Maghreb Transport and Auxiliary (MTA) Group Algeria, Africa
MTA Group uses Cyberoam to Optimize their Bandwidth by effectively Filtering Bandwidth-Intensive Applications
About Maghreb Transport and Auxiliary (MTA) Group, Manufacturing
The Transport and Auxiliary Maghrebine MTA, created in 1970, with a capital of 350 million dinars is a logistics subsidiary of the group MSC Geneva. MTA performs its activities in Algeria and abroad in the following areas such as Transit through ports and airports, Maritime transport, National and International Road transport, Recording of vessels, Ship Chartering, Handling and Storage.
MTA conducts its activities across all commercial ports in the country: Algiers, Oran, Annaba, Skikda, Bejaia, Mostaganem, Djen-Djen, Ghazaouet. It has also major projects involved in the construction of dams, and power plants.
The MTA network basically comprised of contract and confidential documents .Hence we needed a good Internet security solution.
Mr. Hocine Lachi
CIO, IT Structure,
Mr. Hocine Lachi, the CIO, IT Structure for MTA was looking for a reliable Internet security platform to protect the organization and its users. ―We needed a solution which would give us highest ROI while addressing our major security concerns – all in a single box‖, Mr. Lachi said. The concerns are listed below.
Basic Perimeter Protection & IPS
Due to the multitude of personal data held in the IT systems — ranging from competitive pricing and staff payrolls to customer details — it is crucial for MTA Group to ensure the highest level of security internally as well as to its customers. This sensitive information was under constant threat from spyware, and DoS attacks and many more. It was also significant to put a stop to any incident of communication loss or data tampering due to eavesdropping attacks from outsiders. So they needed a strong Firewall and IPS solution to fight against these attacks.
Indiscriminate surfing led to productivity loss and provided a potent vector for the malware to enter the company’s networks. So while the surfing needed to be curbed, the Internet traffic also needed to be sanitized. The organisation was especially concerned about the possibility of their network being made vulnerable to further attacks through accidental visits to malware-laden website/blog pages or unsafe downloads. These malware enters the gateway in the form of mail traffic, unsafe data transfer, and unsafe surfing as well as browsing. These attacks had the potential to modify productive documents and knock down significant data. Simple routine activities were often hampered when such malware did infiltrate the system. As a result the productivity suffered.
A boundary level anti-virus solution was required that would protect the network, scan and clean any malware or spyware over Web mail and scan all Web traffic to ensure the contents’ sanctity.
Loss of Productivity & Choked Bandwidth
MTA faced a bandwidth crunch because the available bandwidth wasn’t being used optimally. Users in the management category as well as employees were using the Internet for both official and non business related purposes, which led to bandwidth being choked to an extent that it was difficult to access corporate applications. The organization wanted to monitor and restrict its users from accessing unproductive sites such as Music, Video, Social networking & Streaming media. Phishing, Pharming and nasty Websites also needed to be plugged away. That is when the company began to look for a URL filtering solution.
Business Continuity Concerns
One major issue was the connectivity problem. "If Internet was down we have to stop our routine activities," Mr. Lachi said grimly. To avoid a single point of failure, multiple locations had multiple ISP links. So, multiple ISP links load balancing, and failover is also a critical need. The VPN Clients used to connect to the parent network were extremely unreliable.
The Cyberoam Solution
MTA Group looked into a number of security products including Microsoft ISA Server in order to address their business challenges. The search was on for an appliance which would take care of their all above requirements. The company then deployed One (1) CR 50ia at the head office in Reseau and Two (2) CR35ia at their Branch Office in Hamiz and Oran. All the appliances are deployed in Gateway mode.
The business benefits were as follows:
- User Integration
Cyberoam UTM adds up with a unique identity-based security solution which protects against insider threats by giving absolute visibility into ―Who is doing What‖ in the network and allows creation of user identity-based policies. Mr. Lachi used Cyberoam’s Active Directory (AD) facility to achieve the task of integrating MTA’s users in the network through a wizard to trade in users.
- Firewall Protection
ICSA and Checkmark - dual certified Cyberoam’s stateful inspection firewall now cordons off MTA’s network against any unauthorized access. MTA’s users are given controlled access to network and internet resources, ensuring that no security loopholes are left open.
Mr. Lachi used default IPS policies from the firewall rule to protect the network from DoS and spoofing attacks and other exploits. He also used IPS to protect their network, client’s information, and other confidential data from intrusion attempts.
With a comprehensive database of 3000+ IPS signatures, Mr. Lachi now feels that the organizations data is well protected from several variants of spyware attacks, spoofing and DoS attacks in addition to key-loggers, Trojans and more. Cyberoam’s hardnosed promise to security and protection aided them perk up their network efficiency and performance.
- Virus Protection
Cyberoam’s gateway anti virus and anti spyware features lookout all the web and mail traffic – SMTP, IMAP, POP3, HTTP, HTTPS and FTP protocols and make sure that no malware or spyware creeps through the edge. Additionally, the anti-virus blocks attachments for specified file types such as executables, media files, PDF, zipped files etc. before these blended threats can demolish the network.
- Effective Filtering & Optimum Utilization of Bandwidth
MTA installed Cyberoam not only to manage employee internet access, but to minimize the risk of other web security threats. In addition, they chose Cyberoam to help improve employee productivity and save network bandwidth. MTA uses Cyberoam to block access to specific types of websites.
After installing Cyberoam as their new filtering solution, MTA was able to better customize their internet access policies. ― We’ve been able to fine tune our policies because Cyberoam is more granular than the Microsoft ISA Servers we were using. We’ve got better at blocking based on the specific needs of our organization, and we’ve also got better at allowing appropriate sites,‖ said Mr. Lachi.
Cyberoam’s content filtering database has more than 44 million sites neatly categorized into more than 82 categories. With identity and time as additional parameters, he has granular control and unparallel flexibility in implementing the company’s strict policy of content access over the Internet. This large number of categories permits a high degree of specificity in designing an organization’s internet use policy. Mr. Lachi continues, ―In addition, we’re able to set up policies for different work groups. Cyberoam makes it easy for us to set up policies based on specific job requirements within our organization.‖
All harmful and unproductive surfing is blocked. No P2P or Instant Messenger application is allowed to be downloaded or used inside MTA.
- Business Continuity Restored
Cyberoam supports more than two WAN links. Here in MTA, multiple ISP links were load balanced ensuring business continuity as per Mr. Lachi’s requirements. The link failover feature ensures that in case of a link failure, another one takes over automatically to ensure total business connectivity.
SSL VPN turned out to be an unforeseen benefit. The organization has now adopted Cyberoam’s SSL VPN to ensure end-to-end business connectivity. The level of reliability is simply awesome.
- Improved reporting – “Who is doing What?”
One more additional feature of Cyberoam, attractive to MTA was its powerful reporting capability. The reporting feature logs and reports details of any attempted violation, and offers appropriate functionality for the Mr. Lachi to keep track of the organizational activities.
To round it off Mr. Lachi stated, ―Cyberoam’s excellent Web Content Filtering Solution and reporting capabilities are the reason we chose it. The solution is good value for money and requires minimum administrative effort.