Cyberoam - Extending Security cover to Dootall‘s Data
Center & Cloud based Network
About Dootall, Service Provider
Established in the year 2005, DooTall is an ICANN-accredited domain registrar and
hosting provider for shared and dedicated hosting services with over 15,000 satisfied
clients. The company provides server space they own, or leases them from other server
space providers, for use by their clients as well as providing Internet connectivity, typically
in a data center. Their Internet hosting package helps businesses and individuals get highpowered website hosting solution services at a fraction of the cost.
Dootall‘s key strength lies in providing highest customer service and maximum guaranteed
network uptime to their clients. The company has co-located all its servers at the Hengelo
& Enschede Data Center - Netherlands. Dedicated hosting server providers have to
compulsorily utilize extreme security measures to ensure the safety of data stored on their
network of servers. This was the main reason why Internet security came into picture at
We have a cloud-based network
which makes diverse applications
available anywhere, anytime. If a
system becomes unavailable for
some reason, our clients‘
operations can be impaired or can
come to a grinding halt. So we
needed a good Internet security
The security scenario in Dootall stems from extensive use of Internet for managing their
daily business activities- client companies rely on their information systems to run their
daily operations. As internet being the backbone of the business, security over the World
Wide Web becomes the primary concern for the people at Dootall.
In addition, the Dootall network has a highly evolved Cloud stack comprising infrastructure,
platform and applications. The company provides various compute and web application
services to its clients based on the Software-as-a-Service delivery model. Mr. Brat, the ITManager at Dootall says, “We have a cloud-based network which makes diverse
applications available anywhere, anytime. If a system becomes unavailable for some
reason, our clients‘ operations can be impaired or can come to a grinding halt. They face
huge problems when their operational site is down as it negatively impacts their revenue
stream and media visibility. Consequently, securing the clients‘ applications and
confidential data which reside on the Cloud has always been a high priority to us.”
They have a disaster recovery plan at another site, where the data center can be
reconstructed. A VLAN is used for Data Synchronization and backup to connect the 2
sites. Data being the most important asset for Dootall, they requires 100% uptime, where
data is constantly online and accessible.
Apart from serving external clients, some of the servers at the data center are also used
for running the basic Internet and intranet services needed by internal users in the
organization, e.g., e-mail servers, proxy servers, and DNS servers.
According to Mr. Brat, IT-Manager at Dootall, the company was facing the following
security and connectivity challenges related to its business activities.
Guarding the Network Gateway
Dootall‘s enterprise data centers contain the applications, and data that can be possibly
targeted by attacks from external entities. There are a number of Application Servers that
are deployed in the Server farm. The servers provide IaaS and Saas to the 15000
customers. Servers in their networks host clients information which had to be protected
against outside access attempts. The organization, therefore, needed a gateway firewall to
regulate user authentication and access control.
Fending Off Intrusion Attacks
“The number of intrusion attacks is so large and their sophistication so great, that Dootall
were having trouble determining which new threats and vulnerabilities pose the greatest risk
and how resources should be allocated to ensure that the most probable and damaging
attacks are dealt with first.” Mr. Bratt says. The company‘s data center housed web and mail
servers, and customer‘s data and they were under constant threat from spyware, hacking,
Denial-of-service (DoS) attacks and more. It was important for them to prevent any data loss
or data tampering from outsiders. So they were in search of an IPS tool to minimize these
Continuous Network Uptime
Data is an important aspect of business and from this perspective; the business goal is to
have continuous business connectivity. The combination of both the solutions was needed to
protect the network. Continuous Internet connectivity with no breakdown or downtime was
the most important requirement for Dootall clients. In this regard, their business goal was to
achieve redundancy, high availability, and scalability.
Recovering from Virus Attacks
Unexpected network interruptions, security breaches and computer virus attacks were
significantly harming their business, reputation and ability to attract and retain users. The
July 2009 cyber attacks, Conficker malware, Gumblar, Trojan Horse, Trapdoor and other
similar incidents indicated to Dootall‘s technical team that attackers are using hybrid attack
techniques that generally utilize multiple attack types and vectors. Some of the threats
posed by hybrid network attacks include application vulnerability, information theft,
authentication defeat, malware spread, network anomalies, application downtime, network
downtime and more.
