Ensure secure business operations to protect digitized financial processes and enable employee productivity to serve credit union members in the most efficient and effective way possible.
Palo Alto Networks Security Operating Platform provides end-to-end network security, controlling inbound and outbound network traffic for on-site and remote users to proactively guard against credential phishing and cyberattacks of all kinds as well as optimize secure remote access and bandwidth utilization across a global network of corporate offices.
Threat Prevention, URL Filtering (PAN-DB), WildFire, GlobalProtect, Panorama
PA-5050 (2), PA-200 (2), PA-100 (1)
STCU is a not-for-profit, member-owned financial cooperative providing a wide range of personal and business banking services, from checking and savings accounts to loans and investment products. Established in 1934 to serve a handful of educators and their families in Spokane, Washington, STCU ended 2017 with more than 640 employees serving more than 170,000 members across all walks of life in the inland Northwest.
Like any modern financial institution, STCU – a not-for-profit, regional credit union – needed to protect its digitized assets from cyberthreats and secure its network against malicious traffic from internal or external sources. STCU's previous cluster of legacy firewalls did not provide sufficient visibility or control to prevent advanced cyber exploits, and with separate proxy servers and a VPN appliance, the security infrastructure had become cumbersome and costly to manage. To simplify its approach to security with next-generation capabilities that would ensure secure, productive operations, STCU consolidated on the Palo Alto Networks® Security Operating Platform.
The platform brought STCU the complete visibility and granular control it needed to secure all traffic on its network with preventive, application-aware security policies and automated, cloud-based threat analysis. The Security Operating Platform blocks hundreds to thousands of attempted cyberattacks per day and ensures only permitted traffic traverses STCU's network. This keeps malware from interrupting business operations and enables employees to focus on serving the needs of STCU's members. Extending the platform's capabilities to mobile and remote users eliminates any gaps in STCU's security that could stem from users trying to circumvent the credit union's VPN. In addition, STCU projects device consolidation will help the union avoid costly upgrades, support and licensing costs while greatly simplifying the monitoring and administration of its security infrastructure.
Ensuring Secure Operations to Serve Members
Most people value a close-knit community – an atmosphere of neighbors helping neighbors. It might mean something as simple as bringing a pot of chicken soup to someone feeling under the weather, or as elaborate as helping a family rebuild their house after a fire. For an English teacher named Ernie McElvain, it meant providing his fellow teachers in Spokane, Washington, with a cooperative way to save money for the future or get small loans to buy things for their families. That's why, in 1934, Ernie established STCU.
It was a homespun business. Not for profit. The fledgling financial institution used nothing more than a shoebox to store cash and receipts. To conduct business, one rang a bell on a rope hung from the second story of the schoolhouse where Ernie set up shop.
Of course, since Ernie's day, much has changed in the way STCU handles money. The company has opened its doors to anyone who lives, works, worships or goes to school in Washington or North Idaho. But much has not changed at the core of this company's spirit of community. That's what Shawn Hafen found when he stepped into the position of information security analyst at STCU. Hafen says the sense of comradery was like night and day compared to the world of big banking where he worked previously.
"The culture at STCU is amazing," he says. "Everyone works together with a common purpose to serve our members in the most efficient and effective way possible. Everything we do is always with the best interests of our members in mind."
STCU's operating sentiment to "keep the heart of the member" applies as much to the tellers, loan officers and business administrators working directly with the members as it does to the back-office teams running the computer systems, networks and applications that form the technology foundation of this modern financial institution.
Now the largest and most successful credit union in the inland region of the Northwest, STCU has digitized much of its banking, lending and investment operations. With that comes the great challenge of our modern age: keeping digital assets secure in the face of relentless cyberthreats. This is where Hafen keeps his mind on the heart of the member.
Hafen sums it up like this: "Our goal is to enable STCU employees to just do their jobs to serve members without worrying whether the data they send on our network is secure or if some malware is going to take down their computer."
To meet that goal, Hafen and his colleagues rely on the Palo Alto Networks Security Operating Platform.
Consolidation Simplifies Network Security and Saves Money
The Security Operating Platform replaced proxy servers, a VPN appliance and a cluster of legacy firewalls with a single, integrated platform for end-to-end network security. The credit union has deployed one Palo Alto Networks Next-Generation Firewall at its corporate headquarters as a secure gateway on the internet edge, with a second one in its disaster recovery site to ensure business continuity. STCU further enabled the Security Operating Platform with subscriptions to Threat Prevention, URL Filtering, GlobalProtect™ network security for endpoints and WildFire® cloudbased threat analysis service.
"A really great feature of the Palo Alto Networks platform is that the threats, URL categories and even the application IDs are constantly being updated automatically," notes Hafen. "For the most part, we can sit back and feel safe knowing that those updates are happening. You're not going to get that on anything but the Security Operating Platform."
Instead of having separate devices that each require their own administration and support, STCU now has a consolidated security environment that simplifies the physical security infrastructure as well as the monitoring and controlling of network activity across the enterprise.
"By funneling all traffic through the Palo Alto Networks platform, we have complete visibility of everything coming into or going out from our network, so there are no black holes," says Hafen. "From a security analysis standpoint, it's amazing to have that level of visibility in one location and not have to bounce around between different interfaces. Compared to other security solutions I've worked with, the Palo Alto Networks platform is like a breath of fresh air. It's just much simpler and more intuitive."
