ROCKVILLE, Md.-An Apple iPod digital music player can download 160 gigabytes of data. Each database at Energy Federal Credit Union here contains up to five gigabytes of confidential member data.
Put the 160 and the five together, and you've got a potential data breach, said Ted Carmack, information services manager at the $100-million CU.
"Someone could plug an iPod into one of our USB ports and walk away with an entire database," Carmack said. And that someone wouldn't have to be a malevolent employee or even an oblivious employee, he said. "A visitor with a personal digital assistant could plug-in to the network."
In fact, end-users, whether they are employees or visitors, scare Carmack more than external network threats, to which he is well accustomed, he said. "The number one threat today is any internal end-user," he explained. "More than ever, they are savvy computer users."
But surely the removable-media threat is old news by now, what with the ubiquity of high-profile, high-capacity digital music players and thumb drives and the industry focus on security and audits.
Not so, Carmack suggested. "Credit unions our size aren't protected against USB threats." Energy FCU itself was vulnerable until a year ago when the NCUA slapped it on the wrist for not knowing enough in real-time about who might be trying to plug-in or log-on to its computer network, he said.
It's not that Energy FCU doesn't have an intrusion-detection system, anti-virus software, firewalls and "raw" logs of firewall traffic. It's that the raw logs are impossible to monitor by hand. "My entire IS staff is three people, and they don't have time to look at raw logs," Carmack said. "The raw logs are good for forensic purposes but not easy to read to monitor activity."
Thus, Energy FCU needed a network security solution that would not only sift through the raw logs and deliver a complete picture of network activity but would also take action in real-time to stop any threats, Carmack continued.
The Security Information Manager (SIM) offered by TriGeo Network Security of Post Falls, Idaho, fits the bill, he said. A SIM plug-in sits on each of the CU's desktops and servers, 73 machines in all, and monitors all USB ports.
"Anything plugged into those USB ports is automatically rejected unless I approve it," Carmack said. "And SIM notifies me with a pop-up alert." Carmack can customize the SIM console to detect and correlate network activity to comply with Energy FCU's security policies.
The console provides companies with "visibility" into their network events, suggested Michelle Dickman, TriGeo CEO. "Logs are an ocean of data. We've given Energy Federal the ability to get the information it needs at real-time network speed as network events happen."
"I could hire three network engineers at $120,000 per engineer per year and dedicate them to browsing logs, and they could provide me with only a fraction of what the console provides," Carmack said. "Having a single point of log aggregation is wonderful."
In the past, CU engineers had to manually sift through 400 megabytes of raw firewall logs per month. TriGeo has whittled down the amount of logging for all 73 devices to 60 megabytes of data per month-all with automated alerts and reports-in the year Energy FCU has used the appliance.
"The reason for the dramatic decrease is the greater effectiveness of directed logging, where we can be more specific in what is important to us," said Carmack.