ICAN BPO Navi Mumbai, India, Asia
Cyberoam Provides Business Critical Internet Security to ICAN BPO
About the ICAN BPO, BPO

ICAN BPO is a full service outsourced solutions provider with deep domain expertise in the areas of sales, marketing and customer relationship management. Managing customer relationships, fostering improvement and adding value to them is how ICAN enables organizations worldwide to constantly improve their business performance.

ICAN combines the latest technologies with proven business practices and expert marketing to help companies enhance their online image, create new revenue flows, streamline business processes and boost customer satisfaction. Internet is used as a lifeline as it is the principle business enabler and there can be no compromise when it comes to Internet connectivity and security, as it is the most productive resource. Thus, business cannot be run without Internet connections.

Being a BPO it is very important for us to secure our Internal Database. We work on outsourced applications and securing their data is also our prime focus. We can‘t afford to compromise on Internet security.

Mr. Sachin Borade
IT Head

Mr. Sachin Borade, (IT Head) at ICAN BPO, in explaining the scenario and their needs said, “Being a BPO it is very important for us to secure our Internal Database. We can‘t afford to compromise on Internet security. We also work on outsourced applications and securing their data is our prime focus. Our base requirement was a solution that would cater to our security needs.” Delineating the ICAN BPO‘s security needs Mr. Borade pointed out their existing requirements and the issues of their previous solution:

Access Control and Intrusion Prevention

The organization needed a firewall and an intrusion prevention solution. The combination of both the solutions was needed to protect the network against intentional and unintentional intrusion attempts, and Denial of Service attacks. The organization needed to know which applications were vying to get to the Internet. Any un-productive application ought to be blocked as Internet is not a resource that can be squandered.

Virus Control

In the absence of gateway anti virus, users surfing the Web (HTTP), transferring the file (FTP) and exchanging mail (SMTP, POP3, IMAP) were constantly exposed to the danger of malware infestation. Simple day-to-day activities were often hampered with hidden dangers. The result was that productivity suffered as the IT department had to interfere to rectify the situation.

Clean Mail

Gateway Anti Spam was required to keep mails secure and inboxes clean. The spam filtering was required to be totally automated and perform irrespective of the language and content of the mail with an absolute minimum amount of false positives - as the organization cannot afford to lose a single business opportunity by assorting a genuine mail wrongly classified as spam.

Controlling Surfing Practices

The organization needed to know who was accessing what sites and as such needed an identity based filter and reporting system that would include the users‘ online behavioral audit. It would also be required to block harmful spyware/malware infested sites. One of the most important vectors of worry was the employee productivity. The productivity might be affected while spending precious time in unproductive surfing and messaging. Mr. Borade also said “Voice being major application for us, unproductive surfing lead to choking bandwidth for voice based applications.”

He believes that Internet access is a resource that should not be wasted and so every user‘s bandwidth usage ought to be distributed and monitored using content filtering. They needed strong web filtering solutions which could control all Internet access and give informative reports on Internet usage.

Audited Internet Access

All Internet-based activities have to be logged. The logging and reporting should be identitybased and not just IP Address-based, where the administrator cannot identify the actual user behind it. The reporting should be clear and should be able to provide clear visibility to the administrator about all Internet usage and surfing patterns.

The Cyberoam Solution

ICAN BPO tested Cisco ASA, Juniper, and Fortigate but found that they were not providing on-appliance reports with the core product. They were using Cisco PIX firewall, which was configured to allow specific services and block rest of the services. Also VPN configured in PIX allowed the employees to connect to the remote networks over Internet links.

After understanding Cyberoam‘s features Mr. Borade decided to replace PIX with Cyberoam. They also found Cyberoam cost- effective compared to other products.

Mr. Borade decided to deploy CR100i as a gateway to ICAN BPO office in Navi Mumbai. The UTM blended seamlessly into the existing network. CR100i has been deployed in Gateway mode with LAN, WAN and DMZ zone securing the internal and server zone from external as well as internal threats.

