Almabani Jeddah, Saudi Arabia Middle East, Asia
Cyberoam Forms the Internet Security Cornerstone for Leading Construction Co. - Almabani
About Almabani, Construction

Almabani - one of the leading construction companies of Saudi Arabia was established in Jeddah in October 1972 by H.E. the late Sheikh Kamal Adham. With the oil boom exploding soon after, Almabani was ideally placed to participate in the execution of prestigious landmark projects across the Kingdom. Apart from Saudi Arabia, the organization has it presence in Lebanon and Qatar. The turnkey project participation ranges from major high rise buildings, ministries, sewage projects, laboratory research and development centers, airports and defense establishments.

Being one of the prominent infrastructure developers of the region, Almabani depends on the Internet to bridge the geographical divide and provide seamless back-office integration with its construction sites. Internet is used to provide access to mail communications and the range of application servers deployed across the region. Thus internet being a key resource, the organization was looking for gateway level security.

“We need to control surfing, manage bandwidth and multiple ISP links and secure the network against malware and spam onslaught. We wanted all these solutions in one box.”

Mr. John Lincoln
IT Director

Speaking of the key criteria that the organization was looking for, Mr. John Lincoln, the IT Director at Almabani stated, “We had four requirements: reign in un-controlled internet usage, manage the bandwidth and multiple WAN links and secure our network against malware infiltration through the gateway across multiple locations.”

Dwelling into the depths of the requirements:

1. Reign in Unbridled Surfing:

In the absence of a Web content filtering solution, the employees at the head office and branches surfed the internet at the cost of productivity. In many instances, screen-savers and other non-work related applications were downloaded. These applications can often injected spyware into the network. The spyware ate into precious bandwidth and also could have brought the network down to a grinding halt. Malware infected machines could have slowed down and infected other machines. This would lead to numerous house-keeping calls to the IT department.

2. Protection against Malware:

Infiltration by virus, worms, spyware, Trojans, keyloggers and other malware was a reality. Perimeter level protection became imperative to check malware infiltration and intrusion attempts. The organization was looking for a better gateway level anti virus, anti spam and intrusion prevention solution that could guard the Web (HTTP, FTP) and mail (SMTP, POP3, IMAP) traffic. With multiple business critical servers deployed by the organization, a new firewall and intrusion prevention solution was required to protect them.

3. Optimal Bandwidth Utilization:

Almabani has multiple business critical servers that are accessed over the Internet. Mr. Lincoln wanted to prioritize bandwidth for business critical applications while fixing a certain amount for Internet surfing.

4. Multiple WAN Link Management:

The organization‘s head office has four (4) Internet links to ensure total and uninterrupted connectivity. Mr. Lincoln needed a solution that can provide him with the following features:

  • The organization needed to distribute the total surfing, mailing and business critical application load amongst all the four WAN links.

  • In case of a WAN link failure, the traffic on the link should be seamlessly transferred to the other working links. This feature was imperative for total business connectivity.

The organization implemented software-based solutions like Linkwall for site content filtering and BorderManager for firewall. But they were not satisfied with the final results. They switched to Untangle, the Open Source software-based UTM. The installation failed due to lack of technical support.

The Cyberoam Solution

Mr. Lincoln then turned to an appliance-based solution. After careful evaluation, Almabani has acquired seven (7) CR UTM appliances. The CR500i is deployed in the head office at Jeddah. Another CR100i is deployed at a construction site in Jeddah. Two CR50i UTM appliances are deployed in two different sites in Riyadh. One CR50i is deployed in Beirut, Lebanon. One 25i Cyberoam appliance is deployed at Najran and Khobar each. In all, Almabani has purchased seven appliances. All the appliances are deployed in the gateway mode. With simple GUI and, secure and hassle-free remote access, the network administrator can manage all the appliances centrally. All our appliances are now tuned to follow a common corporate policy for Internet access.

Cyberoam’s deep inspection firewall is also equipped with protection against Denial-ofService attacks. Coupled with Intrusion Prevention feature, the firewall secures mail, web and other business application severs deployed in their respective DMZs.

The Web content filtering solution is powered by more than 44 million URLs classified in 86 categories. This provides the administrator with unparalleled flexibility to control surfing. All unbridled surfing has since stopped, so have unauthorized downloads. Web sites that do not comply with the organization’s Internet surfing policy are out-ofbounds for all and sundry. Access to all web-mail and social networking sites is strictly regulated. Use of messengers is also regulated and logged. HTTPS based sites are also filtered.

Cyberoam’s gateway anti virus and anti spam features guard all the web and mail protocols and ensure that no malware or spyware sneaks through the perimeter. The anti spam feature is also equipped with Virus Outbreak Detection. This protects the organization against any zero day attack.

The Bandwidth management feature of Cyberoam provides granular controls to allocate specific bandwidth to specific services. The administrator can also choose to prioritize bandwidth as per the business requirements.

The Cyberoam UTM Appliance deployed at Jeddah based head office, load balances between four (4) ISP links. The outgoing as well as the incoming traffic is load balanced. Cyberoam also provides server load balancing feature that ensures optimal bandwidth utilization. Under this feature, all the inbound and outbound traffic is load balanced by the UTM to distribute it amongst all the servers. Cyberoam’s WAN link failover feature intelligently detects a link failure and redirects the traffic to the working links to ensure total connectivity.

Summing up, Mr. Lincoln said, “Cyberoam has indeed played a positive role by allowing us to prioritize legitimate internet traffic and increasing productivity. It also provides security from new threats and virus outbreaks.”