Vodacom Tanzania Limited
Dar Es Salam Tanzania Africa
Cyberoam Provides Vodacom Tanzania with a Comprehensive
Internet Security Cover
About Vodacom Tanzania, Cellular Network
Vodacom Tanzania Ltd is the leading cellular network in Tanzania with around 6M
subscribers. In the corporate head-office situated at Dar Es Salam, Vodacom needed a
comprehensive Internet security solution to maintain its lead position in the cellular
Internet is the primary business
enabler as it is used for backoffice
and maintaining the contact
with the outside world. We
needed a firewall rich in
features and with best
performance. We also needed
anti-spyware, anti-spam, as
well as web and content
filtering, intrusion detection and
Mr. Saidi Buhero
Manager, Data Networkst
(IP Networks Dept.)
Vodacom Tanzania Limited
Mr. Saidi Buhero, the Manager - Data Networks (IP Networks Department) and Mr.
Musa Gama, the Senior Network Administrator at Vodacom, while enumerating their
needs said, “We needed a firewall rich in features and with best performance such as
firewall throughput in Mbps, Virus protection features such as anti-spyware, anti-spam,
as well as web and content filtering, intrusion detection and prevention. Internet is the
primary business enabler as it is used for back-office administration, mailing and
maintaining the contact with the outside world. In the era of blended threats, if our
network is crippled, our business can come to a grinding halt.”
Dwelling in to the depths of Vodacom’s needs Mr. Buhero elucidated:
Defense at the Perimeter
The first step to perimeter defense is a firewall. There are
multiple Web and mail servers deployed in the DMZ of the organisation. The
organisation needed a robust solution that provides access control over its Internet
traffic. They also needed an Intrusion Detection and Prevention feature coupled with
the firewall to ensure that all internal and external intrusion attempts by malware and
individuals can be blocked. This combination should also protect Vodacom against any
Denial-of-Service attacks launched from within or without the organisation.
Filter the Web
To maintain and enforce Internet surfing discipline for around 500
active Internet users within the organization is a daunting task. Mr. Buhero wished to
contain unbridled surfing and downloads. All P2P applications, Instant Messengers and
other unproductive application downloads and usage were to be curbed. Blended
threats need to be tackled at multiple levels. Phishing and pharming sites were to be
blocked and productive surfing and business critical applications were to be given
priority in bandwidth usage.
Protection against Malware and Spam
Viruses, trojans, worms, spyware and rootkits
should be blocked at the gateway. All malware entering the organisation’s network
through web surfing and file transfer had to be curtailed. Spam targeted at Vodacom
was to be neutralized at the gateway and the mail traffic sanitized.
Knowing Who is Doing What
All this control enforcement has to be backed up by a
strong logging and reporting solution. This feature is needed to check the efficacy of all the security measures that are being put in place.
The Cyberoam Solution
Mr. Buhero and Mr. Gama carefully studied the market for viable solutions. After careful
scrutiny, they decided to deploy a fully bundled Cyberoam 1500i at the Dar Es Salam
head-office in Gateway mode. The Cyberoam appliance blended seamlessly into the
existing network without much ado.
For external authentication, Cyberoam is integrated with Active Directory and Single
Sign-On has been implemented.
Hence when a user logs in to his / her machine, the login is transparent to Cyberoam
too. Cyberoam is a fully Identity aware solution where identity is used as a decision
parameter across all its features. This enables the administrator to formulate Identitybased
security policies and the user is firmly ensconced in a security bubble
irrespective of the machine through which he logs in the network.
- Firewall and Intrusion Prevention
Cyberoam’s Dual certified firewall – Checkmark
and ICSA, provides access control over all the internet traffic. Stateful inspection
firewall and Intrusion Prevention solution guard the LAN and the DMZ network from
unauthorised access and intrusion attempts.
- Filtering the Web
Cyberoam's identity-based filtering feature enables the
administrator to assign Internet access rights to users as per their professional profiles
and designations. The content filtering database has more than 44 million sites neatly
grouped into more than 82 categories. With identity and time as additional parameters,
the administrator has granular controls and unparalleled flexibility. Web-mail, Spyware,
phishing and pharming sites are blocked to ensure that no employee is duped into
compromising his or her personal and professional information. P2P, unauthorised and
illegal downloads are now out of bounds for all employees. Using a combination of
identity, IP address, service and time schedules, the administrator can now create
policies to allow controlled access to a few unproductive sites during stipulated time
periods. All downloads of Instant Messengers have also been blocked.
- Neutralizing Malware
Cyberoam’s gateway anti-virus solution watches over the Web
and mail traffic. All traffic, including HTTP and FTP and mail traffic over SMTP, IMAP
and POP3, is scanned for malware and sanitised. All compressed files are
decompressed and checked for any hidden malware. This level of all-round anti-virus
security prevents virus outbreaks and translates into fewer housekeeping calls to
Vodacom’s IT department.
- Spam Slips through No More
Cyberoam's gateway anti-spam solution now checks all
inbound and outbound mails for spam. According to the initial requirement, it is truly a
'Configure and Fire’ solution. With a spam detection rate of 98% and a false positive
rate as low as one false positive per 100,000 mails, Cyberoam's spam filter ensures
that Vodacom’s in-boxes are spam-free and no mail-based business opportunities are
All this efficiency is achieved by the solution's inherent adaptive intelligence,
irrespective of the language and the content of the mail.
The anti-spam solution also has a unique feature - Virus Outbreak Detection (VOD).
Using this feature, Cyberoam detects and blocks any zero day attack and vulnerability
exploits. After installing the Cyberoam solution, the number of spam attacks dropped to
almost nil and the inboxes were clean and spam free. This situation is also reflected in
the saved bandwidth.
- Finding Who is doing What
On-appliance comprehensive reporting is one of
Cyberoam's most significant features. Reports include ‘Internet bandwidth usage’, ‘top
accessed sites’ as well as Google search reports, which enhance the visibility of users’
online behaviour. The ‘traffic discovery’ report helps the administrator identify the
amount of bandwidth used by various applications. This also helps the administrator to
fine tune the entire solution for optimum business benefit.
Jointly voicing their views, Mr. Buhero and Mr. Gama said, “Cyberoam is a robust and
potent solution which is simple to configure and easy to manage. It definitely has a
productive impact on the entire organisation. We at Vodacom are happy with our
decision to invest in Cyberoam and plan to procure and deploy more such appliances in
future in our network.