Global DataGuard Displaces Incumbent Network Security Vendor at One of the Nation's Largest Privately Owned Banking Institutions
Background: As part of a scheduled evaluation of commercially available managed security services providers (MSSPs), one of the nation’s largest privately-owned banks decided to simultaneously evaluate and compare their incumbent MSSP provider against Global DataGuard. Throughout the month-long evaluation both vendors’ product suites and managed service organizations ran side-by-side to provide an objective evaluation against the bank’s network infrastructure and business requirements.
Challenges: In addition to evaluating real-time integration between IDS/IPS systems and detected vulnerabilities, the bank also reviewed both vendors’ offerings with regard to network access policy management & monitoring, log management and monitoring, contract data privacy concerns, overall network performance, and Service Level Agreements (SLA). Under their current contract, the bank’s proprietary data was being remotely transmitted off-premise to the incumbent security vendor’s operations center (SOC) for back-end processing, monitoring and reporting. This procedure created a variety of potential data privacy and compliance concerns.
The contract also stipulated that the bank would lose its rights to the vendor’s proprietary technology and services upon contract termination. In addition, security event data created during the contract period would remain the property of the network security vendor, although the bank would be able to use any reports and data that were delivered during the contract period. Finally, the bank’s existing contract was priced to capture and monitor a limited number of network devices and covered only three of the bank’s firewalls with 24x7 real-time monitoring, ticketing and incident response.
Best Deployment Scenario - Managed Security Service
Solution provided: While both vendors offered a wide array of impressive security technology, it was determined that Global DataGuard incorporated several integrated technologies which provided superior security protection not offered by the bank’s existing security vendor, including:
Network Behavior Analysis & Correlation: The efficacy of Global DataGuard’s network behavior analysis-based technology was demonstrated throughout the evaluation period and caught several issues that went undetected by the bank’s existing security vendor, including behavioral-based suspicious traffic patterns; network/server mis-configurations; Internet Relay Chat activity; suspicious outbound traffic; the transmission of sensitive data across the network in clear text (PCI Alerts); and various instances of email abuse.
Real-time integration between IDS/IPS systems and detected vulnerabilities: While both solutions provided integrated intrusion detection/prevention (IDS/IPS) and vulnerability management services (VMS), Global DataGuard’s UTM++ solution was able to share information between security subsystems, enabling the IDS/IPS monitoring services to correlate hostile network activity with detected vulnerabilities in real-time on the monitoring console.
Network Access Policy Management & Monitoring: Global DataGuard’snetwork access policy & monitoring (NAC/NAM) capability provided defined Network Security Zones with secure boundaries for specific systems, applications and users.
Log Management & Monitoring: Although both proposed solutions included comparable log management and monitoring capabilities, Global DataGuard priced its solution to cover all firewalls, switches, routers, and domain controllers, as well as all of the bank’s application servers, with 24x7, real-time monitoring, ticketing, and incident response. Additionally, Global DataGuard’s Firewall Syslog Module (FSM) enabled the bank to implement, monitor, and enforce refined/stringent access and/or change policies based on individual users, groups, administrators, time-of-day, day-of-week, day-of-month, etc – a capability not available through the bank’s existing network security vendor.
Contract Data Privacy Concerns: Global DataGuard guaranteed that 100% of security event data would remain on the bank’s premises, and all captured, created, and rendered data would be the exclusive property of the bank. Upon contract termination, the bank would retain all rights to proprietary Global DataGuard technology.
Network Performance Considerations: The incumbent security vendor’s inline devices introduced a performance impact on the bank’s network. In contrast, Global DataGuard’s IDS/IPS appliances (which are 100% passive) did not introduce any network latency or single point(s) of failure.
Service Level Agreement (SLA) Considerations: While the bank’s existing security vendor’s managed security servicescame with a standard (non-customizable) SLA, Global DataGuard provided the bank with a custom SLA that could be defined based on the bank’s unique business requirements. Further, Global DataGuard SLAs are not defined as part of a Master Services Agreement/Contract, have no bearing on the cost of the service, and can be modified by the customer as often as needed.
Summary: After a full month evaluation of both vendors’ product and service solutions against the bank’s network infrastructure and business requirements, the bank chose Global DataGuard’s Enterprise UTM (UTM++) and managed security services offerings because “they provided superior network security coverage and better service at a lower total cost.” The bank’s final determination: “we strongly recommend Global DataGuard as our preferred Managed Security Services Provider.”
14800 Landmark Blvd. Suite 610
Dallas TX 75254