By Simon Leech, CISSP CISM CRISC: Manager, Solution Architects EMEA Enterprise Business, HP TippingPoint Group
This week, in this press release HP Boosts Network Security, Reliability for Egypt’s Leading Mobile Service Operator, HP announced that Mobinil chose to deploy the HP TippingPoint Intrusion Prevention System (IPS) to safeguard its data centers and networking infrastructures from malicious threats.
It’s a great thing when one of our customers is so satisfied with the deployment of our solutions that they are willing to share this with the rest of the world, so I thought it would be a good opportunity to dive in a bit deeper and look at what Mobinil had chosen to buy.
Mobinil is one of the largest wireless service providers in the Middle East, with more than 30 million subscribers and a 3G network that covers 99.65% of the country. As a service provider, Mobinil has a network infrastructure that allows their subscribers, as well as visitors to the country, access to the internet and the ability to browse the web and download email 24 hours a day. To support these requirements, Mobinil has chosen to implement a distributed data center architecture, supporting multiple Internet points of presence across the country.
Mobinil’s security challenges and solution decision process
Hassan Mourad, technology and security operations senior expert at Mobinil, explained to me that without appropriate protection from trojans, viruses, worms or any other potentially damaging network events, these threats would hog valuable bandwidth, create considerable network noise, and potentially cause customer downtime. Mobinil realized that it was impossible to force subscribers to install security solutions on their mobile devices, so instead they set about identifying a high-performance IPS that would safeguard their network gateways and ensure that the network only handles clean traffic.
The Mobinil team started off their decision process by issuing an RFP to a number of IPS vendors that were active in Egypt. This allowed them to gain a thorough understanding of the solutions available on the market and enabled them to make a shortlist of vendors that, at least on paper, satisfied their requirements. To check the claims that the vendors had made, they also tested each product against a number of criteria. These included 5/9s availability, network latency below 150 microseconds, scalability up to 20Gbps traffic inspection on a single 10GbE link and, of course, security effectiveness.
Choosing a new intrusion prevention system
The approach Mobinil took to choosing an IPS is not uncommon among our customers. We always welcome the ability to show our gear to the customer in a real life test environment. To satisfy customer requirements, our local technical team decided to invite Mobinil to evaluate one of our recently launched 10Gbps bundles – a pair of HP TippingPoint 5100N IPSes together with a Core Controller, providing 10Gbps of inspection capability. These bundles are ideal for use in such a customer environment. Their custom hardware architecture, comprised of custom ASICs and network security processors, means we introduce a minimum of latency to traffic being inspected by the device. In fact, our datasheet states the typical latency introduced as being less than 80 microseconds. The 5100N uses the same Digital Vaccine as all the other products in the HP TippingPoint portfolio. It’s our approach to creating these Digital Vaccines that really sets us apart from the rest of the market.
Now comes the Digital Vaccine from DVLabs
The Digital Vaccine itself is the security knowledge behind the product. Each week DVLabs, our internal research group, releases a new DV that provides customers with protection against the latest vulnerabilities and network exploits. We’ve always taken a Virtual Patch approach to writing these signatures, so rather than wait for the exploits, we proactively write the signature to protect the vulnerability that the exploit is using. This means that we offer protection very early on in the threat lifecycle, and don’t need to release new or modified signatures every time a new exploit emerges. This approach to writing signatures fulfilled the security requirements that Mobinil had identified, Mobinil were satisfied that they would have industry leading protection capabilities.
Another aspect of HP DVLabs that particularly impressed Mobinil was the Zero Day Initiative program that DVLabs operates. ZDI is a so-called “vulnerability bounty program’” that pays researchers money to share their discovered vulnerabilities with HP. While the aim of the program is to promote responsible vulnerability disclosure, an important byproduct of the initiative is that we get protection in the TippingPoint IPS for zero day vulnerabilities way before anyone else in the market. Industry research has shown that HP DVLabs finds 8-to-10 more vulnerabilities than other vendors. Having this level of protection in a security product is particularly impressive when looking at the ways that attackers are exploiting undisclosed vulnerabilities.
After Mobinil procured its HP TippingPoint 10Gbps IPS bundles, our professional services department came on site to implement the solution. The IPS devices are configured to constantly clean the networks of malicious and unwanted traffic, and as a result Mobinil has seen improved network performance for mission critical applications.
As Mourad told me, “Thanks to the HP TippingPoint IPS, we have increased network visibility and we are delivering secure services to customers, enduring business uptime and improving the customer experience.”
With the increased security threats mobile users are experiencing today, Mobinil users can feel safe that their provider has joined an ever-growing number of service providers who have chosen to protect their customers with the HP TippingPoint IPS.
>> Learn more about HP Networking products and solutions.