Banco Terra, Mozambique,
Cyberoam Provides Secure Connectivity
to Axiom Telecom, Saudi
About Banco Terra, BFSI
Banco Terra is a commercial bank in Mozambique with specific focus on expanding
credit and financial services to disadvantaged communities in rural and semi-urban
areas of the country. The major shareholders of the bank include Europe-based
development finance institutions - Rabobank, RfW and Norfund and GAPI-SI, a
domestic institution which promotes entrepreneurship in Mozambique by improving the
creditworthiness of SMEs and community-based organizations.
We needed a good firewall, anti
spam, and virus and content
filtering. Internet is the primary
business enabler as it is used
for back-office administration,
mailing and maintaining the
contact with the outside world.
The Banco Terra network was a new completely new implementation. Mr. Carino
Modan, the IT Manager for Banco Terra was looking for a reliable Internet security
platform to protect the bank and its users.
Says Mr. Modan, “We did not want to take any chances with our security requirements.
We were looking for a feature-rich solution which would give us maximum ROI while
addressing our major security concerns - all in a single package.” The concerns are
- Basic Perimeter Protection: The bank was looking for a gateway firewall to control
Internet traffic and prevent unauthorized access to its sensitive internal resources.
- Spam-free Email Traffic: Email was an extremely critical operation for day-to-day
business activities at Banco Terra. The bank was concerned that employee
productive time was being wasted in deleting spam messages and frequently
checking for false positives not to mention the storage space and bandwidth costs
for unwanted mails. So, they were looking for an anti-spam solution with high spam
catch rate which would scan mails across all protocols including SMTP, POP3 and
IMAP and keep false positive rate low.
The bank also wanted the solution to easily recognize spam based on images,
foreign characters and mail attachments which would be auto-adaptive in the face
of zero hour attacks, without any need for manual intervention.
- Protection against Malware: The bank was looking for a gateway anti-virus
solution to prevent both web- and email-borne malware from entering the network
and reducing IT help desk calls. In essence, they wanted to avoid problematic
situations where for example, a single spyware attack has the power to slow down
infected machines in the network while eating into business-critical bandwidth.
The bank was especially concerned about the possibility of their network being
made vulnerable to further attacks through accidental visits to malware-laden
website/blog pages or unsafe downloads. For this, they wanted their anti-virus
solution to scan viruses for HTTP and FTP over HTTP traffic on the web.
The bank was also concerned about mail-based virus, Trojan, spyware, adware and
phishing attempts and wanted a solution which could identify mass outbreaks of
such threats and proactively block them from entering the network.
- Surfing Control for Employee Productivity: The bank wanted a content and
application filtering solution to block unwanted sites while enforcing productive
surfing among employees and to prevent phishing and pharming.
- Achieving Business Continuity: The bank was looking for a solution which could
bridge the geographical distance between the head office and the six branches so
that users could securely connect from any location and use the bank‘s resources.
Also, they wanted to avoid downtime issues due to any Internet connection
breaking down. For this, they wanted the solution to be capable of automatically
routing VPN traffic through alternate Internet connections.
The Cyberoam Solution
After taking a view of other available products in the market such as Cisco ASA and
Watchguard, Banco Terra finally zeroed in on Cyberoam UTM after a proof of concept
prior to installation. According to Mr. Modan, “The main thing that impressed me about
Cyberoam UTM was that it precisely met all our business requirements while easily
fitting into our budget. Cyberoam has ensured that all aspects of IT management are
dealt with properly in our organization as a result of which, our productivity related to
banking operations has gone up.”
Banco Terra deployed three Cyberoam CR50i appliances in gateway mode at the
Head Office. Of these, the first one is being used for Internet access, the second one
for back-up and the third one to ensure VPN connectivity for branches. In addition,
they have deployed six Cyberoam CR25i appliances in gateway mode at the branch
Cyberoam UTMs deployed at Banco Terra had Firewall, VPN, Gateway Anti-Spam,
Anti-Virus & Anti-Spyware and Content Application Filtering enabled on them, leading
to the following business benefits:
- Firewall Protection:
Cyberoam‘s Stateful Inspection ICSA and Checkmark-certified
firewall acted as a perimeter security solution to protect the bank‘s sensitive
information from unauthorized outside access.
- Spam Control
Cyberoam‘s Gateway anti-spam feature enables the bank to filter all
their mails over SMTP, POP3 and IMAP protocols and automatically detect, tag,
quarantine and block spam.
With a 98% spam catch rate, Cyberoam‘s Recurrent Pattern Detection (RPD)
technology delivers real-time protection against spam outbreaks and eliminates false
positives. It is highly effective against image-based spam and spam based on foreign
- Surfing Control
Cyberoam‘s 82+ category strong web content filtering keeps the
bank‘s resources surfing productively. By customizing user identity-based policies, the
bank provides selective Internet access and surfing rights based on the user‘s working
needs. It also blocks unauthorized sites including pornography, chatting, phishing and
- Secure, Uninterrupted Business Connectivity
One of the CR50i appliances
deployed at the Head Office was used to ensure IPSec VPN connectivity along with
six CR25i appliances at branches. This allows branch office users to seamlessly
connect to the Head Office network and access their work. Thus, the bank found the
right solution to flexibly operate its business from different locations.
Threat-free Tunneling (TFT)-driven VPN ensures that all the traffic is securely
encrypted and no malware sneaks through it.
Also, Cyberoam ensures transparent VPN failover for branches in order to provide
uninterrupted connectivity for branch users. When an Internet connection fails, this
feature dynamically switches traffic over to the active connection, maintaining
uninterrupted VPN service.