Casino Stacks the Deck with New IDS System

Download our in-depth report: The Ultimate Guide to IT Security Vendors

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
The saying goes, 'What happens in Vegas, stays in Vegas'.

For the casino owners, though, the saying should be more along the linesof, 'What money they make in Vegas should stay in their bank accounts'.

So when computer hackers try to steal vital information out of thecustomer databases of the major Las Vegas hotels and casinos, it's a bigconcern. To combat the hackers -- and to keep their information andmoney in place -- the casinos have worked hard to develop sophisticatedsecurity systems.

The Riviera Hotel & Casino, for example, is one of them. The hotel,which will celebrate its golden anniversary next year, has more than2,000 guest rooms.

Like most other businesses of any significant size, the Riviera wassubject to a wide range of attacks from purveyors of maliciouscode. But being a player in the glaring lights of Las Vegas, draws even more attention from the blackhat crowd.

''We're being constantly attacked,'' says Tim Wilbur, networksecurity specialist with the Riviera.

The company recently decided to shop for an intrusion detection system(IDS) to better identify and manage the threats. The Riveria's securitystaff had been monitoring attacks by ''drudging'' through firewall logs,watching the network for traffic spikes and trying to monitor thenetwork infrastructure.

''But we wanted to take the guesswork out of our security approach,''says Wilbur. ''I wanted to know the when's, where's, how's and howoften.''

The staff decided to look at a few alternatives for intrusion detectionsolutions. They considered a product from Recourse Technology, but afterSymantec acquired that company, the Riviera staff detected a dropoff incustomer service and got turned off. They also looked at the Snort opensource software, and its GUI with log consolidation. But in the end, theteam decided on Sentivist from NFR Security.

''Ultimately, we went with NFR based on price and product,'' Wilbursays. ''NFR offered more information in a consolidated way for lessmoney. The level of detection was more in-depth and provided moreinformation, including information about 'false positive' situations anda reference guide with information on suggested corrective actions.''

The implementation required a ''crash course in Linux,'' since Sentivistuses a hardened Linux OS within its appliance. That, however, did notprove to be much of a stumbling block for the Riviera team. The producthas met the IT team's expectations, and they report a positiveexperience.

''The Riviera is not just a hotel. It is in the gaming industry,'' saysAndre Yee, CEO of NFR. ''So there are many credit card transactions intheir environment, and other confidential financial information relatedto clients and guests. They all need to be protected, and a firewall isnot enough. A skillful attacker can circumvent a firewall.''

NFR differentiates on its use of both protocol anomaly detection andsignature pattern matching, in a hybrid approach. The product is pricedat $11,000 for 100Mbps throughput, to $22,000 for 1Gbps throughput.

The biggest trend in the IDS market is the move to intrusion prevention,says Andrew Braunberg, senior analyst for information security withCurrent Analysis, an industry research firm based in Sterling, Va.

These competitors, in addition to NFR in the IDS market, include CiscoSystems, Inc., ISS, Inc., Network Associates Technology, Inc., andSymantec Corp. NFR does have plans to move into intrusion prevention inthe second half of this year.

''It has interesting technical advantages,'' says CEO Yee. ''Manysecurity administrators are not comfortable putting an appliance inline, so we put in a mechanism that allows customers to calibrate therisk of dropping legitimate traffic.''

A key trend is the ability to reduce false positives and prioritizethreats, says Braunberg of Current Analysis.

''If you have vulnerability assessment data married to threat managementdata, that allows you to prioritize what the really important threatsare to the network at any one time,'' Braunberg says. ''That is what aneffective IPS does, theoretically. And all these companies are lookingat that.''

The Riviera's Wilbur offers some advice about the search for an IDSimplementation: ''Product demonstrations are absolutely necessary.Intrusion detection can become very labor intensive due to the amount ofinformation passing through the lines today. In my case, consolidationand explanation was key.''

Submit a Comment

Loading Comments...