Story Summary
Delta Holding was attacked on several occasions by ransomware, which disrupted business productivity and required added expense to protect vital data on separate backup systems. The Company also needed three separate systems to protect its internal users, DMZ and VPN users.
By replacing its three previous systems with the integrated Palo Alto Networks Next-Generation Security Platform, Delta Holding eliminated ransomware and gained a comprehensive, preventive shield against malware and zero-day attacks. By segmenting network traffic based on roles and responsibilities, Delta Holding reduced bandwidth consumption by 30 percent. By consolidating on the Palo Alto Networks platform, the Company also reduced device administration time by 20 percent and lowered support costs by $50,000–$60,000 over three years. Deployment was completed by Delta Holding network team: Dusko Minic, Milan Piscevic, Dusko Vukotic and Bojan Vujanovic with the support of local partners, S4E CHS and E-Smart Systems.
Putting a Stop to Cyberattacks
These days it’s challenging enough for a single organization to protect itself from sophisticated and persistent cyberattacks. Imagine being a central point of cyberdefense for multiple organizations spanning an entire country. This is the monumental task faced by Delta Holding.
Delta Holding comprises three distinct companies, each operating autonomously while under central direction from the holding company. The individual companies also run a variety of businesses ranging from food processing to shopping malls and transportation logistics—nearly a dozen in all. Each business unit has unique market objectives and operating demands, but they all share one thing in common: constant attacks by cybercriminals.
To protect central operations and its individual businesses, Delta Holding tunnels traffic from more than 500 network devices in 100 geographically dispersed locations through a single termination point in its corporate data center. In the past, Delta Holding ran two separate firewalls—one for its internal user network and another for the external-facing network DMZ, which provides central access to the internet. Plus, the Company had a third virtual private network (VPN) device to enable mobile network access.
Despite these security measures, Delta Holding was attacked on multiple occasions by ransomware, including CryptoLocker, which affected business and sapped many hours of IT time to remediate the infection. To prevent such attacks and improve overall network visibility and control, Delta Holding decided to replace its legacy firewalls with the Palo Alto Networks Next-Generation Security Platform.
Bojan Vujanovic, network engineer with Delta Holding, explains, “We considered other vendors, but a detailed analysis of the devices revealed that Palo Alto Networks offered the most advanced and comprehensive set of security capabilities to protect our enterprise.
“Compared with similar solutions from other manufacturers, the main advantage with Palo Alto Networks was our satisfaction with service and support, the best ratio of price and optimal hardware configuration, and an easy way to migrate from existing solutions. Palo Alto Networks partners were professional about our functional requirements and organized a series of constructive meetings, which resulted in the selection of the optimal device from the PA- 3000 Series firewalls and subscriptions to support all our current and future security needs,” says Vujanovic.
Complete Protection on a Single Security Platform
Delta Holding first replaced Microsoft® Forefront® Threat Management Gateway (TMG), which was previously deployed on its user network, with a Palo Alto Networks PA-500 next-generation firewall. When IT forecasts showed that, within a year, over 50 percent of all traffic would be SSL-encrypted, the Company decided to upgrade the PA-500 to a PA-3020 next-generation firewall, which provided additional capacity for SSL decryption and higher throughput to handle increased traffic. At the same time, Delta Holding replaced its legacy Cisco ASA firewalls deployed in the DMZ with a second PA-3020 next-generation firewall.
The Company also included subscriptions for Threat Prevention, URL Filtering, GlobalProtect, and WildFire threat intelligence cloud services—all part of the Palo Alto Networks Next-Generation Security Platform. The platform delivers application, user and content visibility and control, as well as protection against known and unknown cyberthreats. The threat intelligence cloud provides central intelligence capabilities and automates the delivery of preventive measures against cyberattacks.
“Our prime requirement was to block ransomware and other advanced cyberthreats,” notes Vujanovic. “With so much more SSL traffic expected, we also wanted greater visibility of all traffic, and we needed better URL filtering that we could base on individual users not just IP addresses. Palo Alto Networks met all our security needs on a single platform that offered easy integration with Active Directory and simple administration.”
The Palo Alto Networks platform currently supports approximately 2,000 daily users (1,000 computers and 1000 guest devices), as well as numerous servers and sites on Delta Holding’s DMZ.
