Distributed enterprises, especially retailers, are increasingly finding their networks under attack from highly sophisticated hackers. These cyber-attacks have evolved from the “notoriety motive” to the “profit motive,” as illustrated by recent high-profile cases where customer credit card data has been stolen. The challenge of securing a multi- site branch network is made even more challenging by the fact that branch networks have become more complex as a result of new business requirements.

The Complex Branch

One new complexity is the deployment of Guest WiFi access points to improve the shopping experience. Another is the store-within-a-store network such as a pharmacy or optom- etrist operation inside a big-box retailer, or a quick-service restaurant within a gas station convenience store. Locking down these complex branch networks and keeping up with new Payment Card Industry (PCI) 3.0 security requirements for point-of-sale (POS) transactions is challenging, especially for distributed enterprises with limited IT staff.

The SOC is Security Central

Enter the HughesTM Security Operations Center (SOC). Part of the Hughes Network Operations Center, the SOC must meet not only stringent Hughes security standards, but also PCI compliance regulations. For example, the SOC runs daily log analyses on behalf of customers who have signed up for enhanced security services, ensuring that only critical ser- vice-impacting events are acted upon.

The SOC also provides back-end support to the HR4000 Series Branch Gateway—the key delivery component of the Hughes comprehensive suite of Managed Security Solutions. The Branch Gateway, running Fortinet’s FortiOS5, enables the SOC to provide Next Generation Firewall (NGF) and United Threat Management (UTM) security services for Hughes enterprise customers.

Flexible Security Options

Depending upon the needs of the customer, the SOC supports three levels of security, growing in scope and capabilities from Standard Security, to Standard Security with Content Filtering, to Enhanced Security Services. All three tiers provide next-generation firewall and LAN segmentation capabilities to meet the latest PCI requirements. Building upon this secure foundation, customers can add Content Filtering which provides category-based Web filtering or URL white lists/black lists. For the most robust security, customers can add Intrusion Detection and anti-virus/anti-malware capabilities with reporting as part of the Enhanced Service.

“The Hughes SOC evaluates megabytes of event logs each day on behalf of our customers for each location we support,” said David Henning, director of Hughes Network Security. “We help these enterprises by finding the critical events that may cause real security concerns and pass them on for mitigation.”

Web Filtering

Profile-based URL Web filtering allows customers to define a “white list” of approved and accessible sites and a “black list” of sites that are not approved. This approach is appropriate only for Internet access that is controlled by static control policies. An example is a retailer allowing only its own Website or supplier Websites to be visited by store associates; this does not apply to dynamic control access. In contrast, category-based Web filtering is used when Internet access is not defined by a fixed set of policies, and customers may restrict access to the Internet based on a variety of Web content categories. This is typically deployed for Guest WiFi Internet access.

Intrusion Detection and Anti-Virus/ Anti-Malware

The SOC’s intrusion detection capability protects the network against hacking, and its anti-virus features employ advanced spyware detection to prevent threats from gaining network access. In addition, reports about these activities can be posted on a recurring basis on the Hughes Network Manage- ment Portal for customer access, depending on the contracted service level.

Delivering Peace of Mind

Security is getting more difficult every day, especially for enterprises with many branch locations to lock down. Now, with the Hughes SOC, distributed enterprises can enjoy the peace of mind of knowing they have a reliable, experienced partner with the required technical expertise to help secure their network so they can focus on using the network to drive their business.