“If we fail to maintain satisfactory performance, reliability, security and availability of our
network infrastructure, our business, reputation and ability to attract and retain users could
be significantly harmed”, Mr. Bratt said.
A perimeter level anti-virus solution was required that would protect the network, scan and
clean any malware or spyware over Web mail and scan all Web traffic to ensure the
The Cyberoam Solution
Dootall looked into a number of security products including Sonicwall in order to address
their business challenges. Previously Dootall‘s gateway was secured through a Sonicwall
appliance. However, it had to be soon replaced as they were not effectively blocking the
Gumblar and Conficker threats because of limited IPS and Ani-Virus definitions. The search
was on for a new appliance which would have a large number of IPS and Anti-Virus
definitions, while carrying more features at the same price. The company then took the
decision of replacing the existing Sonicwall device at head office in Netherlands with 4
Cyberoam 1500i UTM appliances.
Today, Dootall has Four (4) CR1500i, out of which Two(2) units are in High Availability
Gateway mode at one site; One (1) unit in Gateway mode at another site and (1) unit as
physical spare. All the appliances are subscribed for Firewall, Anti- Virus and Intrusion
Prevention subscriptions too.
The business benefits were as follows:
- The Barricade of Fire - Firewall
The Cyberoam firewall acts as the first component of a secure hosting solution. It acts as a
filter between the web server and the Internet in order to block malicious attempts to access
the server, and allow only legitimate traffic.
ICSA and Checkmark - dual certified Cyberoam‘s stateful inspection firewall now cordons off
Dootall‘s network and guards its servers against any unauthorized access. Also, employees
were able to seamlessly continue to access Internet resources, while hackers on the Internet
are kept at bay. Dootall‘s users are given controlled access to network and internet resources,
ensuring that no security loopholes are left open.
- Get Rid of Intrusions
Dootall relies on Cyberoam‘s sophisticated Intrusion Prevention System (IPS) to keep its
network & data center servers protected at all times. Cyberoam Intrusion Prevention System
monitors and blocks unwanted activity and threats. IPS maintains server uptime and protects
corporate assets, such as applications and databases. Cyberoam IPS protects Dootall‘s
Cloud infrastructure containing client applications as well as the organization‘s internal
servers from known and unknown zero-day threats by combining signature and behavioral
intrusion prevention system (IPS) protection with a stateful inspection firewall.
With a comprehensive signature database of 3000+, the company‘s Cloud applications,
internal server & data got safe from several variants of spyware attacks, spoofing and DoS
attacks in addition to keyloggers, Trojans and more. Cyberoam‘s uncompromising
commitment to security and protection helped them improve network efficiency and
Cyberoam is essential to assure business continuity and protect their servers against
network attacks, application attacks, worms and more with the latest Intrusion Prevention
- Continuous Data Availability
Cyberoam‘s Active-Active HA increases the overall network performance by load balancing
the network traffic between two Cyberoam appliances. These appliances act as the gateway,
with all their ISP links terminating on them, delivering continuity in security. In case of failure,
the load is automatically transferred to the other Cyberoam appliance, which leads to 100%
Internet uptime, and round the clock connectivity to their clients.
Dootall utilizes Cyberoam‘s clustering technology to ensure high availability. In a cluster, two
Cyberoam Appliances are grouped together and instructed to work as a single entity. It is
designed to automatically detect system or network failures and eliminates a single point-offailure by managing failover to a recovery processor with a minimal loss of end-user time.
Thus Cyberoam intelligently distribute load and/or maximize the utilization of all servers
within the cluster. This type of clustering avoids loss of service to the users or applications
that access the cluster and can occur transparently, without the users' knowledge.
- Cutting-edge Virus Protection
Cyberoam UTM drastically brought down the high incidence of virus attacks, at Dootall. It
provides real-time protection against all spyware/malware, including viruses, worms,
spyware, backdoors, Trojans, keyloggers and more. Cyberoam‘s traditional signature-based
Anti-Virus has been found by the company as the best defense for such attacks, thereby
safeguarding their extended networks.
- To Round it off
“Cyberoam UTM is a step above the conventional firewall features. The multiple functionality
of the UTM appliance can be the justification for replacing older and more basic firewalls with
the new systems. In simpler words, I can say that Cyberoam UTM is just like a blanket
security cover.” said. Mr. Bratt.