Upgrade firewalls to strengthen security and simplify management.
Palo Alto Networks next-generation firewalls with URL Filtering, Threat Prevention, WildFire and Panorama.
Bank Central Asia is one of Indonesia's leading retail banks. The bank has approximately 16 million customers, 1,213 branches and 17,207 ATMs. It also manages a growing mobile and internet banking operation.
Whereas ATMs use dedicated connectivity for transactions, mobile transactions rely on the internet to ensure everyone has full, anytime access. However, such high exposure comes with major security risks, therefore demanding the need for advanced security protection.
"Mobile is growing 20 percent year-on-year. It's now ahead of ATMs in terms of the volume of transactions," says Lily Wongso, senior vice president, Network Data Center Group, Strategic IT, Bank Central Asia. "We want to digitize more of our brands as well as automate the back office."
For digital banking to work, Wongso believes that customers must enjoy an "always-on" experience with the full assurance of rock-solid security.
"As BCA launches more internet-based applications, we need to proactively defend our business from cyberthreats," says Wongso. "There are lots of security threats, and sometimes we don't always recognize how many and how varied they are."
With the bank's legacy firewalls starting to struggle to identify attacks, as well as issues regarding bandwidth management, the bank began searching for a next generation firewall. It was this search that led Wongso to Palo Alto Networks®.
"It was clear our previous firewalls weren't working hard enough," she says. "We only had Layer 3 network firewalls. We had no next-generation firewalls, or firewalls that were capable of URL filtering, threat prevention or decrypting SSL traffic."
Furthermore, the bank lacked visibility. Wongso continues: "We knew traffic was going through our applications, but we had no idea about the characteristics of this traffic. We therefore needed granular detail."
To upgrade its firewall security, Bank Central Asia selected Palo Alto Networks next-generation firewalls, as well as deployed the WildFire® cloud-based threat analysis service, which automatically detects, analyzes and prevents serious threats, such as malware. In addition, Panorama™ network security management was also deployed, providing static rules and dynamic security updates, thereby enabling the business to better deal with the ever-changing threat landscape. Improving security, the adoption has also allowed the bank to reduce administrator workload through a single rule base for firewalls, Threat Prevention, URL Filtering, App-ID™ and User-ID™ technology, file blocking, and data filtering. On top of all this, the entire transition needed to be completed as quickly as possible – with the entire project taking less than two months from the moment the boxes arrived.
Palo Alto Networks next-generation firewall classifies all traffic, including encrypted traffic, by application, function, user and content. As a result, Wongso's team can now create comprehensive, precise security policies that safely enable new applications. This also ensures only authorized users can run sanctioned applications, thus greatly reducing the surface area for cyberattacks across the entire bank.
"We're already seeing the difference," says Wongso. "Palo Alto Networks next-generation firewalls enable us to simply enforce both network-layer and application-layer policy in a single rule, while Panorama gives us complete visibility from one console, and with no additional operational complexity. We can now make all changes from one place, including bandwidth management and firewall control, in near-real time, with most of the work becoming automated."
In addition to security improvement, Wongso says the multi-network translations feature of Palo Alto Networks Next-Generation Firewall brings flexibility for the bank, especially for business partnerships. "We deal with partners in our host-to-host business which sometimes bring their own IP addresses. These can, at times, be difficult to change due to a variety of reasons. It is now much easier to manage this."
Wongso credits Palo Alto Networks with elevating the bank's entire approach to security. "From sales to engineering, Palo Alto Networks has been helpful and engaged. For the day-today needs, we've tended to work through a local partner, but Palo Alto Networks has always been on hand whenever we've needed to escalate something. They've also been proactive in keeping us updated regarding new features, as well as helping to create a product roadmap. For instance, Palo Alto Networks local support kept us updated regarding the Cisco ACI integration, with such assistance being hugely helpful."
"Here at Bank Central Asia, we need to remain vigilant. When you start to feel comfortable about security, that's when you open yourself up to risk. Palo Alto Networks helps keep us ahead of the game."