Freed the Company of Ransomware
Since implementing the Palo Alto Networks Next-Generation Security Platform, Delta Holding has all but eliminated ransomware while improving the effectiveness and efficiency of its entire security strategy. For example, previously the Company’s only defense against ransomware was to back up a separate set of servers just for its most critical data. This was a very time-consuming process, plus it required a lot of extra data center space—and expense—for the additional servers.
Now with the Palo Alto Networks platform providing a preventive security shield on-site, as well as threat intelligence cloud services for added protection against zero-day attacks, Delta Holding no longer requires the extra servers to protect its critical data.
“We have not had one instance of ransomware showing up since adopting the Palo Alto Networks platform with WildFire,” Vujanovic reports. “We tested WildFire on a computer loaded with new and previously unknown viruses. It successfully found them all while our antivirus software did not. The Palo Alto Networks platform proved to have very strong prevention. We now have more trust in Palo Alto Networks to block viruses and malware than our antivirus software.”
Secure Network Access for Remote Users
Delta Holding also improved security for remote users accessing network services. Numerous outside consultants, vendors and traveling employees require VPN access, which was traditionally a tedious process to set up. Moreover, the Company had little to no control over application traffic coming in from remote users.
GlobalProtect solved these issues. With GlobalProtect, Delta Holding brings all traffic from remote and mobile users through its next-generation firewalls to maintain full visibility and control. Vujanovic remarks, “GlobalProtect makes it much easier to deploy VPN clients because Palo Alto Networks does it all on one device.”
Traffic Control Improves Network Utilization
Internally, the Company takes advantage of User-ID and App-ID to segment and control traffic based on roles. For example, groups are organized as “standard,” “multimedia,” and “advanced” users. Standard users are permitted access to certain internet sites, such as Facebook, but chat capabilities are blocked. Multimedia users, however, may use chat and other internet sites, like YouTube, as they relate to sharing pertinent Company information or serving customers interactively. Finally, IT staff are primarily advanced users who required comprehensive access to all applications and sites.
“By segmenting traffic we freed up 30 percent more bandwidth for much greater utilization,” says Vujanovic. “Segmenting traffic also helps with productivity. For example, we don’t allow accountants to listen to music online.”
Less Time Spent on Administration
Setting up rules and policies on Palo Alto Networks platform has proven much easier than Delta Holding’s previous firewalls. While the access control list (ACL) on its Cisco ASA contained approximately 1,000 rows, Palo Alto Networks has only about 200.
Vujanovic comments, “Palo Alto Networks has much better organized rules and more automation, which keeps the number of rows much lower. Policy administration is simple because almost everything can be done through the GUI. That’s not the case with other vendors. We spend 50 percent less time now on policy management with Palo Alto Networks.” Reporting is also much easier. This is especially important since various organizations across Delta Holding require different reports. For instance, the IT manager is most interested in seeing who consumes the most bandwidth, while line of business managers may want to keep tabs on which internet sites their staff visits.
In all, Vujanovic creates nearly a dozen different management reports each month. “Reporting is very easy because I can reuse the same basic report template and only change two or three settings to customize it for each management group,” he says.
Consolidated Platform Does More for Less
In addition to strengthening security and simplifying administration, Delta Holding also consolidated its network security footprint. Instead of separate systems for users, DMZ and VPN, everything is now unified on the Palo Alto Networks platform. With just one device to manage instead of three, device administration time was cut by at least 20 percent. The Company also projects substantial financial savings.
“Over three years we expect to save $50,000 to $60,000 in support since consolidating on Palo Alto Networks,” Vujanovic states.
In addition, Vujanovic notes that the Palo Alto Networks platform is highly reliable and requires very little hands-on management. In fact, the platform has provided 99.999 percent uptime since deployment; and, in the rare instance that support has been needed, Palo Alto Networks has responded promptly.
“The support from Palo Alto Networks has been excellent,” he says. “We’ve only had a couple of issues with fan failures, and the support organization came right out and replaced the whole device to ensure we did not have any other problems. Premium Support package meets all of our business needs.”
Vujanovic concludes, “With an integrated platform like Palo Alto Networks, we reduce cost, save on management time, and improve our security. It does everything for us on one platform. We’re confident we have comprehensive protection, that all vulnerabilities will be identified and blocked from getting to our data center. That’s peace of mind for all of our businesses in Delta Holding.”