at a glance

Reduce impact of attacks by strengthening endpoint security for 16,000 employees

Palo Alto Networks Traps to preemptively block both known and unknown threats


  • Reduced attack surface by strengthening endpoints
  • Delivered data to enable analysis of new threats
  • Provided visibility of threat landscape
  • Secured PCs for appr.16,000 employees


VakıfBank is one of the biggest banks in Turkey. It has 924 branches, 3,917 ATMs and approximately 16,000 employees, and plays an important part in financing the country’s domestic and commercial trade. In addition, it has operations in New York, Bahrain, Germany and Austria.

"Cyber attacks on the financial sector are increasing year on year," says Evrim Eroğlu, Head of Security Infrastructure Operations, VakıfBank. "No environment is 100 percent secure, but we can reduce the surface of attack. Our intention is to focus on the weakest point in the chain: our endpoints." Endpoints matter, he says, because, with employees becoming more mobile in their work culture, laptops are used off the network: "Mobility is an important issue. Protecting our own network wouldn't be enough to keep us secure."

Eroğlu's contention is that traditional signature-based security is not enough to protect against the variety of attacks faced by a modern bank: "They are incapable of detecting or protecting against zero day attacks."

The bank created a proof of concept to review options from leading security solutions providers, testing against 100 known malware variants. "We tested several products," says Eroglu. "McAfee, Comodo, FireEye, Carbon Black, Trend Micro, Check Point … none of them were able to detect and stop this kind of attack. Traditional antivirus security was not the solution. We were using McAfee Endpoint Security, and it wasn’t able to detect every threat (zero-day attacks). Only Traps from Palo Alto Networks worked."

Traps will replaces AV with multi-method prevention: a proprietary combination of malware and exploit prevention methods that pre-emptively block both known and unknown threats.

The PoC was carried out through the summer of 2016. The roll-out of Traps to more than 16,000 VakıfBank PCs started in the October.

"We've had to be careful with the roll-out, testing at every stage," says Eroğlu. "We wanted to be sure there was no impact on any of our critical business applications. We had issues with other solutions during the PoC, slowing the performance of PCs. That hasn't happened with Traps.

"It was important we had a cautious, planned and smooth roll-out of Traps. We started with 50 PCs, then 100, then 1,000 and another 1,000, then 5,000. At every stage, where there were concerns, Palo Alto Networks addressed them."

Analysing the threat landscape

Traps, says Eroğlu, protects and detects, and provides the information his team needs to follow up and analyse new threats. "We've seen the benefits from day one, even before the roll-out was fully completed. We're certainly more secure as a result of Traps, but we remain vigilant.

"The threats keep coming. What's invaluable about the Palo Alto Networks offering is that we now have more data on which to forensically examine threats, and their potential impact."

The introduction of Traps will enable VakıfBank to make cost savings as it allows its anti-virus licences to expire over the next two years. However, Eroğlu says extra investigative work means it is unlikely that operational costs of security come down. The smooth implementation of Traps, and it's immediate effectiveness, have encouraged a greater appetite for tackling security. The bank is planning a new Security Operations Center.

“We don’t just want to react to threats as they arrive; we want to see them coming. We have to work harder than ever. Traps means we see new malware and we have greater visibility. Now, the challenge for us is to switch from being reactive to proactive,” concludes Eroğlu.


Traps Advanced Endpoint Protection AV-Comparatives Award

AV-Comparatives, the independent organization that tests and assesses antivirus (AV) software, announced the completion of its 2017 “Comparison of Next-Generation Security Products” and presented Traps advanced endpoint protection with its “Approved” award. The firm conducted a series of malware protection and exploit prevention tests on Traps during September and October 2017. Download the report to view the results of this test.
  • 1
  • 8447

Traps: Advanced Endpoint Protection

Palo Alto Networks Advanced Endpoint Protection represents a complete paradigm shift from identification to pure prevention. Providing comprehensive exploit and malware prevention that is not designed to identify; instead, it prevents an attack before the malware can be successful.
Santa Clara, CA
  • 27
  • 60109

Traps Advanced Endpoint Protection Technology Overview

Most organizations deploy a number of security products to protect their endpoints, including one or more traditional antivirus solutions. Nevertheless, cyber breaches continue to increase in frequency, variety and sophistication. Faced with the rapidly changing threat landscape, current endpoint security solutions and antivirus can no longer prevent security breaches on the endpoint. Palo Alto Networks® Traps™ advanced endpoint protection replaces traditional antivirus with a unique combination of the most effective, purpose-built, malware and exploit prevention methods that pre-emptively block known and unknown threats from compromising a system.
Santa Clara, CA
  • 7
  • 38420

2018 NSS Labs Advanced Endpoint Protection Report

Palo Alto Networks advanced endpoint protect Traps achieved the rating of “Recommend” in the 2018 NSS Labs Advanced Endpoint Protection (AEP) Test. This test aims to determine how effectively the AEP product can protect against a threat, regardless of the infection vector or method of obfuscation. The AEP test evaluated several vendors ability to detect, prevent, continuously monitor and take action against malware, exploits, evasions and blended threats.
  • 3
  • 3140

SilverTerrier: The Rise of Nigerian Business Email Compromise

Through our analysis, it remains clear that Nigerian cyber actors will continue to expand their attacks in terms of size, scope and capabilities. According to law enforcement organizations, the exposed losses to businesses worldwide from these threat actors are now estimated to be more than US$3 billion. Given the substantial risk these actors pose, we present techniques to enable large-scale attribution efforts to combat this threat. In doing so, we demonstrate a repeatable and sustainable process to identify SilverTerrier infrastructure and put preventive measures in place prior to the first samples of malware reaching our security products.
  • 0
  • 2785

Unit 42 Report - Ransomware: Unlocking the Lucrative Criminal Business Model

Download the report to learn about the rise of ransomware, how adversaries are refining and improving their tactics, and what you can do to better defend your organization against them.
Santa Clara, CA, USA
  • 1
  • 11450