Case Study: The National Archives UK

Transcription

1 Case Study: The National Archives UK

2 The National Archives (UK) The National Archives is an Executive Agency of the UK Ministry of Justice that brings together Public Record Office, Historical Manuscripts Commission, the Office of Public Sector Information and Her Majesty's Stationery Office. Its archives contain almost 1,000 years of history, with records ranging from paper scrolls to digital files and archived websites. The National Archives stated vision includes these goals: Leading and transforming information management Advising other public sector organisations on managing and preserving their information Guaranteeing the survival of today's information for tomorrow VALUABLE SERVICE TO THE PUBLIC The National Archives is an organisation in the public eye which also has an e-commerce presence on the internet and could be therefore a potential target for hackers. The premises at Kew in London also includes a large public area with terminals and wireless connections from which users can access information. The Magna Carta The National Archives looked for a system that offered greater security, provided CESG Memo 22 - Protective Monitoring and compliance with the GSI code of secure connectivity. Known as CoCo, the code allows UK government agencies to exchange and share sensitive or protected information over a secured network. The National Archives also needed assistance with Perimeter and Insider Threat Detection and a logging solution that could satisfy audit requirements, had the forensic capacity to investigate security issues and provide remediation workflow Tier-3 Pty Ltd, All rights reserved

3 DELIVERING GREATER VALUE Before selecting Huntsman, we evaluated three other solutions which were designed to meet highly specific requirements, recalls The National Archives security team manager. When we looked at Huntsman, we saw that it could do much more than just meet our immediate needs. Examples included: More visibility as to what was happening on the network Better quality information than existing network monitoring tools Huntsman s LiveView console makes security alerts accessible to all network staff, not just the security team, greatly speeding up the response to threats Ability to track resource usage in The National Archives virtual IT environment, making it easier to allocate system resources effectively Huntsman sees all assets that connect to the network including remote devices such as Smart phones and other BYOD devices. PROOF OF CONCEPT It took less than three weeks of testing for the technical team at The National Archives to be convinced that Huntsman was the right system for their environment. According to The National Archives security team, Huntsman s Behavioural Anomaly Detection engine was one of the deciding factors. To all of us, it seemed a much better way of detecting irregularities than rule- and signature-based systems. Huntsman gives us the ability to see problems before they can impact on our network. The Behavioural Intelligence we built into Huntsman is often the deciding factor for organisations, says John Liefeld, Huntsman Security s Chief Architect. We lead the field in this area, and won a patent for Behaviour Anomaly Detection. The National Archives team stresses that Huntsman offered a great deal more than competing solutions, with the benefits extending far beyond security into areas like network load analysis, network health reporting and asset management Tier-3 Pty Ltd, All rights reserved

4 PROOF IN THE PUDDING When Huntsman went into full production at The National Archives. We were impressed with the way Huntsman integrated into our data infrastructure, the Security Team Manager makes the point, and how well it works with our other security products - our network techs use Huntsman to interpret logs from the multiple firewalls and AV products of our other vendors. With LiveView, we have all the information we need at our fingertips. Several months after installation, The National Archives technical team ran one of its routine penetration tests. These tests are designed to isolate vulnerabilities within an organisation s network so that they can be addressed effectively. The Penetration Test team acted as internal users and had been given varying levels of system access. The technicians also knew that Huntsman was installed and tried hard to evade detection by the system. However, Huntsman picked up the activity of the penetration testers and was even able to determine the tools and methods the testers were using. As an example Huntsman issued an alert on a server that failed to log-in because that server had never failed log-ins before. Huntsman passed the penetration testing with flying colours. We knew Huntsman was by far the best product we looked at, says the Security Team Manager, but it s reassuring to have our decision validated like this Tier-3 Pty Ltd, All rights reserved

5 Huntsman Tier-3 Pty Ltd Asia Pacific EMEA North Asia Americas t: t: t: toll free: e: info@huntsmansecurity.com e: ukinfo@huntsmansecurity.com e: info@huntsmansecurity.com e: usinfo@huntsmansecurity.com Level 2, 11 Help Street 100 Pall Mall, St James TUC Bldg. 7F, Iwamoto-cho, Suite 400, 71 Stevenson Street Chatswood NSW 2067 London SW1Y 5NQ Chiyoda-ku, Tokyo San Francisco California huntsmansecurity.com linkedin.com/company/tier-3-pty-ltd twitter.com/tier3huntsman All rights reserved. Huntsman is a registered Trademark of Tier-3 Pty Ltd