Showtime Arabia is the leading Pay TV network in the Middle East and North Africa, with the significant subscriber base in the region. The broadcaster also boasts of an advanced technology infrastructure, including a full fledged data centre in its Dubai office. Its network, which links the company’s offices in Saudi and Egypt to the headquarters, runs a wide variety of business applications such as CRM, HR, help desk, etc.
Last year, Showtime embarked on a project to bolster its security infrastructure as it stores highly confidential customer data on the network, and also protect its B2B and B2C web applications against security breaches. “Though we have a mature security infrastructure in place in terms of firewalls, spam filters, multiple tiers of end-point security; we wanted to make sure that nothing is left to chance by deploying an intrusion prevention solution. That’s how we zeroed in on TippingPoint. It was very important for us to maintain highest possible level of security posture with the least possible overheads,” says Shabbir Nalwala, Senior Manager-IT, Showtime Arabia. Another reason which triggered the decision to deploy IPS was of regulatory nature. “We were going through PCI-DSS compliance, and one of the requirements for this was to have an IPS in place among other things,” he adds.
Initially, the company was faced with the choice between IPS and IDS, and chose to go with the former because of its added benefits. Once the decision was taken, Nalwala evaluated various solutions in the market, comparing vendors on features, throughputs and manageability. “We did a PoC with TippingPoint, and the results were satisfactory to date and matched our requirements so far. And what made it more attractive was that TippingPoint has relationships with Microsoft and other vendors in which if there are any vulnerabilities in their solutions, they release the corresponding vulnerability filters. In case if our system admin fails to apply the patch on time, then IPS would proactively block the attack,” he says.
Zero power high availability and Layer 2 Fallback were the other two features that tipped the scale in favour of TippingPoint. It meant even there is a power failure in the data centre or chip or process failure, IPS would not trigger any downtime, but continue to push packets. The IPS also brought in its wake many important functions and features to the Showtime networks. If any internal/external host/entity triggers the predefined filters in specific time period, automatically it quarantines that host/IP address and restricts any communications from/to that host. This is done through the TP's quarantine feature. “In terms of other benefits, we are able to identify different threat vectors, and exhaustive reporting tools provide a number of reports for our internal analysis on threat behaviour and compliance. Compared to manual process TP IPS gives us more cost benefits and operational efficiency. Before the deployment, we were manually identifying the threats (through research, etc) then coordinating with different teams within IT to address the vulnerabilities. This process is inaccurate and takes lot of time. With IPS it’s quite automated. At a click we can identify the threats and vulnerabilities within the network and teams can immediately start working on addressing the vulnerabilities,” explains Nalwala.
The most important feature of an IPS is whether or not it does the job you bought it for. That said, it also needs to be usable in the sense that it can support the network manager in the day-to-day tasks that go hand in hand with using an IPS in an enterprise setting. TippingPoint seems to be doing just that for Showtime. “The SMS reporting capability gives us periodical activity reports (alerts), which saves us lot of time. Now, every month I get an activity report in a dashboard while my engineers go through the daily reports. The IPS proactively alerts us whenever there is a risk. It also gives us the options to centrally monitor manage IPS, which we plan to implement in branch offices this year,” says Nalwala.
One of the common fears associated with deploying IPS on the network is a slowdown in network performance. Nalwala says his experience is completely different. “We have not had any degradation in network performance since the deployment. Moreover, we have already achieved the RoI within a year.“