As an example, Hafen describes his experience setting up a block for a geographic region. "Traditionally, you'd have to find all the IP ranges for that particular region, copy and paste them in a CLI, walk away and have a sandwich, then come back and hope that the paste completed. On the Palo Alto Networks platform, the geo blocks are built in. All I have to do is add the region to my security policy, commit, and we're good to go. That's how simple it is to make policy changes on the Security Operating Platform."
Consolidating on the Palo Alto Networks Security Operating platform also provides long-term financial benefits for STCU. Instead of paying for licenses, upgrades, support and electricity for multiple devices, Hafen projects that STCU could avoid thousands of dollars in capital and operational expenses with the move to the Security Operating Platform.
Granular Visibility and Control of Network Traffic
Through the platform, Hafen sees hundreds, and sometimes thousands, of cyberthreats attempting to break into STCU's network every day. There is a lot of port scanning – "people just jiggling the doorknob," he quips – but ransomware, phishing campaigns and the full gamut of other cyber exploits are also constant threats. However, the Security Operating Platform keeps these threats at bay so the credit union can serve its members without interruptions.
Hafen remarks, "We look at the threat logs and URL activity all day to keep our thumb on the pulse of what people are doing on the network, both internally and externally. Most real threats are blocked automatically, and some things are just normal, benign noise. Occasionally, we see something that requires further investigation. For example, an employee may visit a legitimate website, but the next-generation firewall blocks something else that the site is trying to run in the background. When we dig in, we often find cryptojacking, or hidden code that tries to mine cryptocurrency from the user's computer. With SSL inspection, we can see into all those deep, dark holes, then either advise the user to avoid that website or add a new block."
WildFire cloud-based threat analysis service provides another layer of protection against unknown threats and zero-day attacks. Hafen uses the WildFire API to link the service with other products, like an email filter. In this case, if an employee receives an unexpected email attachment, Hafen can review the WildFire analysis to determine whether the attachment is benign or malicious before the employee opens it.
In addition, Hafen takes full advantage of App-ID™ and User-ID™ technology for more granular control over internal and external traffic, allowing him, for example, to spot IP addresses that are calling out to suspicious destinations or known blocked sites. "User-ID tells me which individual was last associated with that IP address so we can investigate exactly what they were doing and, if necessary, disable further network activity from that address."
Hafen also applies App-ID to nearly all his security policies, often coupled with User-ID. This way, if someone wants to use a particular application to work with a web service, the security policy will ensure that only that application, originating from the user's source ID and going out through the application's default port, is allowed.
Hafen points out, "Having the extra granularity that Palo Alto Networks App-ID and User-ID provide means that the traffic on our network is only the traffic we specifically allow, and nothing else."
Extending Next-Generation Security to Mobile and Remote Users
For STCU, another advantage of the Security Operating Platform is having GlobalProtect to extend next-generation security capabilities to mobile and remote users, even when they're not directly connected to the corporate network. Hafen installs the GlobalProtect app on all corporate-issued mobile devices, so whether employees use secure Wi-Fi in the office or personal internet connections at home, all their traffic is inspected and controlled based on corporate security policies.
"We received a lot of positive feedback from employees after we introduced GlobalProtect," Hafen reports. "People like that all they have to do is log on to their laptop and they're automatically connected to our secure network, regardless of their physical location."
He adds, "From a security perspective, I like that a remote user can't bypass the VPN from their laptop and start visiting sites that wouldn't be allowed on the corporate network. That had been a huge security gap in the past. With the always-on functionality of GlobalProtect, we're not leaving open any gaps in our security."
Centralized Management Saves Time, Accelerates Responsiveness
To simplify managing the Security Operating Platform, Hafen uses Panorama™ network security management, which provides a central vantage point from which to configure security profiles, monitor the network, store and analyze logs, and issue policy updates. This has proven to be a major time-saver.
"If I need to update the next-generation firewalls, it's blink-ofan-eye fast in Panorama – just about three clicks – where with traditional firewalls, it could take minutes, hours, or even days depending on the changes being made and how many devices are being changed," says Hafen. "I also like that I can have multiple logs open at the same time in Panorama. I set the logs to refresh every 60 seconds, which gives me a near-real-time view of everything happening on the network, and it's always right there at a glance, so I don't have to constantly go back and forth between different interfaces. If I need to investigate something, Panorama also lets me go back a lot farther in the logs than I could on the firewall itself. It saves me all kinds of time. And in this line of work, you need to spot issues and react to them as quickly as possible. Having a tool like Panorama at my fingertips is very helpful."
Hafen's experience with the Security Operating Platform has been so positive that he's now looking ahead to how Palo Alto Networks can extend STCU's security capabilities into the cloud.
"As we adopt cloud solutions, we're going to want a consistent approach to security whether workloads are running in our data center or in the cloud," Hafen advises. "With the Palo Alto Networks next-generation firewalls, it will be super easy to set up an IPsec tunnel between the cloud and our on-site platform so everything is working together, and allow us to apply our security policies consistently whether users are connected to the cloud, our data center, or working from home. That's the next stage in how we will maximize efficiency and security to serve our members the best way possible."