Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

House advantage

It's all a part of the modern casino, a computerized institution that depends on layers of technology to keep high rollers rolling. Today's network of systems is made up of high-tech slots, video surveillance technology, and data mining applications tied to magstripe customer loyalty cards to give the house the edge it needs to stay in business.

Pechanga Resort and Casino in the city of Temecula, the largest casino in California, has all the technological trappings of the typical up-to-date casino. It also faces the same challenges as its competitors when it comes to keeping its information secure. With so much money at stake, security is imperative.

"In this age, information is gold, and we are very serious about maintaining the security and integrity of our sensitive data," says Gilbert Mendoza, network security administrator for Pechanga. "We are bound by certain internal control standards that are set by our gaming commission, and the primary directive of IT is to ensure the security of our data."

This is why the control of peripheral devices has become a growing concern for Mendoza and his security team at Pechanga. With nearly 5,000 employees scattered across the resort's property, there were thousands of opportunities for data breaches through users' USB devices and other peripherals.

Last year, Pechanga had already developed a policy governing the use of peripherals on its systems. The problem was that it didn't have a way to reliably audit and enforce compliance.

"Any security strategy always starts with a written policy," Mendoza says. "We had the policy but you have to enforce that."

Pechanga isn't alone in the search for ways to control endpoints tied to specific organization policy. Vulnerable endpoints have been a chronic source of concern in IT, and as the worry grows over data breaches through items such as flash drives and CDs, more companies are now taking the plunge and deploying endpoint security solutions, says Dor Skuler, vice president of business development for Safend.

"We're definitely seeing the adoption curve move from the early adopters to the mainstream in 2006," Skuler says. "Safend is currently active in multiple projects at Fortune 500 companies, whereas last year it was a lot more in the discussion phase."

Though there are a lot of endpoint security products on the market, Mendoza says Pechanga went with Safend Protector because he felt it gave his staff the greatest ease of management over endpoints. Safend was the only company that could offer Pechanga the level of control that it needed to enforce its policies, he says.

"To our surprise, we didn't find many competitors in this particular space that would give us the flexible and granular control we desired," Mendoza says. "We first started evaluating our Active Directory policies alone, and perhaps any features we weren't currently using. Although Microsoft provides a fantastic framework for what we were trying to accomplish, we really wanted a solution that brought additional value and polish."

What sold him on Safend Protector was the product's ability to track and enforce the types of devices connecting to the network, even down to their exact serial number, while at the same time working synergistically with Active Directory policies, detailed file access logging and cryptology.

"Safend caught my attention at InterOp last year. I took a look at the user interface and it was pretty impressive," he says.

When it came time to implement, Mendoza says that Safend's free auditing tool proved invaluable to start the process. Before Pechanga began enforcement, Mendoza and his team first just observed who was connecting peripherals, what they were using and where they were doing this.

From there Pechanga could ease the casino into policy compliance with a soft deployment that also involved user education.

"We didn't want to push this out and start blocking everybody all at once with no warning," Mendoza says. "As far as success goes, it helped that we could start educating individually, get everyone prepared for installation, and then start pushing out department to department."

Once deployed, Mendoza was quickly able to gauge the success of the implementation by perking his ears up above the din of ringing slots.

"The best way to find out things are working is when you hear users start complaining that their iPod isn't working," he says. "I wasn't the most popular person, but it isn't our job to make friends."

As for the sneaks who were bent on using banned devices no matter what, Mendoza says Protector provides enough measures to prevent system workarounds. Skuler says that user tampering is often a concern when customers such as Pechanga begin to deploy endpoint solution.

"We appreciated the forethought that was put in by Safend to mitigate user circumvention," he says.

Plus, the ability to customize user approval and denial notifications has helped save time troubleshooting, he says. Mendoza adds that he gets centralized auditing and reporting features that allow him to keep tabs on who has been denied and why. This is why he and his division look forward to the next version of Protector, which he believes will offer more scalability to the reporting already available. Overall, the implementation was a success and Mendoza emphasizes that there isn't anything that he would have done differently.

"This was definitely a big piece to the security puzzle," he says.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.