Next-Generation Firewalls enable unified security control and enhanced visibility at Movate

Partnering with major global cybersecurity companies, Movate needed to ensure that they had a very strong cybersecurity posture. When Mushtaq Ahmad joined the company as Chief Information Officer in 2017, he was entrusted with the task of establishing Movate’s technology strategy and roadmap, while also protecting the company from security threats. His first task was to evaluate the existing security solutions. “While assessing the existing solutions, it became clear that the security posture was not mature. It was time to take a holistic view of security and threats, and adopt a more proactive approach to security,” says Mushtaq.

For Movate, the existing legacy firewalls were inadequate to handle advanced cybersecurity threats and required upgrading. In addition, their endpoint security tool needed to be fortified as their traditional antivirus proved insufficient. Detection and prevention of sophisticated attacks was not possible with the existing solution. Similarly, siloed intrusion detection systems (IDS) and intrusion prevention systems (IPS) provided limited threat prevention services and individual detection, protection, and filtering were inadequate. With the onset of the pandemic and accelerated work-from-home (WFH) norms, every endpoint needed to be secured. “We needed to shift our security posture from being myopic to becoming comprehensive,” states Mushtaq. “Today, attacks are increasingly sophisticated, demonstrating a metamorphic character and constantly posing a threat,” he adds. Every endpoint is a mini corporate security point that needs to be secured. The IT operating environment is no longer within the traditional corporate security perimeter; it is now extended to every endpoint and edge system. The traditional approach to corporate VPN was also ineffective because of poor user experience, the hairpinning effect, and the inability to adopt cloud-based services.

Additionally, Movate’s challenges were network latency, poor end-user experience, high resource consumption, escalated costs, and the lack of a consolidated security posture. “We needed next-generation security tools that are application-aware, can prevent known and unknown threats, use threat intel feeds, conduct behavior analysis, can be monitored through centralized management, fit into the Zero Trust approach, and reduce detection and response time along with security automation,” explains Mushtaq.

Prior to deploying solutions from Palo Alto Networks, Movate had been using 16–18 traditional security products including multiple firewalls, filtering systems, antivirus tools, IDS and IPS, endpoint protection, and more. This meant having to monitor separate management systems and coping with interoperability challenges, resulting in slower detection, response, and remediation times.

Signature-based antivirus tools worked when the company had 5,000–6,000 employees, but this needed to be upgraded to cater to the current number of 11,700+ people. A broken, siloed, and short-sighted approach meant increased staffing, deliverables, and infrastructure that resulted in cost escalation. Movate looked for a solution that could meet the following requirements:

• Automated detection and response capabilities
• Analytics-driven detection to detect and block sophisticated attacks; user entity behavior analysis (UEBA)
• Increased network visibility with comprehensive security and centralized management

Given the scale and complexity in terms of threats, Movate knew they had to look for innovative solutions in the market to stay ahead of ever-evolving threats. “With disparate security technologies, it was difficult to assess if Movate truly had 100 percent visibility across the entire network,” says Mushtaq, sharing his views on the use of multiple vendors and tools with siloed functions.

With the evolution of digital solutions over the last few years, organizations are struggling to play catch up with their security tools adoption, as technology and cloud adoptions have accelerated tremendously. “Earlier, when a company invested in security, they wanted to know what the return on investment would be. This is no longer the case. Companies are well apprised of the importance of establishing discipline in their security processes to ward off potential cyberthreats,” reiterates Mushtaq. Threats need to be isolated immediately by amplifying endpoint security, and today with work from home gaining momentum, encryption is mandatory and multifactor authentication is the norm.

After an extensive evaluation with all leading vendors in the space, Movate opted for NGFWs, Panorama, and Cortex XDR from Palo Alto Networks. Detection and prevention of sophisticated attacks were not possible with their legacy solutions. Movate implemented Cloud-Delivered Security Services (CDSS), which included WildFire and Threat Prevention. WildFire, a cloud-based malware analysis solution, enables Movate to easily detect and stop malware in real time. Threat Prevention safeguards Movate’s network from known threats and blocks threats at both the network and application level.

To quote Mushtaq, “Sophisticated attacks use detection-evasion techniques. Detection of such attacks are difficult and can be greatly improved by data analytics and user and entity behavior analysis (UEBA). Movate leveraged Cortex XDR to ingest alerts from different systems, stitch them together in order to detect attack patterns and prevent sophisticated attacks. Palo Alto Networks offered us advanced technology capabilities and a compelling technology roadmap, which was aligned with ours. The team demonstrated flexibility of service, response, and due diligence on various parameters.”

Moving from one vendor to another can be challenging, due to overlaps, refinement, and optimization, but a good centralized management solution like Panorama makes all the difference. Transition, migration, and deployment were staggered, but Panorama helped simplify the process over eight months. The Cortex XDR implementation was seamless, accelerated, and with no downtime. Split into three phases of detection, identification, and prevention — migration was completed in a month.

Enhanced visibility and control

Through the deployment of Palo Alto Networks NGFWs and CDSS, Movate has gained application usage, visibility, control, and vulnerability protection. With Panorama, the company has realized the benefit of ease of implementation and centralized management, allowing them insight into network-wide traffic and simplification of configurations. Cortex XDR helps Movate achieve enterprise-wide protection by analyzing data from many sources to stop sophisticated attacks. Cortex XDR also safeguards all endpoints and remote workers with NGAV and host firewalls.

Zero Trust Strategy

With a boundaryless working environment and sophisticated, detection-evasion attack techniques adopted by adversaries, data, and analytical-driven cyberthreat detection and prevention approaches will play a vital role in cybersecurity. As technology and cloud adoption increase, attackers are on the lookout for new attack vectors to exploit the victim. Movate’s cybersecurity strategy is to adopt Zero Trust, AI, ML, and data-driven analysis approaches to handle ever-evolving cyberthreats.