As the world’s largest holder of crude oil reserves, Saudi Arabia closely monitors every aspect of how this vital natural resource is processed. Overseeing this is the Ministry of Energy, Industry and Mineral Resources. The ministry is primarily responsible for policies concerning oil, gas and natural minerals in the country, as well as new initiatives, such as renewable energy from solar and wind resources.
As a government agency operating in the energy sector, the ministry is a major target for cyberattacks, and its endpoints are among the most vulnerable parts of its infrastructure.
Wahid Hammami, the ministry’s IT director, remarks, “We’re attacked continuously with everything from [distributed denial of service] to ransomware and malware callbacks. The weakest point is often the end-user workstation. If you protect those endpoints effectively, you protect your enterprise.”
To ensure strong security at the endpoint, Hammami implemented Traps™ advanced endpoint protection, part of Palo Alto Networks® Security Operating Platform, which also includes next-generation firewalls and numerous integrated threat intelligence services. Traps protects approximately 500 workstations within the ministry, used by everyone from top executives to clerical staff. The ministry previously used Microsoft® antivirus in combination with FireEye®, but it recognized the need for a more advanced, preventive approach to endpoint security.
Hammami evaluated several other endpoint protection solutions, including Fidelis Cybersecurity®, Carbon Black® and Tripwire®, but ultimately concluded that Traps offered the most advanced and complete protection. “We did not see any product that could compete with Traps,” he says. “Traps is unique because it detects the methods hackers try to use for an attack and prevents them from getting through. That is very important to us. With prevention, we don’t have to worry about remediation and the disruption that creates.”
Since deploying Traps, the ministry no longer uses antivirus software. Hammami notes, “I don’t see any value in traditional antivirus anymore. There’s really no need for it when you have a product like Traps.”
With Traps, the ministry now blocks known and unknown cyberthreats automatically, including those that may come in the form of executable files via email or removable media, as well as targeted attacks and phishing schemes. Traps sends any suspicious traffic it detects to WildFire® cloud-based threat analysis service, part of the Palo Alto Networks platform, which safely detonates files to determine their threat status. This multi-method prevention strategy has virtually eliminated incidents of cyber invasions, including zero-day exploits, with no negative impact on workstation performance or end-user productivity.
“We used to see a massive number of alerts every week about ransomware and callbacks on the workstations,” Hammami recalls. “With Traps, these alerts have stopped.”
As Hammami works to further strengthen the ministry’s security posture, he has implemented a next-generation firewall in one office and plans to add others, along with Panorama™ network security management for central control of the network security infrastructure. Moreover, he foresees the ministry’s current Traps implementation growing to between 2,000 and 2,500 users within the next few years.
“Palo Alto Networks leads the market in next-generation firewall capabilities, like application awareness and user behavior analytics,” Hammami asserts. “No one is stronger. And the tight integration of network security with endpoint protection is very important to us. It will provide us with a prevention-based model to secure the vital work of the ministry from end to end.