In brief
Bourse de Casablanca
Munisys
Financial Services
Financial services
70 staff; second largest
exchange in Africa
Casablanca, Morocco
Existing network security platform delivered reliable protection for data and applications. However, the Exchange was devoting more and more time to fixing incidents associated with resilience and performance.
Palo Alto Networks ML-Powered Next-Generation Firewalls, with Threat Prevention and GlobalProtect
CHALLENGE
The Bourse de Casablanca is the second-largest and most active exchange in Africa. Established in 1929, the Exchange is supervised by both the Moroccan Ministry of Finance and the Moroccan Capital Market Authority (AMMC).
The objectives of the Exchange are to assist in the economic development of Morocco, meet the needs of market operators – including investors, issuers, and operators – and ultimately to be ranked among the leading stock markets in Africa.
These objectives demand a rigorous and resilient network security strategy.
However, the Exchange’s modern applications are a complex, interconnected network of servers, data centres, and cloud environments. It’s a difficult challenge to maintain complete security visibility and control over this complex infrastructure while optimising performance. Moreover, the Exchange needs to manage a multitude of integrations and third-party providers, all the while adhering to strict financial compliance regulations and ensuring resilience and business continuity.
Mohamed Saad, Deputy Chief Executive Officer at the Bourse de Casablanca is well placed to take on these challenges. A forward-thinking and visionary technology leader, Saad has been instrumental in the growth of the Exchange. He is also a two-term president of Moroccan IT/Digital Users Association (AUSIM), which is committed to driving IT/digital development across Morocco.
“When it comes to data security we never stand still,” Saad explains. “We are continually looking at innovative ways to protect data and applications. In recent years, we faced an increasing number of incidents associated with the existing network security platform. We were confident the protection was good, but our network administrators were devoting more and more time to fixing resilience and performance issues.”
The new network security platform needed to protect critical financial data across two data centres (a primary data centre and a hot backup centre), more than 100 servers, and almost 100 users. Its number one priority? Saad explains: “Quality of service is the number one priority for the Bourse de Casablanca. Any degradation in performance or availability is unacceptable. It would have a huge impact on both our revenue growth and our reputation.”
REQUIREMENTS
The Exchange wanted to replace its legacy firewall with a modern, intelligent network security solution that would protect against ever-emerging threats. It needed a solution that would:
SOLUTION
The Bourse de Casablanca has deployed two Palo Alto Networks ML-Powered Next-Generation Firewalls (NGFW) to gain granular visibility, control, and consistent threat protection in the data centre environment – without added complexity. The NGFWs were seamlessly deployed by their implementation partner, Munisys.
Brokers, investors, and other stakeholders access the trading systems through the network security platform. Trading hinges on split-second pricing decisions – so milliseconds matter here. The two data centres are synchronised in near-real time to deliver exceptional trading performance. Latency is less than five milliseconds. “The performance from the ML-Powered NGFWs is exceptional and predictable,” says Saad.
The Palo Alto Networks NGFWs embed ML at the core and learn continuously from vast amounts of data to detect threats. “This is intelligent, simple, and versatile network security – all wrapped in one powerful platform,” Saad explains.
Application-based policy enforcement (App-ID), for example, enables Saad’s team to understand the behavioural characteristics of applications on the network and their risk to the Exchange’s operations. App-ID uses multiple identification techniques to determine the exact identity of applications moving across the network, including those that try to evade detection by masquerading as legitimate traffic.
Likewise, User-ID functionality enables the Exchange to identify all users on the network. Knowing who the users are – instead of just their IP addresses – improves visibility and provides a more relevant picture of network activity. “We always know who is using what on the network,” says Saad.
Palo Alto Networks also supports the rapid rise of post-pandemic remote working at the Exchange. Users and applications are rapidly shifting to locations beyond the Exchange’s traditional network perimeter. GlobalProtect protects this mobile workforce by extending the NGFW to all users, regardless of where they are working; securing traffic by understanding the application use, associating the traffic with users and devices, and enforcing security policies.
Palo Alto Networks Threat Prevention service completes this comprehensive network security deployment, delivering multilayer protection against attackers using evasive tactics to attempt entry to the Bourse de Casablanca network. Threat Prevention also blocks attacks on all the Exchange’s ports instead of invoking signatures on a limited set of ports. “Threat Prevention is an important component in the battle for cybersecurity, preventing advanced threats from attacking the Exchange,” says Saad.
BENEFITS
The Bourse de Casablanca benefits from complete security with no compromises. The result is better security, higher performance, and lower total cost of ownership. The benefits include:
As previously mentioned, Saad is a two-time president of AUSIM. How do other member organisations of the Association perceive Palo Alto Networks? “Many companies in Morocco follow the innovations we adopt here at the Bourse de Casablanca. They see the performance, latency, and availability we are achieving with Palo Alto Networks and are moving to deploy similar technology.”
Palo Alto Networks ML-Powered Next-Generation Firewalls embed machine learning directly in the core of the firewall to provide real-time IoT device identification and inline, signatureless attack prevention. Dive into the e-book on ML-Powered NGFWs. Cloud-Delivered Security Services (CDSS) reduce manual tasks and enhance security posture with a self-updating security platform that augments global threat intelligence to automatically counter attacks in near-real time.
Bourse de Casablanca was established in 1929. It operates under the supervision of the Ministry of Economy and Finance within the framework of a set of specifications. The mission of Bourse de Casablanca is to continuously enrich the offer of products and services, to develop and deploy a global strategy common to the various components of the stock market, to develop its infrastructure, to contribute to its development, and to manage the consecutive entities of the infrastructure under the Holding.
Bourse de Casablanca is positioned among the main markets in Africa. It has a capitalisation of USD 74,4 billion at the end of 2021. In recent years, Bourse de Casablanca has strengthened its openness to African financial markets, as well as its relations with the continent’s operators. It is an active member of the African Securities Exchanges Association (ASEA) and has held the presidency for nearly two years.