McAfee supports Indiana security

State of Indiana Web site

Indiana’s state government has been using an intrusion prevention technology for the last six months that not only eliminates or isolates worms, viruses and other cyberthreats, but also enforces security policies among its employees.

Using technology developed by McAfee, the state has deployed a dozen IntruShield sensors, which monitor traffic across its vast distributed network of servers and 15,000 desktops across 118 agencies as well as a number of county governments, which tap into the state’s backbone.

Don Wray, the state’s chief information security officer, said they began searching for a new system after some of the state’s networks, including Sasser, were hit by several worms. The state had an enterprise security policy and firewalls. It also had an intrusion detection system that wasn’t being used because the only employee who had expertise in using it had left and no one else knew the system that well, he said.

After evaluating several products, they settled on McAfee’s intrusion prevention system that proactively blocks cyber intruders. He said the state installed two security sensors or appliances initially into its network to monitor and learn the traffic but not actively block anything. It then added 10 more and turned the initial two appliances on, meaning it would actively block viruses and worms. It now has activated all the appliances, which are monitored through a Web-based management platform.

"The longer it sits on the networks the better it becomes. You can fine tune the rules on the system so that pretty much lock down your network," Wray said. "If I see virus or something happening at an agency that had a subnet, I can shut that off from the rest of the network until they got it taken care of. So it provided us with a little extra support there."

But he added that the system also enforces the state’s security policies, such as the restrictions against downloading music through peer-to-peer file sharing programs and instant messaging.

"And when we turned on the sensors I found that quite a few people were using instant messaging and it stopped them in their tracks," he said. "How I knew people were realizing it is we started getting a lot of help desk tickets wondering why their instant messaging no longer worked."

Wray said the state spent about $1 million on the system. Some of the money came from Homeland Security Department funds.

He said the state is getting ready to run an enterprise security audit and assessment within the next couple of months to provide officials with a benchmark. From that they will develop a strategy to improve their security standing and build in security when a new application or network is deployed.

Harry Clarke Jr., McAfee's senior vice president in charge of the federal government market, eastern United States and Canada, said the company’s technology is used by several federal agencies, including the Defense Department. About 1,000 IntruShield appliances deployed across the department’s networks with about 30 percent activated to actively block worms and viruses. He said the technology is the only network intrusion prevention solution in the marketplace with an Evaluation Assurance Level 3 Certification from the National Information Assurance Partnership.

He said the intrusion prevention solutions are unpopular now and doesn’t see any real barriers for increased usage of such systems. He said IT and security managers need to get comfortable and accustomed to using such technology.

"There certainly isn’t any policy inhibitor in the federal government," Clarke said. "There’s very broad acceptance across all different types of civilian agencies as well as the Department of Defense and intelligence agencies. Customers over the next 12 to 18 months depending on the maturity of their [intrusion detection system] solutions are planning to make those conversions."

Other state governments are looking at intrusion detection and prevention systems, but Wray said states are at different stages of maturity when it comes to their security. Some have dedicated budgets and staff while others have much less.

"I don’t think there’s enough budget out there right now for the security to happen," Wray said. "I’m lucky. I now have a new administration and [chief information officer] that really like and understand security and I have appropriate tools and personnel to do the job."