A Solution That Keeps One Town Safe

So when Burman headed off to lead the company's new security-focused spin-off, called Cinagen, he took a hard look at a business climate where margins were dropping precipitously, and he rethought his approach. With cost-conscious public-sector and midmarket customers in mind, he decided to forgo the usual market-leading security products, such as Check Point or Cisco firewalls, and instead shop a portfolio comprised of open-source software. So far, the approach has been resonating well, particularly with customers in local government and education, such as the city of Chamblee, Ga., where security is critical but so are low-cost solutions that are easy to install, use and administer, he says.

"The way we saw it, this middle tier was either having to choose inadequate hardware [security appliances] to maintain their budgets or blow [them] out of the water on solutions like Cisco and Check Point that were much more than they needed," says Burman, who serves as director of sales and security at Norcross, Ga.-based Cinagen. "So we said, 'Let's look at open source.'"

Burman did his homework, researching and testing open-source tools and vendors on the Web. He finally landed the first of several partners in Astaro, which offers an implementation environment for open-source security tools, and Nessus, whose tools can be used to test a customer's network and systems for vulnerabilities.

Cinagen's strategy was to take those solutions and customize and rebrand them as their own. It wrote a Java front-end for Nessus' subscription-based tools and hosted them in a local data center. The Astaro firewall software comes as a subscription the company updates with bundles of other third-party open-source tools, such as antivirus or URL filtering. Cinagen has customized that offering as well and taken it to market under the name SecureDetect. And because it's a subscription, Cinagen is able to test, change and reconfigure at will, and avoid mucking around with regular firmware updates, Burman says.

SecureDetect is a firewall and perimeter-security solution that is meeting the needs of Chamblee, Ga., perfectly, according to Chief of Police Marc Johnson, who doubles as the city's network administrator. Last year, the police department in this Atlanta suburb of 10,000 people was looking to install a perimeter-security system with a firewall to satisfy a pending state mandate. By next month, the state is requiring local agencies to switch off a private SNA network and install a TCP/IP connection--still private--to tap into the state crime-lab database to conduct such things as background checks. As part of this, the state wants agencies to install appropriate firewalls and perimeter systems to protect network ports from hackers and other threats.

In initial discussions with Cinagen, Johnson was thinking about implementing Cisco or another brand-name solution. But Burman talked up the open-source solution, asking Johnson if he wanted to explore it.

"I wanted to stretch my budget, and when [Cinagen] figured it all out and told us what it would cost to use Astaro, I was flabbergasted," Johnson says. All told, the city saved an estimated $30,000 by going open source.

Burman's lone hurdle in implementing the solution wasn't technical in nature--the firewall itself could be configured and deployed in just one day and interfaces with the Sprint network in addition to the state. Rather, the obstacle lay in getting sign-off from the Georgia Bureau of Investigation (GBI), the state arm of the FBI. The state agency has the final say on what security measures pass muster, a blessing Burman envisioned might be tough to get for an open-source solution.

"I went to GBI to convince them, and it was a difficult task," Burman says. "But we did the prototype, ran it for 30 days in Chamblee, and we got the approval."

The solution enabled Johnson to meet the state deadline nearly a year ahead of time, while also serving as the security fence for all other city offices on Chamblee's network. In addition to being able to run faster license-plate checks on vehicles pulled over by the police, the city can make some money on its new connection by charging employers for quick background checks on job applicants, for example.

And for Burman, the open-source route has upped his margins and saved him dollars on staffing costs. "We needed a product, a single platform, that was cheap to deploy and allowed us to avoid having to hire a Nortel-, Check Point- or Cisco-certified engineer and maintain those certifications," he says.