Aramco tightens network security

In the second look at Aramco’s IT security systems, Diana Milne reports on the Saudi oil giant’s efforts to increase its network security.

  • E-Mail
By  Diana Milne Published  November 30, 2006

Saudi Aramco is tightening up its security systems and rolling out Novell’s Sentinel security solution across more of its internal systems. The oil giant deployed the Sentinel solution to monitor and guard against hacking attacks on its IT systems in 2002 and now plans to undergo an upgrade to expand the solution to provide better cover to some of its most sensitive networks.

Sentinel is a central device which sits on the IT network and collects data from the different components such as applications, databases, the network infrastructure and security firewalls then correlates this to detect potential hacking activity. Novell acquired the technology through its acquisition of e-Security earlier this year for US$72million. “Basically it’s constantly collecting information from all of those environments, and correlating it so it makes sense of it,” explained Gerard McDonnell, MD of Novell in the Middle East.

Sentinel can detect patterns of attack, such as when different services on a network are attacked in sequence, raise an alert with administrators warning of such an attack and even shut down the service that is being attacked to stop it from being damaged, McDonnell explained. Sentinel also creates an audit trail, which helps the organisation to detect any hacking activities by its internal employees, he added.

“They [Aramco] are extremely sensitive about outside attacks and about the potential for internal abuse of their networks,” McDonnell said. The information from the different parts of the IT network is taken by ‘collectors’, which then transfer the data to a central repository. McDonnell said the 2,000 plus collectors Aramco had made it one of the biggest Sentinel deployments in the world. He said the average implementations had 200 to 300 such collectors. “It’s on an order of magnitude beyond the normal scale of our customers,” he said.

In Aramco’s case, Sentinel has been deployed on two separate IT networks – the core IT system that is used across the company and a separate network, named Expec, which is highly restricted and confidential and used by the company’s exploratory division. This system includes simulation grids for reservoir simulation, a main frame and “heavy duty systems to help them with incredibly heavy duty processing”, according to McDonnell.

“The information is so sensitive – they are a body unto their own – they have to handle top secret information about Aramco and its future plans that they don’t even share with the rest of Aramco,” commented McDonnell. “They’ve both got different security requirements and Expec is always run with a huge amount of autonomy with its own ICT department. It’s like an ivory tower of its own.” Aramco declined to comment on the Sentinel upgrade. “Saudi Aramco does not discuss issues related to its IT security systems as this information is regarded as both proprietary and confidential,” the company said.

Aramco are extremely sensitive about outside attacks and about the potential for internal abuse of their networks.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code