So HealthQuick.com outsourced its security monitoring, including its IDS (intrusion-detection system), firewalls, vulnerability assessment and PKI (public key infrastructure) architecture. The online drugstore runs real-time security monitoring through an application service provider, RIPTech, so HealthQuick.com can catch potential intruders without having to hire a security staff of its own. "This was the way we wanted to go, especially with denial-of-service attacks" happening across the Internet, DeSimone says.
Much of HealthQuick.com's network runs off-site. Its Web servers and database reside at a hosting facility, and save for a firewall and IDS probe at HealthQuick.com's Arlington, Va., headquarters, the security servers run at a RIPTech site. DeSimone says the company decided against running its own IDS and vulnerability-assessment tools because the installation and learning curve would have been too time-consuming. "We had a very short time frame for the start-up," he says.
Although HealthQuick.com obviously can't divulge details of its security architecture, it provided the gist. The company uses SSL for encrypting sessions with customers, and the IDS probes on RIPTech's site and at the hosting site listen to traffic outside the firewall and report to RIPTech's IDS server any suspicious behavior, such as someone running a port scan. RIPTech's security analysts determine if it's a real event. RIPTech's firewalls, meanwhile, handle filtering and automatically drop suspect connections.
Even with the security operation mostly off-site, DeSimone and his small IT team still have access to the same information RIPTech does, including live events and logs as well as trend reports. "We are not completely throwing security over the fence and not seeing it anymore," he says. "We have an interface so we can look and make some judgments of our own."
DeSimone and his team have access to the IDS and firewall data when the RIPTech analysts do, says Tim Belcher, CTO and co-founder of RIPTech. "They can query their data repository and run reports."
RIPTech security analysts sort through the false positives that IDS scanners can generate. DeSimone says it's easier to have a third party decipher the firewall and IDS logs, too. "[The information] is converted into plain English so I can digest what's going on," he says.
Like most management technologies, the security services are reactive. "But they're as proactive as they can be," DeSimone says. "I get sent an e-mail right away that an event was triggered, what it was, what it means and what actions were taken."
HealthQuick.com also uses RIPTech's managed VPN (virtual private network) service, including a PKI for authenticating business partners. The next phase for HealthQuick.com's security architecture: more redundancy in the IDS hardware, DeSimone says.
REPORTS
ANALYTICS
Follow 
