September 27, 2004

Better safe than sorry is no longer a suggestion in the banking industry. To comply with regulations that mandate strict protection of customer data and to prevent corrupt files from contaminating its network, Alpine Bank (Rockford, Ill.; about $460 million in total assets) sought the support of a managed security service. At any given time, as many as 200 users can be logged on to the financial institution's network, according to Alpine.

The bank opted on Norlight Telecommunications' (Milwaukee) Managed Security Services. The system is powered by intrusion detection software from SecurePipe (Madison, Wis.), which develops custom software for each of Norlight's clients and bundles it with the appropriate hardware. The solution automatically detects attempts to breach the network and notifies Norlight's network security engineers, who respond to threats in real time.

Prior to implementing Norlight's solution, Alpine relied on a firewall that it maintained in-house. But, partly because of regulations such as the Gramm-Leach-Bliley Act, the bank needed a more stringent, proactive detection system, according to Gary Schroeder, Alpine's senior vice president of IT.

Avoid Breaking the Bank

Alpine first began to look for a managed security system in May 2003. The bank examined the ability of each service provider to protect customer information in compliance with Gramm-Leach-Bliley, Schroeder says. Norlight's solution met those requirements, he adds, at a price that suited the bank's needs. Additionally, Norlight had the financial stability that indicated to Alpine that the vendor would be around to support the system in the future.

Alpine signed a contract in September 2003, and the new suite of security services was deployed two months later. Norlight engineers helped the bank install two intrusion devices - one at Alpine's headquarters and one at the bank's parent company, Belvidere Bank.

If a network problem occurs, Alpine has given Norlight the authority to handle it, Schroeder notes. "Depending on the severity of the violation, they are authorized to act for us or to contact us and find out what we would like them to do," Schroeder says. "We have had them use their best judgment in stopping any potential intrusion into the system and to notify us after the fact."

The solution ultimately has provided the security the bank was searching for, Schroeder asserts. "Two things we wanted were continuous monitoring and detecting intruders, and those are the two services that they are providing for us," he says.

Since the implementation, the bank has been more aware of the number of attacks on its network, Schroeder says. Alpine is routinely informed of 10,000 to 12,000 unauthorized inquiries made to its network each month, he adds. "We never had any idea how many people were trying to do it," Schroeder relates. "Our goal is to prevent this."

Because new viruses and worms are continuously unleashed, Alpine's firewall is updated every eight hours by Norlight, according to Schroeder, who credits the solution for creating a secure network environment for the bank. "We have had no problems since we have been with [Norlight]," he says.

---

Snapshot

Institution: Alpine Bank (Rockford, Ill.).

Assets: $460 million.

Business Challenge: Update firewall to prevent network intrusion.

Solution: Norlight Telecommunications' (Milwaukee) Managed Security Services and SecurePipe's (Madison, Wis.) intrusion detection software

ABOUT THE AUTHOR