One very important factor in ICAN BPO was they wanted user identity-based security and not just an IP Address-based traditional solution. Identity Based feature is very important for them as multiple users were using a single system. He has configured Cyberoam to use Active Directory for external authentication. Identity is used in Cyberoam to encapsulate the user in a security policy that follows him wherever he logs in to the network. To top it all, this feature comes at no additional cost.

The identity of a user is used as a decision parameter in Firewall, Intrusion Prevention, Anti Virus, Anti Spam, and Web Content Filtering. This ensures total Internet Security.

Access and Application Control

Mr. Borade said “We were using gateway firewall, but it only provided us with basic IP Address/Service based firewall rules. We didn‘t have any reporting tool, so we were unaware of what was happening in our network. In case of any outbreaks, it was impossible to track the source, making it difficult for us to handle our network.”

Cyberoam‘s Dual certified firewall - Checkmark and ICSA, provides access control over all the Internet traffic. Stateful inspection firewall and Intrusion Prevention solution guard the LAN and the DMZ network from unauthorized access and intrusion attempts.

All applications that tried to access Internet were logged and any un-productive application was blocked. If required, Mr. Borade can create custom signatures for custom applications. This gave him an unparallel control over all the network activities happening in the organization.

Malware and Spam Free Internet

Cyberoam‘s gateway anti virus, anti spyware and anti spam features guard all the web and mail protocols and ensure that no malware or spyware sneaks through the perimeter. Recurrent Pattern Detection (RPD) powered signature-less anti spam technology works instantly on deployment, with the least human intervention and is language independent. It blocks spam in any language regardless of the content, e.g. image, audio, video or zipbased spam. The anti spam feature is also equipped with Virus Outbreak Detection. This protects the organization against any zero day attack.

Filtering Solution

ICAN BPO installed Cyberoam not only to manage employee Internet access, but to minimize the risk of other web security threats. In addition, they chose Cyberoam to help improve employee productivity and save network bandwidth. ICAN uses Cyberoam to block access to specific category of websites. They utilize the Cyberoam‘s reporting functionality to help identify organizational risk levels for productivity, security and network bandwidth loss trends.

Cyberoam‘s content filtering database has more than 44 million sites neatly categorized into more than 82+ categories. This large number of categories permits a high degree of specificity in designing an organization‘s Internet use policy. Mr. Borade continues, “In addition, we are able to set up policies for different work groups. Cyberoam makes it easy for us to set up policies based on specific job requirements within our organization.”

Mr. Borade can now define the bandwidth as per categories. He can assign how much bandwidth a particular category can consume. Category based Bandwidth management helps him prioritize bandwidth to Business Critical applications. This gives him a molecular level control over all the Internet activities and also ensures the maximum productive use of bandwidth.

Knowing Who is Doing What?

“Comprehensive Reporting is one of Cyberoam‘s most significant features,” said Mr. Borade. The reporting feature reports details of any attempted violation, and offers appropriate functionality for the manager to keep track of the organizational activities.

The On-Appliance reporting module includes features like Traffic Discovery, Internet Bandwidth Usage Monitors, Top Accessed Categories and Google Search Reports, which enhanced the visibility of a user‘s online behavior. The active alerts and comprehensive reports help Mr. Borade to keep a tab on the Internet usage trends.

Secure Business Connectivity

The head office and branch offices have multiple ISP links. “Link failures, bandwidth choking results in loss of our customers and thus impacting our business”, Mr. Borade said. Cyberoam‘s Multilink Manager feature load balances the traffic and takes care of link failover. This ensures that the network is up and truly utilized for true business use. He can now claim maximum uptime for the customers even in case of link failures. All the sites are securely connected using Cyberoam‘s site-to-site IPSec VPN feature. On the way, it also bridges our connectivity and productivity requirements. Cyberoam gives us productivitypromoting, business-friendly security,” Mr. Borade concluded.

To Conclude

“Cyberoam had proved very useful for our organization. It has helped us to achieve what we desired. In one line we can say "Cyberoam is a solid product with some unique features - very easy to set up and manage."”, Mr. Borade concluded.