You might have heard of a little Finnish company called Nokia. There's even a good chance you have one of its mobile phones in your pocket right now. Still, Nokia is not likely at the forefront of your consciousness while considering your ISPs network security options.

by Jeff Goldman [March 27, 2002]

Nokia Internet Communications provides a range of security solutions for both enterprises and its managed security service clients. Nokia's security solutions are tough enough to make you think about this mobile phone maker in a whole new light.

According to Steve Schall, Director of Product Management for Nokia Internet Communications, it all ties back to the company's dominance in the cell phone market. "Eventually, voice and data will all be using an IP network for transmissions," Schall said. "With that comes a heavy requirement for security: wireless operators are going to have millions and millions of users."

Part and parcel with those millions and millions of users, Schall says, are the inevitable attacks. "You're always going to have a relatively small percentage of people who want to cause mayhem on the networks," he said. "Nokia's feeling is that we'd better be prepared, so a few years ago, we sought to significantly enhance our core competence in this area."

If you're not protecting yourself with both firewall and intrusion detection systems (IDS), he adds, you're just asking for trouble. "Look at the 250,000 machines that were estimated to be infected with Code Red, and even more with Nimda, last year," Schall said. "We saw a significant market there, in addition to developing the core competence. And we've done quite well."

Three years ago, Nokia signed an agreement with Internet Security Systems to develop an appliance based on its RealSecure IDS software. With a firewall appliance based on Check Point Software's FireWall-1 already in the market, an IDS appliance was the logical next step. "They're very complementary systems, because one picks up where the other one leaves off," Schall said.

Nokia chose ISS as a partner because of its strong position in the market as a software solution. In terms of an appliance solution, Schall suggests, the market was relatively open. "In four months in 2000, we jumped from not in the market to the number two market position," he said. "We already had a very strong firewall base, and things have gotten off to a very good start."

Network security edge
The first thing to keep in mind about Nokia's IDS appliance, dubbed RealSecure for Nokia, is that you're getting all of the features of the popular ISS RealSecure software product. "There's nothing distinguishable between it and the version of RealSecure available for other platforms," Schall said. "We're basically selling the same thing."

What makes Nokia's appliance worth the investment? Manageability, especially for service providers, is a key concern, and Schall says a number of large customers have recently switched to Nokia for that reason. Nokia's Network Voyager, a Web-based management tool, allows you to do element management from any location worldwide, and Nokia's Horizon Manager allows you to update individual sensors remotely.

"If you had a configuration out there with 25 or 50 sensors, you could use Horizon Manager to update the whole thing in a day," Schall said. "We've had service providers with several hundred firewalls be able to complete a full upgrade of Check Point, operating system and everything, in a weekend. We can automate 99 percent of the process."

Another strength of the Nokia appliance, Schall says, is the fact that two companies have taken the product through a range of tests before it gets to you. "It's a very stable build," he said. "Not only do we take the product that ISS certifies as being ready, but we actually get in there and test it even further. One of the comments I hear from everyone is that we have a very stable sensor: it will run and run and run."

Deployment, Schall adds, is extremely efficient. "It takes about a half hour to install and deploy the product," he said. "So your deployment costs and your configuration costs are minimal, because you simply bring up the box, you give it an IP address, you give it a host name, you turn on the application, and you're done."

Pricing for the product ranges from $2,495 for the basic IP-120 appliance, to $13,495 for the mid-level IP-530. "While our product might cost more to acquire initially, you usually make that up in the tenth or eleventh month of use," Schall said. "You're not having to travel, and you're not having to hire extra people to maintain a large infrastructure. You can do it with a much smaller staff."

Looking smart
The LookSmart Web directory serves 82 percent of Internet users with its search solutions for ISPs and portals worldwide. For years, they've been deploying Check Point Software's FireWall-1 solution. Recently, however, they decided to supplement their security with an intrusion detection solution.

According to Jon Phillips, the company's Director of Technology Operations, the stakes were high. "A single security breach could damage our credibility, and destroy the confidence our partners and users place in the LookSmart web directory," he said. "We knew the time had come for more than just a firewall, so we began looking for a total security solution."

Because LookSmart was already deploying FireWall-1, interoperability with Check Point was a key requirement. In addition, because the company isn't currently focused on security, LookSmart wanted an IDS that could be deployed as a managed service offering, but could also be converted to an in-house solution in the future. And both simple installation and centralized management were crucial.

Using RealSecure for Nokia combined with its own managed security services, ISS was able to offer LookSmart both the managed service offering and the appliance, all in one. Phillips says he was impressed by the product's reliability. "The box was clearly built to be a security appliance, and as a purpose-built appliance, it is more dependable and far easier to manage than other solutions we evaluated," he said.

According to Schall, that dependability will stand Nokia in good stead as wireless technology becomes more prevalent in the future. "We want you to have an end-to-end encrypted environment with a lot of surveillance and monitoring between the connection points," he said. "You're going to be able to get a lot more done without having to sit behind your desk."

— End

Online Resources:
   Intrusion Detection Systems Directory
   IDS Quick Reference Chart