SAPTA Algeria, Africa
SAPTA Banks on Cyberoam for Internet Security
About SAPTA (Algerian Society of Civil Works of Art), Engineering
The Public Enterprise Economic SAPTA is a corporation, with a capital of 1,200,000,000 dinars. Established on 6th August, 1983, in succession to the former Algerian Society of Civil Works of Art (Joint venture), it rose to the status of EPA decision by the National Planning Council of 05 August 1989.
Sapta specializes in design and construction of bridges, viaducts, bridges of reinforced concrete, prestressed and composite deck (metal beams and concrete slab), construction of industrial buildings and socio-economic structures.
The network covered sensitive information which was under constant threat from spyware and DoS attacks. So they needed a strong Firewall and IPS solution.
Mr. Mustapha Belkacemi
The IT Director, Mr. Mustapha Belkacemi at SAPTA outlined the basic requirements saying, "Internet is one of the most business critical resources for our organization"
Mr. Belkacemi was looking for a single box solution that would offer:
Securing the Perimeter & Warding off Intrusion Attacks
SAPTA wanted to protect their servers by a strong firewall solution and access control management over all the WAN network resources.
They were also looking for an IPS tool to minimize the chances of cyber-criminals gaining visibility of internal network resources through hacking, remote exploits, Denial-of-service (DoS) attacks and other unpredictable attacks. The management was concerned that even a single successful intrusion could lead to unbearable consequences for their business. Moreover, any black-out of the network due to a DoS attack could cause the company to suffer significant revenue losses.
Reducing Malware and Spam prevalence
SAPTA had no proper security solution in place. This presented the organisation with all the network problems such as viruses resulting in computer network down time; spam taking up necessary network bandwidth and more importantly, undesirable pornographic content directly targeting employees inboxes. Thus they needed to protect employees from undesirable content. They decided to tackle the issue on by implementing an effective anti-virus and anti-spam solution that detects and removes spam and viruses before they reach the organisation’s network thus preventing unnecessary emails ever reaching the inbox.
Loss of Productivity & Limiting Bandwidth Usage
The Internet is a Jungle. To maintain and enforce Internet surfing discipline within the organization, Mr. Belkacemi wished to control unbridled surfing and downloads. All P2P applications, Instant Messengers and other unproductive application downloads and usage were to be curtailed. Phishing and pharming sites were to be blocked and productive surfing and business critical applications were to be given priority in bandwidth usage.
SAPTA was facing the issue of bandwidth unavailability. "We had employees who would constantly download music, videos and other bandwidth intensive content. This essentially meant that quite often very little bandwidth was available for actual work," said Mr. Belkacemi. Thus, bandwidth needs to be managed and prioritized to achieve maximum business advantage. They wanted to ensure productive use of bandwidth and define bandwidth management policies after taking the user’s identity and professional profile into account.
Business Continuity Concerns
SAPTA has evolved into an organization with independent networks at remote sites supporting many users. The primary challenges for SAPTA were to provide access to sensitive data across a more secure and stable VPN. Internet is relied on profoundly to allow remote sites VPN access back to the main office.
Another major issue was the connectivity problem. "If Internet was down our business activities would come to a halt," Mr. Belkacemi said. To avoid a single point of failure, multiple locations had multiple ISP links. So, multiple ISP links load balancing, and failover is also a critical need.
The Cyberoam Solution
Mr. Belkacemi studied the market carefully and tested out many other products but they found that Cyberoam was cost- effective compared to the other products. The most important point to swing the final procurement decision was that, despite being a cost effective solution, SAPTA did not have to compromise on its wish-list and quality.
After much analysis, they decided to deploy Five (5) Cyberoam CR35ia appliances, One (1) CR35ia appliance at the head-office and Four (4) CR35ia appliances are deployed at each of their branch offices across the country. All the appliances were deployed in Gateway mode.
The business benefits were as follows:
- Integrating Premium Pension Users
Cyberoam UTM comes with a unique identity-based security solution which protects against insider threats by giving complete visibility into "Who is doing What" in the network and allows creation of user identity-based policies. Mr. Belkacemi used Cyberoam’s Active Directory (AD) facility to achieve the task of integrating SAPTA users in the network through a wizard to import users.
- Perimeter Secured – Intrusions Eliminated
Cyberoam’s ICSA and Checkmark - dual certified firewall offers stateful and deep-packet inspection, by protecting SAPTA’s internal networks from DoS attacks and IP spoofing attacks.
Cyberoam’s Intrusion Prevention System has a customized database of over 3000+ signatures which reach deeper than a firewall and anti-virus to ensure second level protection for the SAPTA’s network from blended threats, backdoor attempts and more.
- Gateway Anti-Virus and Gateway Anti-Spam
Cyberoam Gateway Anti-Virus and Anti-Spam solutions, watch over all the web (HTTP, FTP) and mail (SMTP, POP3 and IMAP) transactions. This ensures that the network is sanitized and all the inboxes are clean.
By deploying Cyberoam, SAPTA has seen a significant improvement in Web traffic between its offices. The company’s bandwidth is now functioning at an optimum capacity, as the Cyberoam gateway blocks the spam before it can enter the network. The IT team at SAPTA has seen a decline in spam—from 75% to almost nil. Cyberoam's Gateway Anti-Spam solution now checks all inbound and outbound mails for spam. Irrespective of the language and the content of the mail, spam is detected and action is taken.
The anti-spam solution also has a unique feature - Virus Outbreak Detection (VOD). Using this feature, Cyberoam detects and blocks any zero day attack and vulnerability exploits. After installing Cyberoam, the inboxes were clean and spam free. This situation is also reflected in the saved bandwidth.
- Productive Surfing Enforced
In order to solve the problem of unrestricted surfing in the organization, Mr. Belkacemi configured Cyberoam’s web content filtering feature which selectively blocks web access in the organization without affecting productivity. This is done through Cyberoam’s constantly updated database of millions of filtered sites divided into 82+ categories including pornography, P2P, entertainment and job search.
The users are now able to access only those sites which are permitted by IT guidelines of the organization whereas all unauthorized sites are prohibited. The filtering blocks all malware-laden sites, P2P, Instant Messengers, illegal audio, video, streaming media and other bandwidth-guzzling downloads. Phishing and pharming sites are also no longer a cause of concern.
- Uninterrupted Business Connectivity
Cyberoam UTM’s IPSec VPN solution bridged the geographical distances between the branch and head offices. This now ensures that the user can connect securely from any location and use the resources. Threat-free Tunneling technology in the VPN ensures that all the traffic is scanned for malware and encrypted.
As the organization has two ISP links, they have used Cyberoam's multi-link management feature to load balance the traffic between the two ISP links and also provide a failover option. Both these ISP links terminate directly on Cyberoam. This feature guarantees SAPTA with total business connectivity.
- To Wrap Up
"Cyberoam is an ideal fit, One Box solution for our total connectivity, productivity and security needs. We are glad to have a solution that has helped our company protect against evils as Internet-related threats." Mr. Belkacemi rounded off the discussion with these remarks.