Qatar Islamic Bank (QIB) is the first and biggest Islamic Bank in Qatar. The bank’s data center is a state-of-the-art design, providing high performance and scalable architecture. The 10G network extends throughout the server farm, from the Core Switch through the server farm switch up to Core Banking servers’ Network Interface Cards. Besides a leading edge technology infrastructure, the bank also holds the distinction of the first ever deployment of a 10G network intrusion prevention system in the Middle East.
Today, TippingPoint’s Network Intrusion Prevention System (NIPS) appliances are used in QIB at the Perimeter area and also at the Core Server Farm area. Two units of TP600E guard the perimeter connections and a combination of two Core Controllers and two TP2400Es guard the Core Server Farm. All these units are centrally managed through TippingPoint’s Security Management System (SMS).
While designing the data centre, QIB’s key objective was to provide Layer 2 – Layer 7 deep inspection at 10G speed with the least possible latency, not at the expense of compromising network performance. “We looked at various key parameters which selecting the IPS. These included ASIC-based hardware design and high availability during power and component failures. Since an IPS is an inline device, we wanted to make sure that the network stays up and running in the event of a power loss or component failure,” says Hammad El Zamli, Chief Information Officer, Qatar Islamic Bank.
The two other major issues that the bank sought to address were the Patch Management and Change Management timelines. QIB has implemented a strict Patch Management process of testing any new patches on test servers, getting the sign off from application owners and patching the production servers through a Change Management request. “With today’s shrinking timeline between the Patch release and Virus/Worm release and also the increasing number of Zero Day vulnerabilities, we found it difficult to let the production servers remain un-patched during the time-consuming Patch Management and Change Management processes,” says El Zamli. Today, with TippingPoint’s Digital Vaccine filters, QIB is able to go through the step-by-step Patch Management and Change Management processes.
Mostafa Essemmar, Information Security Manager, Qatar Islamic Bank, says the bank chose TippingPoint for a host of reasons. “We found that the other 10G IPSes in the market had hard-disks in their appliances and the ASIC design was restricted to a few chips like network processor or load balancer chips, while the actual processing was done at Intel/Celeron/Motorola chips, thus making them yet another software-based server appliances. Thanks to its hardware design, at 10G speed the one-way average latency of TippingPoint appliances is less than 120 microseconds. With its previous switching background, TippingPoint appliances were designed to take care of the networking issues of supporting both layer 2 protocols like STP, CDP etc and Layer 3 protocols like OSPF, HSRP, VRRP etc.”
Essemmar adds that his team was quite impressed by TippingPoint’s track record of Zero Day vulnerability discovery, coverage of published vulnerabilities and timeliness of releasing its Digital Vaccine filters, which no other IPS vendor could come close to. Ease of configuration and management was another area where we found TippingPoint’s supremacy over other vendors. TippingPoint’s out-of-the-box ‘Recommended Settings’, which turned on more than 33% of its filters with a guarantee of no false positives, made us quite comfortable on the proactive protection front.”
From a Scalability perspective, we found that TippingPoint’s Core Controller solution is able to provide full-duplex deep inspection from 2 Gbps up to 20 Gbps in a single 10G link without adding any third-party products. In terms of Total Cost of Ownership (TCO), TippingPoint’s Core Controller solution is build upon ‘Pay as you Grow’ concept in which IPSes can be added to the Core Controller when the 10G utilization/throughput grows and this investment can be spread over multiple budget cycles.
“After the deployment of TippingPoint solution, we are able to go through the step-by-step patch management and change management processes without rushing through them. Another benefit we get is an early alert of any virus/worm spread from any PC as that will be blocked and notified by TippingPoint,” says El Zamli.
The implementation of intrusion prevention solutions was done in a planned manner and it was carried out in two phases – perimeter and core. It involved deployment of multiple network devices and security technologies. Training on each technology was also part of the project plan. NIPS was the last device to go live in both the phases as it was plugged in a transparent, bridged manner.