail
By  Stuart Wilson Published  February 26, 2006

|~||~||~|As part of an ongoing programme to strengthen its IT infrastructure against the dangers posed by security threats, Emirates Group picked TippingPoint IPS devices to protect its perimeter. The company selected TippingPoint after an extensive evaluation of the products offered by several major vendors in the IPS market. The company has deployed a number of TippingPoint devices to proactively protect its enterprise against spyware, worms, denial of service floods and other internet threats. As one of the world’s fastest growing airlines, flying to almost 80 destinations across the Middle East and beyond, Emirates Airline uses the IPS solution to safeguard its extensive internet usage, including communications with airports, its pilots and flight crew. “We saw the need to manage what was coming through the firewall,” says Laserian M. Kelly, manager information security at Emirates. “You can have traditional firewalls and anti-virus solutions but threats are evolving. The worms that appeared in 2005 proved that and we weren’t immune to them. We did get hit by some of them but the impact was contained through the existing infrastructure we had,” he adds. “The security threats that we face are not specific to airlines; they are common across all enterprises — worm attacks, spyware, phishing. You can see focused attacks on specific vulnerabilities announced by major hardware and software vendors.” The TippingPoint devices selected, which inspect all incoming traffic allowing only permitted traffic to enter, now form an extra barrier of security for Emirates Group. The desire to switch from a reactive approach to managing IT security needs and move towards a proactive strategy played a pivotal role in Emirates’ decision to opt for TippingPoint. “We had previously looked at intrusion detection systems (IDS) but as they say, that’s only really detection. It doesn’t do anything proactive and we found that the overheads involved in trying to manage this would be too much,” continues Kelly. “We started looking at IDS in early 2005 and evaluated all the major players in the market. There is a glut of security vendors in the market so we made sure that we focused on the big players that a had a genuine IPS solution — not the ones that had just scribbled out the ‘D’ on IDS and replaced it with a ‘P’.” With 20,000-plus PCs within the Emirates IT infrastructure, patching to counter new security vulnerabilities can be a mammoth task. By using the TippingPoint IPS system, which contains threats at the perimeter, Emirates has given itself more time to counter new threats. According to Kelly, Emirates Group picks the best products for its IT security needs based on a specific range of factors and is not overly interested in looking for a vendor that claims to offer a one-stop-shop solution. “We look at information security and we assess business needs,” explains Kelly. “We look at the threats to the business model and the controls that we need. It is not about a one-stop-shop or even best-of-breed — it is about the functions a specific solution supplies, how well it integrates with our existing IT and network architecture, and whether it gives us the reporting and management capabilities that we need.” As with all network security solutions, it was vitally important for Emirates to make sure that the system not only prevented unwanted intrusion, but also possessed the flexibility to ensure that information that was actually needed could flow freely into the organisation. “There is always a danger that this sort of installation can block things that we actually needs so we do have a person that monitors the actions and looks at the new digital vaccines that come in to see whether or not there is any aspect that may or may not be required by the business,” says Kelly. “The nice part about the TippingPoint system is that you can put it in different modes: you can make it detect and notify or you can set it to block as well. With the deployment that we did, we actually fine tuned it for different locations within the network — so it is not a standard configuration across the board.” The actual integration of the TippingPoint solution was a slick affair, taking just ten days from the point of starting the deployment to completion of the installation. “It was a smooth process,” comments Kelly. “Sometimes there are one or two things that you have to do. For example, we found that the speed negotiations on LANs was something we had to set rather than allow it to be automatic — but that was a very small issue.” Local reseller Paramount Computer Systems (PCS) played a key role in the sales cycle for Emirates’ TippingPoint solution. During initial presentations to Emirates, TippingPoint’s European team accompanied PCS. During the actual implementation, a TippingPoint trainer from the US and technical experts from Europe flew in to provide comprehensive support. The actual amount of TippingPoint devices required to keep the perimeter protected is not a number that Kelly is willing to divulge. “If you have your perimeters pinned down you don’t need tens or hundreds of devices,” he explains. “We have a sufficient amount to protect the infrastructure — the priority with an IPS device is that it should not disrupt legitimate business so we do have it in high availability mode. If necessary we can put the system in bypass mode for certain things as well. For us, a short-term shutdown of the IPS is preferable to a disruption to the business.” With its network perimeter now secure, Emirates Group plans to turn its attentions to a number of new security-focused IT projects in 2006. With information now being accessed and stored on a number of different devices and networks within the group, Kelly plan to improve the internal delivery and control mechanisms. “This solution was part of an overall strategy that we have for the technical and security infrastructure and it is all about how we move from being a reactive force to a proactive force,” says Kelly. “Firewalls give you a great deal of protection but ports are open and those ports can be exploited. We had something called the perimeter protection programme. You could argue now that the perimeter is disappearing so that evolves into end point security where you are moving down to protecting information at the endpoint as well.” For the Emirates Group, uptime is mission critical as more and more processes within the aviation industry become electronic. “We now have e-ticketing, we have the booking engine and we have crew accessing information through portals,” he notes. “The new range of aircraft we are acquiring are all electronic based in terms of the information that goes back and forth. In the future, we’re looking at situation where the pilot’s flight bag could be replaced by a laptop that all the information will be uploaded to when he gets on the plane.” With so much data being transferred, stored and retrieved electronically, the need for security is paramount to ensure that only those with proper authorisation can access sensitive and confidential data. “We’ve done a user access management solution and now we’re focusing on an identity management solution as well as digital rights management,” he continued. “We’re looking at PKI solutions so people can digitally sign documents. Believe me, the aviation industry and all the airlines are looking very closely at this because the business benefits are there.” Information protection is taking centre stage in Emirates Group’s ongoing security strategy. With information now being delivered to a variety of devices such as PDAs, Blackberry’s and even stored on USB sticks, the pressure to enforce rigorous protection policies is growing. “You have the need to deliver the information but you can’t just send it out there,” Kelly explains. “It is all about how you deliver it in a controlled way so its usage is only what you set it out to be. That’s the sort of suite that we are looking at now.” Emirates Group is backing up its technical advances with an ongoing staff awareness programme to ensure that all employees realise the importance of information protection within the organisation. Simultaneously, each business unit is involved in a risk management programme that assesses the risk levels for each part of the operation. The company has already conducted preliminary research assessing the major suppliers of identity management solutions in the market and plans to take a closer look at the various products on offer during 2006. No firm decision on the preferred supplier has been taken yet. For Kelly, it is important to weigh up the pros and cons of any solution before entering into any agreement. This thinking is reflected in the length of the typical sales cycle that suppliers go through before an implementation is finished. “The complete project timeline can vary from one year to 18 months,” said Kelly. “You can be caught sometimes; maybe there is an immediate need to do things but you want to be doing it as part of a controlled strategy. We like to structure the progression piece by piece and we understand that the business will continue to grow — that doesn’t stop. We will try and focus on what needs to be done immediately and prioritise that.” With security threats constantly evolving and Emirates Group’s business continuing to grow at a rapid rate, the security challenges faced by Kelly and his team are fluid and dynamic. Solid planning, careful purchasing and a well-structured internal organisation have laid the foundations for a secure future. ||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code