F E A T U R E

Dial 1-800 plug Holes

November 1, 2002
By Joe Hernick, Dean Ellerton and Jim Wiggs

>> continued from previous page

Good Looks, Too

	Issue TOC
	Print full article
	Print this page
	Download as PDF
	E-Mail this URL
	Flame the author

	In this article
	Introduction
	Product Details
	Good Looks, Too
	Executive Summary
	How We Tested
	Sneak Peek ETM 4.0
	Calling ROI

The ETM application interface, the TeleView Client, is fairly straightforward, providing a single interface for management of local and remote ETM installations across the enterprise. All security information and policies need to be keyed in at a central location; they can then be distributed to remote ETM platforms. A multi-window screen displays monitored equipment/span trees, providing access to all security, management and real-time visibility functions. Selecting a specific circuit brings up the policy list on the right of the display. Policies and rules can be applied across single or multiple spans. Rules are processed in sequence; when a call matches set criteria, the rule "fires," executing the specified action. Additional TeleView features are available for status reviews and diagnosing problems.

The standard built-in reporting tools, which query Oracle, are comprehensive and user-friendly. The "war-dialing" report successfully identified all the script-dialing sessions run during our testing, as well as fingering an employee's ex-boyfriend "love dialing" 73 times in a 12-hour run (but that's another story!). The report-preview function is also handy because, as your data set grows, running detailed reports against Oracle can be time-consuming. We easily customized a number of canned reports to suit our testing needs; administrators can also design their own reports from scratch.

There Had To Be One Nit

Much to SecureLogix's chagrin, we discovered a software bug in our testing, albeit one unlikely to be encountered in a production environment.

After our initial period of baseline testing, we began to test inbound calls from a wide variety of sources. When setting up rules, call "objects" need to be identified. An object can be as specific as "Bob's House" or as broad as "All 900 Numbers" or "All Calls to France," depending on your required level of granularity. All objects are defined by data elements, for example, "description," "country code," "area code" or "exchange."

SecureLogix ETM Features

Monitored call attributes: Call direction (inbound/outbound), call source telephone number, call destination telephone number, call type, call start time, call duration
Firewall actions: Allow, terminate, alert (via e-mail, page or SNMP), log, engage TeleSweep Scanner
Reporting: User definable, 100+ prepared, preview option

Rather than creating a unique object for each new outside number tested, we lazily remapped the object "Dean's Cell Phone" to dozens of different numbers over an afternoon. We soon discovered that the real-time monitor did not clear its display cache, and when one of our children dialed in from a "previous" test number, the monitor reported a call coming in from Dean's Cell Phone, which was sitting on our test bench! A call to tech support and a few hours of investigating verified the bug, and engineers delivered a patch the next morning. We mention it mainly to highlight SecureLogix's customer service: We don't think we got preferential treatment because we were reviewing the product. We feel that any customer would receive the same level of assistance.

All patches, fixes and version upgrades are provided to customers under the support contract. This includes remote installation of patches and on-site installation of major releases. Cost of support is negotiated at time of sale and at close of contract. According to SecureLogix engineers, most customers choose to renew.

Bottom line: The ETM works as advertised. Once installed and configured by the SecureLogix technicians at our location, we could quickly roll up our sleeves and start working with the application to set up and implement security policies on our live and simulated PRIs. We were able to block inbound and outbound calls based on policy settings. The ETM used real-time in-band monitoring of live calls to detect call type (voice, data or fax) and terminated the in-process call when the type changed, for example, passing data during a "voice" session, and policies were violated. We were unable to fool the system.

As a bonus, the ETM raised flags on a number of real problems in our test environment, including QoS concerns (intermittent frame errors) with our ISDN PRI and use of fax lines for outbound data. In all, we were impressed with SecureLogix's offering and would recommend it to anyone who can justify the cost.

And therein lies the rub: This is not an inexpensive solution. While SecureLogix sets its licensing incrementally per monitored span (T1 or PRI), it would be very difficult for a small firm to justify the expense of the ETM system unless it was already an Oracle shop. Recognizing that pricing is negotiated on a per customer basis, we asked SecureLogix to price out example estimates for us. Pricing for a single-span setup (atypical for SecureLogix, but what we would want to purchase for our 400-extension environment) would be around $20,000. This would include an ETM 1010 appliance, a single-span license, the ETM software, on-site setup and travel expenses for one technician, a training seat for a four-day Administrator course, and one year of support. Figure in an additional $1,400 for Oracle 9i plus the expense of three Windows NT servers, and service renewals ongoing at less than $2,000 per year.

ERP Rollout Time

SecureLogix Price Estimates

At the midpoint of the pricing spectrum is an estimate that SecureLogix describes as a "medium" installation: an ETM environment to monitor 50 spans would run in the neighborhood of $380,000. Service contract renewals would be in the $45,000 to $50,000 per year range. Of course, pricing for enterprise-scale installations can run into the millions. (For more pricing details, see "SecureLogix Price Estimates" chart.)

The gist: if you have a large, diverse telecom environment to manage and protect, the SecureLogix ETM solution fills the bill admirably. In fact, we would love to have this equipment installed permanently in our small shop ... but we can't afford it.

SecureLogix ETM System 3.0, starts at $20,000. SecureLogix Corp., (800) 817-4837, (210) 402-9669. www.securelogix.com

Joe Hernick is an IT director with a Fortune 500 firm; he has 12 years of consulting and project management experience in data and telecom environments. Dean Ellerton, MS.Ed, is the director of technology for a private New England boarding school. Maj. Jim Wiggs has managed telecom and computer systems for the U.S. military, government and private industry for more than 20 years. Send comments to jhernick@nwc.com.