Case Study: Greenhill & Co.

Home
Info Center
Greenhill & Co.

Leading Investment Bank Upgrades Global Firewall Infrastructure with Palo Alto Networks

BACKGROUND

Founded in 1996, Greenhill & Co., Inc. is a leading independent global investment bank that provides financial advice on significant mergers, acquisitions and restructurings and manages merchant banking funds. With locations in New York, London, Frankfurt, Toronto, Dallas, San Francisco, Chicago and Tokyo, Greenhill is a trusted leader in international advisory on some of the business world’s most significant and complex transactions. Publicly traded, the firm serves a wide range of corporations seeking unbiased advice and assistance on important strategic issues.

COMPLIANCE CHALLENGES: PROTECTING SENSITIVE COMMUNICATIONS

As a leading financial services firm advising an international clientele, Greenhill is keenly attuned to compliance issues. To meet strict federal requirements for capturing the content of all interaction with customers, it must monitor and control all forms of communications. In its efforts to comply, Greenhill was experiencing numerous issues with its incumbent firewall from Juniper Networks. In particular, monitoring and controlling webmail was problematic. Webmail applications were easily evading detection by legacy “port-blocking” firewalls and other security infrastructure by tunneling over SSL. Greenhill needed a flexible solution that would afford it network visibility, even into activities tunneled over SSL, and then allow it to select which users to block, assign different blocking criteria for certain users, and set such policies based on an Active Directory (AD) group.

“We needed better visibility into our network in order to block access to certain applications – especially Gmail over HTTPS,” said John Shaffer, Greenhill’s Director of Global Systems and Technology. “We could see users were circumventing our blocking solution by switching to SSL encrypted versions of webmail applications.” The situation raised concerns internally about the firm’s vulnerability to data leakage and its overall compliance stance.

Shaffer sought to identify a superior, cutting-edge solution that was flexible and capable of keeping pace with evolving threats to bolster the firm’s confidence in meeting compliance regulations. “Network threats change constantly, so in terms of infrastructure and security we were not satisfied with the status quo,” Shaffer stated. Greenhill sought a more secure, nimble and comprehensive solution. Ideally, the solution would also allow it to consolidate functions like URL filtering, spyware and firewall activities -- which were currently being managed by multiple devices. By reducing the number of products it had to manage, Greenhill hoped to reduce its operational complexity and capital expenditures.

NEXT GENERATION FIREWALLS FOR APPLICATION VISIBILITY AND CONTROL

After reading about the PA Series next-generation firewall for granular visibility of threats and control of Internet applications in a leading technology publication, Shaffer arranged a trial. The demonstration instantly unearthed users accessing Facebook, Gmail, RSS, Google Desktop, AOL Instant Messenger (AIM), Meebo, Skype and Yahoo! Mail. “For the first time we could see exactly which users were accessing specific applications,” said Shaffer. “It was a very impressive demonstration.”

Greenhill’s IT team was equally awed by the flexibility the PA Series exhibited, especially by controlling application access on a per-user basis through integration with the network’s Active Directory. Another plus for Shaffer was the solution’s user-friendliness. “It’s really easy to set up,” relayed Shaffer. “I could do it by myself after just one walk-through with Palo Alto Networks.” Convinced, Greenhill purchased seven PA Series devices and installed them at five of its locations in the United States and abroad.

DEVICE CONSOLIDATION = BIG COST SAVINGS

The PA Series has delivered everything Greenhill hoped it would – and more. The firm has reined in webmail usage by blocking access to it unless a user has been added to the company’s Webmail Exception Users Group in the Active Directory. Greenhill is also successfully blocking peer-to-peer application usage, has heightened its anti-virus and anti-spyware capabilities, and significantly lowered its vulnerability to threats.

“We are pleased by the high level of visibility we now have as a result of installing the PA Series, especially our ability to see and control activity and access by user ID,” Shaffer said. “We’ve also been able to replace all of our incumbent firewalls and associated security appliances with Palo Alto Networks, greatly reducing our operational costs and capital expenditures. Most importantly, the move has inspired more confidence in our compliance strategy.”

In fact, Greenhill has designated Palo Alto Networks as the cornerstone in its worldwide security infrastructure upgrade. “We plan to make Palo Alto Networks our primary firewall at all of our corporate locations,” stated Shaffer.

ORGANIZATION:
Greenhill & Co., Inc.

INDUSTRY:
Financial Services

CHALLENGE:
User-based visibility and control of webmail to reduce risk of regulatory non-compliance.

SOLUTION:
Replace legacy firewalls with Palo Alto Networks PA Series next-generation firewalls for an unparalleled level of visibility and granular control of applications by user through seamless integration with Active Directory.

RESULTS:
Visibility and control of SSL applications.

Visibility and control of SSL applications.

Reduced risk from threats.

Heightened confidence in compliance posture.

Increased application visibility and control.

Creation of enforceable application use and flexible user group policy.

Cost savings due to device consolidation.