NEEPCO Depends on Cyberoam UTM for Internet Security
About NEEPCO, Government / PSU
NEEPCO is a Government of India Enterprise with projects located in the various states of the
North East. It produces pollution free and inexhaustible power through planned development of
power generation projects. It also plays a significant role in the integration and development of
hydroelectric and thermal power in the Central Sector covering all aspects such as
investigation, planning, designs, construction, operation and maintenance of hydroelectric and
thermal projects which in turn would effectively promote the development of the nation as a
With over 200+ employees, a top-notch research and development centre dedicated to
discovery research was needed. Internet is used to provide access to mail communications.
Thus internet being a key resource, the organization was looking for complete security.
The enterprise also felt a need for secure Internet connectivity and a VPN solution to create a
secure network infrastructure for its present as well as future business needs.
We needed a good VPN,
firewall and content filtering
solution, a simple one box
solution that can be easily
managed and maintained.
Mr. Dhrubajyoti Medhi
Sr. Manager (Systems)
Elucidating about the Organization’s main Internet security requirement Mr. Dhrubajyoti Medhi,
Senior Manager (Systems) of NEEPCO informed, “We needed a solution that would control
unproductive and harmful surfing.”
In summary, NEEPCO was looking for a single box solution that would offer:
Access Control and Intrusion Prevention
The organization needed a firewall and an intrusion prevention solution. The combination of
both the solutions was needed to protect the network against intentional and unintentional
intrusion attempts, and Denial of Service attacks.
Web URL Filter
The organization needed to know who was accessing what sites and as such needed an
identity based filter and reporting system that would include the user’s online behavioral audit. It
would also be required to block harmful spyware/malware infested sites.
Throttled Bandwidth – Sharing Internet
Internet access was given by default to everyone in NEEPCO. Company’s mail access was
given to everyone but selected employees were given access to specific Websites. Some users
required access to certain sites such as music, video, social networking, etc to help them in
their work. Opening up access to these sites for all users resulted in bandwidth getting“choked”. So they defined security and bandwidth management policies after taking the user’s
identity and professional profile into account. Bandwidth needs to be managed and prioritized
to achieve maximum business advantage. They wanted to ensure productive use of bandwidth.
Comprehensive Monitoring and Active Alerts
User’s internet activity and behaviour should be strictly monitored and in case of any violation,
the user and the administrator ought to be alerted proactively. The solution should not wait till
the administrator accesses the solution to shift through the reports.
NEEPCO has evolved into an organization with independent networks at 3 sites supporting
The primary challenges for NEEPCO were to provide access to sensitive data across a more
secure and stable VPN and to improve the management reporting on Internet usage and
The Cyberoam Solution
NEEPCO had experimented with Linux based proxy servers, which failed to do any sort of web
content filtering and was also a tedious manual process.
Reducing exposure to inappropriate web content at work was a key reason why NEEPCO was
in need of a good content filtering solution.
Taking a careful view of the existing products in the market, Mr. Medhi decided to deploy
Cyberoam UTM. He deployed One (1) CR300i appliance at Delhi and One (1) CR100i
appliance at their corporate office - Shilong. They also procured Twelve (12) CR50i appliances
for their branch offices and other entire North–Eastern region respectively. SSL VPN is also
being used at Delhi, Shilong & entire North Eastern region offices to connect branch offices and
head offices. Cyberoam is deployed as a transparent proxy across all the locations.
- Firewall and Intrusion Prevention
Cyberoam firewall is ICSA and Checkmark certified - provides granular access controls over
Internet traffic and the network resources. Coupled with Intrusion Prevention module, Cyberoam
UTM can counter any Denial of Service attack. Mr. Medhi now felt the network is secure.
- Premium Filtering & Bandwidth Management
“With Cyberoam’s Content Filtering Solution we can tailor filtering policies to suit our needs,”
notes Mr. Medhi. “We can even make customized policies and quickly push them out to the
users. Plus, by eliminating traffic to undesirable sites, we can free up bandwidth for legitimate
office activities.” With a database powered with 82 categories and more than 44 million sites,
Mr. Medhi has matchless flexibility to configure security policies.
- Enhanced Reporting
On-appliance comprehensive reporting is one of Cyberoam's most significant features. Reports
include ‘Internet bandwidth usage’, ‘top accessed sites’ as well as Google search reports, which
enhance the visibility of users’ online behaviour. The ‘traffic discovery’ report helps the
administrator identify the amount of bandwidth used by various applications.
- Virtual Private Network Connectivity
Cyberoam’s SSL VPN solution bridged the geographical distances between the organization’s
branch and head offices. This now ensures that the user can connect securely from any location
and use the organization’s resources. Highly encrypted traffic enforced security over the
Internet and ensures that no malware sneaks through.
- Round it off
Summarizing his Cyberoam experience, Mr. Medhi said, “Cyberoam is termed as an excellent
product that delivers exceptionally high performance and I would strongly back it as - reliable