About Telecom Italia
Founded in 1994 after the denationalisation and merger of several state-owned companies, Telecom Italia is now the largest player in the Italian telecommunications industry. The group provides fixed and mobile telephony and broadband services to more than 20 million customers, and also has interests in TV broadcasting.
Challenge
In 2006, Telecom Italia began a major initiative to rationalise and standardise business processes across all group companies, with the intention of increasing operational efficiency, reducing costs, and facilitating regulatory compliance.
An important part of this initiative was to create a single Security Operations Centre that would be capable of monitoring the entire IT and network infrastructure. Telecom Italia planned to replace five separate security monitoring systems with just two: one for the company's public network, and one for its intranet.
"Previously we had five different systems providing security monitoring for different parts of the company, so it was very difficult to get an accurate view of events across the network," said Giovanni Ciminari, Security Solutions Manager at Telecom Italia. "We wanted to consolidate these systems and implement a more comprehensive monitoring platform, which would help us react faster to security issues and improve risk management."
Novell Solution
In creating its new security centre, Telecom Italia knew that it would be vital to create efficient security processes, then train staff to identify the causes and effects of incidents and deal with them effectively. It was also crucial to choose the right technology platform for monitoring—one that could help to automate processes wherever possible and give staff all the information they needed via a simple interface.
Telecom Italia had already been using Novell Sentinel® to handle some monitoring tasks, and the security team was impressed with its potential.
"We evaluated several different solutions in a two-stage process: first we looked at technical requirements and specifications, and afterwards we ran practical trials," said Ciminari. "Novell Sentinel performed well, and we were soon convinced that it would be the right solution for our needs."
Working with a team from Novell and several Novell Partners, Telecom Italia deployed the solution on a set of clustered Sun servers, capable of processing up to 3,000 events per second. The company deployed standard Novell Sentinel agents and configured them to monitor logs from the company's firewalls, antivirus software and operating systems (Microsoft Windows, FreeBSD, Solaris and HP-UX), as well as Cisco routers and Intrusion Detection and Preventions Systems (IDS and IPS).
"Novell Sentinel has many standard agents that are compatible with most elements of a typical enterprise network, and all of these can be easily adapted and configured," said Ciminari. "Having this functionality available out of the box is very useful, since it speeds up implementation and reduces the need for development work."
Telecom Italia has built a custom agent to handle alarms generated by the Ericsson APG40 Element Management system that monitors its GSM mobile network. A second custom agent connects to a solution from Arbor Networks to help protect Telecom Italia against distributed denial of services (DDoS) attacks.
Results
With Novell Sentinel running on the Sun servers, Telecom Italia is able to handle enormous volumes of network security events without difficulty. In a single month, the Security Operations Centre has seen Novell Sentinel register as many as 120 million events, and manage 800 security incidents.
"Novell Sentinel has given us for the first time the ability to monitor our entire network infrastructure," said Ciminari. "With the ability to channel all security events into a single view, it is much easier to analyse the root causes of problems and respond with the most appropriate actions."
The simple Web interface of Novell Sentinel provides access to detailed security reports, and to a dashboard with key risk and performance indicators displayed in graphical form. The front-end draws data from both the intranet and public network instances of Novell Sentinel, so all security information is visible via the same interface.
"We currently have 32 people working on security monitoring at the Security Operations Centre," said Ciminari. "Without Novell Sentinel, we would probably need 60 people to do the same work—so the Novell solution has reduced workload and costs by almost 50 percent."
In addition to the operational advantages, the solution also helps with compliance. Conforming to Italian government regulations on IT and network security is one of Telecom Italia's top priorities—and the reporting capabilities of Novell Sentinel make it easier for the company to achieve compliance.
"This project has demonstrated that security management needs to involve the entire organisation if threats are to be handled and mitigated effectively," said Ciminari. "Such a comprehensive approach requires support from the right technology. Novell Sentinel provides a flexible and reliable foundation for an organisation's security infrastructure."