Trashing Your Network Security

Register now

Get rid of your firewalls, intrusion prevention and malware tools-but keep your network secure.

That's what Cornerstone Community Federal Credit Union did when it switched to managed network security services last summer.

Cornerstone's perimeter defense and monitoring-intrusion detection and prevention, firewall, anti-virus and anti-spam-now runs entirely off-site at a managed security services platform, according to Mark Kennedy, vice president of Information Systems at the $222-million CU.

The Intrusion Defense and Malicious Code Defense solutions are provided by Milford, Conn.-based Perimeter Internetworking.

Most CUs should be outsourcing network security and monitoring, according to Gartner analysts. Vendors today can offer a sure-bet on expertise and equipment, reported Gartner, thus cutting risks and costs for CUs.

Perimeter's subscription fees start at $300 per month, depending upon the number of employees and the number of services, said Brad Miller, Perimeter's CEO.

Granted, Cornerstone maintains a local firewall that delivers icing-on-the-cake security and is the back end of its Virtual Private Network (VPN). However, the on-site firewall isn't a necessary security measure, according to Perimeter.

All Traffic Is Filtered

The Perimeter platform filters all inbound Internet traffic before sending it through Cornerstone Community CU's VPN tunnel to the network, Kennedy explained. Outbound data also passes through the VPN and Perimeter's services.

"We weren't really able to keep up with monitoring intrusions before we partnered with Perimeter," said Kennedy. "By allowing Perimeter to protect our network, we didn't have to hire someone 24 hours a day to monitor intrusions.

"Perimeter basically offered to turn us into a black hole on the Internet, where no one can see us and anything directed to us or at us automatically goes through Perimeter first," he continued. "That made us and our NCUA examiners very happy."

The approach has been dubbed 'Security in the Cloud' by the network security community, wherein service providers out in the Webosphere scrub incoming data before it hits a client's enterprise.

"We didn't have to purchase any equipment," Kennedy said. "And we knew between the three of us in our Information Systems department that we didn't have the qualifications or time to manage network security to a satisfactory degree."

Initially, Cornerstone Community was concerned about handing over the credit union's network security to a third party, said Kennedy, but Perimeter was able to overcome those worries.

"I didn't want anyone to have access to our systems from the outside," he said. "But after meeting with Perimeter and doing our research, we felt comfortable."

The Way To Go

In fact, now that the credit union has been working with Perimeter for a while, Kennedy is convinced outsourcing is the way to go.

"I don't know why credit unions would be uncomfortable with outsourcing network security," said Kennedy. "Unless perhaps the credit union has a large enough IT staff, who could implement custom changes immediately instead of having to wait until the next day, as we do."

Perimeter alerts Cornerstone to intrusion attempts and provides virus reports, Kennedy continued.

E-Mail Alerts

"We get e-mail alerts if there has been an attempt to gain access to our network," he said. "And if we have any questions about an alert, they give us a risk assessment, tell us what kind of intrusion it was and explain how they tracked it and where it came from.

"But we haven't gotten hit since August," Kennedy added. "Possibly because hackers don't see us out there."

About 100 credit unions are using Perimeter's services, some through a recent partnership with Credit Union Service Corporation, the shared branching network.

Perimeter's additional offerings include secure e-mail services, secure access, automated compliance and network services.

CUJ Resources

For info on this story:

* Cornerstone Community FCU at

* Perimeter Internetworking at

For reprint and licensing requests for this article, click here.