As a financial services infrastructure provider for all commercial bank payments in Romania, TRANSFOND has an enormous responsibility. Interbank payment transactions may occur at any time, day or night, demanding the highest levels of system availability. Naturally, securing those transactions is a top priority—a breach of any kind threatens the entire Romanian economy. Marian Simion, TRANSFOND’s chief information officer, understands this as well as anyone.
Mr. Simion explains that TRANSFOND has focused on security from the beginning, and it relied on firewalls provided by one of the biggest networking companies to protect its network for many years. However, when the support contract was running out on those devices, and as cyberthreats were becoming more sophisticated and stealthy, Mr. Simion decided to take a fresh look at the security market.
“We operate a private data network with strong security, but we cannot control how well our clients secure their networks,” he notes. “We need to take our own measures inside TRANSFOND to block any kind of attacks or potential misuse of the infrastructure that could originate with a client and end up putting our services at risk.”
Somewhat skeptical of large enterprises for which security is only one of many offerings, Mr. Simion turned his attention to companies focused solely on security. “We were looking at companies with a successful track record, and strong innovation and investment in the future of security. From these criteria, we found Palo Alto Networks.”
After analyzing market reports from IDC, Gartner, and others, Mr. Simion conducted an intensive proof of concept with Palo Alto Networks and several other top contenders. He says it was not an easy decision, but in the end, Palo Alto Networks products seemed to be better tailored for company specific security needs. “The Palo Alto Networks Security Operating Platform offered advanced capabilities and security intelligence that convinced us it was the most robust offering analyzed. A key point was the synergy that the integrated platform brings, with network security and advanced endpoint protection parts of a common security infrastructure.”
TRANSFOND now has eight Palo Alto Networks next-generation firewalls deployed across its data centers in high availability configurations. One zone secures production operations while the other zones include non-production workloads, such as test and development. Traffic is segmented based on specific traffic patterns identified by Palo Alto Networks technology.
Mr. Simion takes advantage of App-ID™ technology to filter traffic, which he says makes it easier for the company’s security experts to configure the next-generation firewalls. “With App-ID, we don’t have to write a whole bunch of code by hand to identify the applications. It provides everything to identify the applications for us, so it’s faster and easier to define rules according to application type.”
The next-generation firewalls effectively prevent malicious traffic and exploits from successfully breaching TRANSFOND’s network and potentially disrupting payment services. To also ensure cyberthreats are stopped at the company’s endpoints, Mr. Simion deployed Traps™ advanced endpoint protection on the workstations all 150 employees use. He notes that while the main TRANSFOND network is closed, users have access to the internet, too. Even with multiple levels of security, Traps actively identifies and automatically blocks threats attempting to break in through the endpoints. In fact, Mr. Simion is so confident in the effectiveness of Traps that he intends to stop using separate antivirus software in the future.
“Antivirus has become insufficient from a security point of view. You cannot rely on something that only looks for signatures to protect your workstations. You need something more intelligent that looks at potential threats in many different ways and understands the behavior of people using the workstations to detect abnormal activity.”
He adds, “We are very satisfied with the results since deploying Traps. I can say that, since we installed Traps, we have not had any issues on workstations that required remediation or special intervention from our security team. From an operational point of view, by using Traps, we are spending less time monitoring the workstations.”
The security team at TRANSFOND takes full advantage of Panorama™ network security management as a single, centralized point of administration for the entire security infrastructure. Mr. Simion points out that one of the most important benefits of Panorama is the visibility it provides into network traffic.
“The visibility we get from Panorama helps us identify issues faster, which is very important to us because we have strict SLAs. Good visibility also helps with forensic analysis—more detailed information allows us to understand what is happening on our network more easily. This is another important capability to meet our network uptime and performance obligations.”
He goes on to say that a significant differentiator for Panorama is its ability to collect so much detailed information on network activity that can be used to run reports and perform analytics to identify trends, troubleshoot issues, and forecast future requirements.
“Panorama does a great job of aggregating all the rich information provided by the next-generation firewalls,” Mr. Simion says. “This helps us continually refine security rules and policies as our network evolves and zone requirements change.”
He concludes with a good-natured anecdote: “At first, our security experts were not very happy about the change, but after a couple months, their mood was different. Now, they are quite happy to tell me how easy it is to work with Palo Alto Networks; that they have an excellent view into the network. Change can always be a little difficult, but they see now this was change for the better.”