Case Study: Home Federal Bank

Opening for business on the eve of the Great Depression may have been a bad idea for many banks, but not for Home Federal. Decades of prudent investing and personal service have paid off handsomely: today the institution has 21 branches, 475 employees and over $1.5 billion in assets. It is the largest locally owned and operated bank in Knoxville, TN. 

A commitment to handling customers’ money as carefully as its own permeates this bank, with the IS department no exception. Aware of the threats posed by Internet attacks, Dennis Reedy, VP of Information Systems, uses a defense-in-depth strategy to protect customer information: top-of-the line firewalls, intrusion detection, and 24x7 intrusion prevention and network monitoring from SecureWorks. “We err on the side of caution when it comes to protecting our clients’ financial data,” says Reedy.

In mid-2002, the concept of intrusion prevention - a logical progression beyond intrusion detection - crossed Bill Sutphin’s radar. Sutphin is Home Federal’s AVP of network security, and one of those people who won’t settle for “good enough” if there’s a better solution. He decided to check it out.

His research turned up Atlanta-based SecureWorks, the company responsible for developing and patenting IPS (intrusion prevention system) technology. Sutphin and his associates drove to Atlanta to evaluate the company’s claims.

Satisfied with what he learned on his first visit, he made a second trip accompanied by an internal auditor from Home Federal and a security consultant. “The practicality of the service was clear,” says Sutphin, “and it was very good value for the dollar.” 

Accordingly, Reedy made a case to his CFO and executive committee for what he described as a “valid and useful intrusion prevention system,” recommending a 45-day trial. This conservative approach serves the bank well with other vendors, and Reedy wanted to apply the same rigorous approach to SecureWorks. Forty-six days later he informed the executive committee that the system was performing flawlessly and they were ready to go live.

SecureWorks’ robust reporting capabilities quickly paid dividends with the bank’s OTS (Office of Thrift Supervision) auditors. “They were pleased with the information we provided,” says Reedy. “They don’t usually see such in-depth security reporting.” 

Beyond the reports is a less tangible, but no less important, benefit. In Reedy’s words, “We have peace of mind knowing there’s something in place that actually prevents network attacks.”