When the dance and fitness company Jazzercise Inc. was founded more than 30 years ago, its creators were on the vanguard of an emerging nationwide fitness trend.
Now, by choosing to protect its home base of eight Windows servers using next-generation firewall
Jazzercise is a relatively small business, with 130 employees that work from its Carlsbad, Calif., headquarters. But it is also a global company, by virtue of the fact that it has 5,000 franchises that regularly connect to the home office. Franchise owners download dance routines and pay music royalties to the corporation through an electronic money-transfer system. Instructors also log on to Web-based applications hosted on corporate Windows 2000 and 2003 servers to manage students' records and payments.
David West, director of IT at Jazzercise, said that the decision to replace old computer software with Exchange 2003 and a SQL Server 2000 database prompted his decision to obtain a perimeter security system. His goal was to prevent unauthorized access to his servers.
"We went from being a company that was running an archaic system with no Internet access to being wide open," West said. "In some ways, the intrusion-prevention system may be overkill, but better safe than sorry."
"Intrusion prevention" is a buzzword that really just describes intrusion detection with some extra features. These products, which purportedly prevent worms, viruses and other intrusions, can come in several flavors.
The first variety works at the network layer and combines the features of a network firewall with some network intelligence as it views incoming packets, said Pete Lindstrom, research director at Spire Security LLC, a Malvern, Pa., consulting firm.
Some examples of this technology come from companies such as NetScreen Technologies Inc., Sunnyvale, Calif., and Network Associates Technology Inc., Santa Clara, Calif.
A second category offers a combination of functions that work at both the network layer and higher. Those products often bundle firewall, VPN, content-scanning and antivirus features. Some vendors that make such integrated suites include Internet Security Systems Inc., Atlanta, and Symantec Corp., Cupertino, Calif.
In general, this type of integrated suite is limited in that it cannot find viruses in a Word document, Lindstrom said. There are always some exceptions, with one being the software made by Finjan Software Inc., San Jose, Calif.
A third class of intrusion prevention works at the Web-application layer. Companies whose software fights invasions at this level include two that are based in Santa Clara, Calif.: Sanctum Inc. and Teros Inc.
Jazzercise is privately held, and it reported revenue of about $62 million last year. West said that large security software vendors have good products, but they are usually too expensive for a company the size of Jazzercise.
West said that Jazzercise chose Enterprise 100, a product made by Beadwindow Corp., of Manchester, N.H. The device, which runs on a hardened version of Red Hat Linux, sits on the network behind the firewall. The technology compares and evaluates traffic that is passing through, and selected packets are run against a signature database to detect malicious activity.
The device detects all changes to the network, including new assets, new behaviors, odd traffic patterns and policy violations.
"With Beadwindow, Jazzercise is getting what amounts to a smarter firewall that blocks more than you could have blocked in the past," Lindstrom said. "Any small-to-midsized company looking to replace its firewall should be looking for something like this, particularly if there are a lot of small presences around the globe and everyone is using the same pipe."
Beadwindow doesn't normally offer managed services, but because Jazzercise was an early customer, the vendor does manage Enterprise 100 for it. Most users would view the device's activities from a console on their sites, either from inside or outside of the network. In the case of Jazzercise, the console is managed off-site, by Beadwindow's engineering team in Idaho. West receives regular activity summaries.
Typically, customers pay $10,995 for the appliance and the management console, plus the recurring costs of maintenance and updates to the signatures, said Tim Rogers, director of sales engineering at Beadwindow.
FOR MORE INFORMATION:
Best Web Links: Firewalls
Expert advice: Submit a question to Windows security expert Roberta Bragg