Law firm monitors web traffic violations

Barrett: "We anticipate both security budgets and the security appliance market to quickly turn around in 2010"

UK law firm TWM Solicitors LLP has upgraded its network security infrastructure to protect the data of 13,000 clients and provide centralised application control for 180 legal staff.

The company is required to protect and monitor its corporate, personal and case information closely, and not just against external malware attacks – it also needs to prevent sensitive information being leaked from its own network and obtain detailed reports about application traffic.

"We are concerned about data leaks from memory sticks, our staff still need to access the data needed to do their job, but it is difficult to trust staff implicitly in this way." said TWM head of IT, Alan Barrett."

In October last year, the company replaced its WatchGuard firewall and virtual private network (VPN) equipment with Fortinet's FortiGate-310B unified threat management (UTM) hardware, providing firewall, anti-spam, intruder protection system (IPS), application control, web content filtering and secure sockets layer (SSL) VPN capabilities in a single piece of hardware.

“WatchGuard did not do itself any favours in the way it went about replacing end of life equipment, like the layer 2 firewall and IPSec VPN that we used for office to office secure connections,” said Barrett. “There were also lots of new areas we wanted to cover off while we did not really understand what was coming in and going out of our network as much as we'd like.”

TWM staff attended a security symposium to evaluate alternative security platforms, including Cisco and Check Point. What impressed them about Fortinet was that the company provided intrusion prevention system (IPS), web content filtering and application control alongside firewall, anti-virus and anti-spam tools in one box.

“The stuff we were using did not have the web filtering and flexibility that Fortinet provides, and had a fairly limited set of features compared with what is now on the market,” said TWM systems manager Robert Holmes. “I was aware that the ISP Zen Internet used Fortinet and also did some research within security journals and stuff”.

The vendor also took the trouble to undertake a month long trial at TWM's offices and talk them through the configuration in depth.

“It really frustrates us as IT professionals that we are often unable to get the hardware or software in first and get somebody with the knowlege of the kit to talk us through how it can be used, but Fortinet did that and that hands on experience was key for us,” said Barrett.

Besides calling in some senior members of staff to upgrade the VPN software on their laptops from IPSec to SSL to better support the use of BigHand's digital dictation software via a java based RDP client, TWM say there was no disruption to normal user operations during the implementation.

"We left the old gateway and firewall running while we put the new one in, so we could slowly move services over one by one," said Barrett. "There was a certain amount of negotiation about what sites are appropriate to be browsing – those handling tricky divorce cases sometimes want to look at things that are less than pleasant.”

The new platform also makes it easier for staff to work securely from home via the SSL VPN on 'snow days', and has allowed TWM to designate its legacy WatchGuard appliance a second gateway which provides a basic level of redundancy.

"If we have a network link failure, users no longer see that the web browsing doesn't work, which gives us time to fix important things like email, backups and synchronisation," said Barrett.

Barratt did not expect cost savings, only a more comprehensive network security platform which delivered additional features for a fair price.

"It is not cheaper, we have gone from owning some kit to buying some more kit, so there is a three-year write off. But we are getting a bundle, including IPS support, application control, anti-virus, banned signatures for relatively low cost, plus 24 hour support, for only a small increase in our budget," he said.

The difficulty in identifying clear return on investment for security appliances is one reason for falling sales of suitable hardware in the last twelve months. Research company IDC reported a 16.2 per cent decrease in worldwide unit shipments in the third quarter of 2009 compared with the same quarter of 2008.

“However, we anticipate both security budgets and the security appliance market to quickly turn around in 2010,” wrote IDC analyst Romain Fouchereau in a research note.