When it came to choosing security equipment for its growing savings bank, sheer practicality won the day at the Institution for Savings.
The Newburyport, Mass., bank, which grew from two to 11 branches over the past several years, needed a solution that offered centralized management and was cost- effective and easy to deploy as new branches and other facilities were added, says Tom Hopp, senior vice president and CIO.
Besides its branch locations, the Institution for Savings also runs five education outlets located at local schools, plus one lending office. This expansion was a big deal for the bank, which was founded in 1820 and prides itself on serving the local community.
“Today we have close to 200 employees, and when I came on more than 10 years ago, I was the 50th employee,” Hopp says. “We went from a two-subnet bank to an almost 20-subnet bank in that 10 years.”
After reviewing products from many manufacturers, the bank settled on unified threat management appliances from Fortinet. The all-in-one UTM devices arrive loaded with features, including routing and switching, firewalls, intrusion detection and prevention systems, virus scanning and web filtering.
The UTM approach works well for companies that expect to grow and need to layer in additional services over time, says Chris Rodriguez, senior industry analyst for network security at Frost & Sullivan. UTM devices are ideal as well for companies, such as the Institution for Savings, that have small tech teams and need to limit the number of devices they must manage.
“Many companies are worried about device sprawl, so UTMs that offer a broad mix of features are more economical and easier to manage,” Rodriguez says. “And to save money, companies can start with the basic firewalling features and add web content filtering and scanning later on.”
Like the Institution for Savings, Wholesale Electric Supply in Houston also opted for a UTM solution, deploying WatchGuard Technologies’ XTM 5 series units, as well as eight WatchGuard AP200 wireless access points and three smaller Firebox T10 models.
The equipment supports the company’s 12 branches and 400 users well, says Bill Fife, Wholesale Electric’s director of technology. The WatchGuard devices maintain constant public Internet availability as well as private network access via 150 secure virtual private network tunnels throughout the company’s enterprise network. Along with the full-featured XTM 5 series UTM devices, the company also makes use of WatchGuard Dimension, which delivers reports on actionable security information based on daily events.
The WatchGuard Application Control for web traffic helps Fife and his staff manage security and productivity more efficiently by giving them more granular control. For example, the IT team can let people see and use Facebook’s “like” feature but prohibit email, video and instant messaging. The WatchGuard control tool provides the ability to set varying access privileges for 1,500 applications, so it’s highly customizable, Fife says.
“This kind of tool is essential, especially given the myriad number of Internet threats found today,” he says. “Drive-by downloads, infected websites and other threats can hit anyone at almost any time, so it’s best to implement defensive measures before disaster strikes.”
Given the ever-expanding threat landscape, Fife also plans to deploy the WatchGuard APT Blocker later this year. It will scan for threats embedded in documents by combing through web and FTP streams.
At the Institution for Savings, Hopp’s IT team deployed the Fortinet FortiGate 280D at the head end of the bank’s main data center and FortiGate 140D UTMs at each branch location and at the bank’s loan office. The facilities at the local schools received the FortiGate 90D models. Along with the UTMs, the bank installed Fortinet FortiAP wireless access points.
Hopp says his IT staff takes advantage of tools such as FortiManager, which lets them remotely manage all the Fortinet devices from a single console. In addition, the FortiAnalyzer lets the seven-person tech team filter and review records, including network traffic, as well as event, virus, attack, web content and email data. They’ve even started using FortiSandBox, a tool that prevents suspected malware and advanced persistent threats from accessing the network, sending them instead to a sandbox for testing and remediation.
“We look at the UTM in a slightly different way,” he says. “We use it as a router that sits on our internal private network. So if something starts to spread, the UTM stops it at the subnet.”
Fife says along with better security, the UTMs from WatchGuard support faster throughput and make it easy to deploy additional devices when the company needs to add new branches or warehouse facilities.
“The WatchGuard products have eliminated malware and viruses from our network while users are transparently protected without noticing any degradation,” he says. “They are also flexible to deploy and let me easily set policies and restrict traffic where appropriate.”
Hopp sees a similar advantage with his Fortinet deployment, which began last June and finished up in December. “When we open up a new branch, we don’t have to take up as much space for the networking equipment, plus it’s just a matter of connecting the devices and adding them to the management console; they are really easy to roll out,” he says.
There are other advantages too.
Going with Fortinet for all of the bank’s networking and security equipment saved thousands of dollars, Hopp points out.
“We used to have different vendors for routers and switches,” he explains. “In the past, each branch required two switches and two routers. Now, all a branch needs is one FortiGate 140D device.” Hopp estimates that the bank saves $3,000 to $5,000 per branch by deploying the Fortinet gear, not to mention a lower electric bill because it now runs fewer network and security devices.
Better security, scalability, reduced management burden and savings — both the Institution for Savings and the Wholesale Electric Supply achieved those through their UTM deployments.
Most companies know they need to do something to ensure security as they expand, Frost & Sullivan’s Rodriguez says, and the latest UTM devices and ancillary products provide a sensible approach for small and midsize companies seeking added protection at an affordable price.