Software & Web
« Back to the top page
IDG News Service

Career Education Corp. gets smart on IT security

IDG News Service, The Industry Standard11.26.2007
Tags
Comments 0
Like the story? Get Alerts of big news events. Enter your email address

By Denise Dubie, IDG News Service

When Michael Gabriel joined Career Education Corp. in February 2004, he knew he needed a business case to justify an overhaul to the educational services company's information security program. Looming Sarbanes-Oxley Act (SOX) compliance deadlines provided just that for the CISO, but that initiative was only the start of a thorough security management program that continues to this day.

CEC, in Hoffman Estates, Ill., had grown tremendously over the previous five years, becoming what in 2004 was a US$1.7 billion company. Following this boom, it needed to formalize controls and get a handle on its security infrastructure to enable uninterrupted growth going forward, he says.

"The immediate need was [SOX], but when I did further analysis . . . the remediation projects that needed to get done ran the gamut from security policy to change-control to incident-response awareness and security monitoring," Gabriel says.

CEC earns its place among the 2007 Enterprise All-Stars for its smart adoption and implementation of security information management (SIM) technology. With netForensics' nFX Open Security Platform (OSP) Version 3.4 software, CEC automates security and other logs from some 10 firewalls, 10 prevention systems, 12 domain controllers and all Cisco devices. In addition, by integrating Rippletech's RippleTech Informant Version 1.0 into the netForensics rollout, Gabriel can collect logs from six Microsoft databases. No software on the actual data source is required.

Among the many benefits of CEC's estimated $400,000 investment are SOX compliance and comprehensive reporting, combined external and internal threat management, improved security-threat response time, and increased ROI on IT resources. CEC invested $100,000 to $200,000 initially in the security-management software and plans to add another $100,000 to $200,000 later this year to augment the project and expand to a second data center.

"It's hard to quantify in hard figures, but if we had not been able to use this technology we would have had to invest in a systems administrator to do this work; and from a security standpoint, we wouldn't have such visibility into our entire environment," Gabriel says.

Gabriel started at CEC during what he describes as a whirlwind. "There wasn't a lot of time to do extensive bakeoffs. I needed to get this project underway," he says.

Fortunately, Gabriel had heard from peers about SIM products from such vendors as ArcSight and netForensics. Because scalability was a top concern, he decided on netForensics, which had a proven success record in large government environments. The vendor's back-end capabilities -- large-volume data-collection and -correlation -- resonated with him. He says he would pass on a pretty GUI in favor of power on the back end any day.

It's not that netForensics, which has just added a collector for Microsoft Windows platforms to its product portfolio, didn't have a good GUI. Gabriel found the product most accurately addressed CEC's needs, especially considering the fortuitous addition of the Windows module. "We were one of the first customers for that," he says.

Building the framework

NetForensics nFX OSP applies data-aggregation and event-correlation features to event and security logs generated from firewalls, proxy servers, intrusion detection/prevention systems and antivirus software, for example. The product also works to normalize -- that is, translate -- all the data formats from Cisco, Microsoft, Check Point Software and other data sources into one common language so that they can be correlated.

The product consists of server software, agent software installed either on servers close to the devices they are monitoring or the devices themselves, and a management console. At CEC, the software runs on a mix of Microsoft Windows and Red Hat Linux servers, alongside Oracle databases.

By the fourth quarter of 2004, Gabriel was using the netForensics tool in CEC's data center, which serves as a hub for about 80 schools. There it collects security information and incidents and investigates the potential threats. Yet one thing was lacking. "We had the logs from perimeter devices and operating system logs

12next ›last »

Post new comment

The content of this field is kept private and will not be shown publicly.
Respectful debate is welcome, but comments that are defamatory, indecent, abusive, or in violation of any law will be removed.