SHERRILL, N.Y. – Ask Mike Murrock why his credit union chose to deploy a leading-edge enterprise threat mitigation appliance, and he has a simple answer. "In a word, the NCUA," says the vice president of operations at $72 million ACCESS Federal Credit Union in upstate New York's Oneida County. "They advised us we need to get a better handle on reviewing the logs from our network devices, from the systems that are visible to the Internet." At a 14,000-member credit union, that's no easy task, so on the advice of the CU's network security consultant, ACCESS has just deployed the Protego MARS20, a new version of a security-information management (SIM) appliance system that normally is found at much larger enterprises. ACCESS is the first credit union to use the device from Protego Networks, a two-year-old high-tech startup from Silicon Valley. It's basically a flat, rectangular box that relies on a hardened operating system, embedded Oracle database and proprietary logic to present, through a Web interface, correlated intrusion and other network event information in way that the user can make sense of it, and if necessary, quickly thwart an incoming hack attack. The correlation piece is big. "We did have a way of accessing logs to see what was happening on our network, but we didn't really have a practical way of reviewing it," Murrock says. "There are literally thousands of events, sometimes tens of thousands of them, happening on a daily basis at even a medium-sized credit union like ours. "You also really don't get a sense of what's happening when you might have a couple of events at one location and maybe a couple at another. We needed to have something bring it all together." The credit union already was using standard best-practices security gear, including Cisco routers running IP firewall feature sets at each of the branches, secured VPN connectivity between them and the main site, and Computer Associates anti-virus solutions on the networks and the desktops, says Mike Polce of M.A. Polce & Associates, a network security consultancy based in Rome, N.Y. Adding the Protego appliance helps give a clearer picture of what's going across the network, plus adds threat-mitigation features that, at the push of a button, can quickly eliminate intrusion threats before they escalate behind the firewalls, Polce says. "What we liked about the MARS20 is that we could implement it relatively easily, relatively seamlessly and it works well with the most common components and security solutions," the consultant says. They also liked the price. It costs about $10,000 for a MARS20, lowering the cost-of-entry for security information management (SIM) technology sharply, according to Scott Gordon, vice president of marketing at Protego Networks. The company, which includes a number of former Cisco employees on its staff, is aiming for the small-business market with the new device, a market that "has the same needs for security as anyone else. If this level of security management is crucial to a big bank, why is it not equally important to a credit union? Gramm-Leach-Bliley and all the other regulatory requirements don't scale," Gordon says. "They are what they are. Money is money and people have trust factors and there are regulations." SIMS, also sometimes called security event management systems (SEMS), "used to cost hundreds of thousands of dollars and now tens of thousands of dollars, and that's just to buy the product. There's also a high cost of ownership," which Protego Networks aims to alleviate with this down-market device, Gordon says. Just like the big systems, Gordon says, the MARS20 helps assure network security by "centrally aggregating all the noise, doing some basic correlation, facilitating work flow and providing a means for management reporting, to help meet auditing and compliance requirements." While broad functionality, a relatively flat learning curve and low cost of ownership were pluses for ACCESS FCU, Murrock says, "we did not approach this from an ROI (return on investment) point of view. "What is of utmost importance to us is our relationship with our members," the ACCESS VP says. "Installing the Protego device helps ensure that we can say to our members, `We have a secure financial situation for you. We have this under control. We know what's going on." -

[email protected]