International Bank (Liberia) Limited, Liberia Africa
Cyberoam Security Allays Multiple Concerns for Internet Security in Liberian Bank
About International Bank (Liberia) Limited, BFSI

The International Bank (Liberia) Limited (IB) was formed out of International Trust Company (ITC) of Liberia. Being one of the strongest and oldest banks in Liberia with firm international standards, it is considered a leading name today in the Liberian financial market. Its management team consists of foreign and local professionals with many years of experience in banking. Its state-of-the-art technology makes service to its valued customers fast, effective and efficient. The bank has an excellent reputation among Liberian customers for extending business credit facilities and remittances.

Internet is the backbone of our frontend and back-office communications. We needed a good firewall, anti spam, and virus and content filtering.

Mr. Wonder S. Lablah
IT Manager
The International Bank

Being a leading bank with branches across various locations, IB‘s dependence on the Internet involved the following activities - Internet banking, money transfers, conducting web research and e-mails. In addition, Internet is connects the bank‘s head office at the Liberian capital, Monrovia with remote branches.

According to Mr. Wonder S. Lablah, Information Technology (IT) manager at IB, the bank identified the following business needs from a future security solution.

Simple, No-Frills Firewall

The bank already had a Linux Smoothwall firewall for ensuring perimeter security but its IT staff didn‘t want to deal with the technicalities of a command line interface. It was therefore, looking for a user-friendly, GUI-like alternative.

Safeguarding from Intrusion Attempts

IB wanted to secure its LAN, which contained sensitive banking and mail/web server residing information, from possible intrusion attacks including hacking, DoS attacks, website spoofing attempts and more.

Connecting Isolated Remote Branches

The bank did not have a dedicated leased line to provide connectivity across branches in remote locations. Mr. Lablah, therefore, was looking for a private secure communications channel over the public Internet itself, which would further ensure data traveling through it is not visible to outside entities. This would also have to be monitored over a user-friendly web-based Interface.

Regulating Web Access

The Internet was used at IB to access multiple network resources, with different passwords to be remembered, for individual applications including Outlook email, Intranets and knowledgebase portals. The staff wished a simpler system without the need to remember multiple passwords.

Also, the management wanted to ensure that the company‘s bandwidth purchase is mainly utilized for business purposes only. It was decided that staff were to be provided strictly limited Internet access during office hours with non-work-related surfing to be permitted only after work hours. They also sought to prevent access to objectionable sites and applications i.e. pornography sites, chat messengers, and social networking sites. Preventing Virus Attacks -Controlling Spam: IB Internet users had their own share of experiences with web and mail-based virus attacks which were considered a major irritant during work. According to Mr. Lablah, “Our staff was fed up of these attacks - they would regularly corrupt files on our desktops, mail multiple copies to other recipients, run adware programs without warning, slow down PCs. Besides this, our employee inboxes were regularly flooded with spam. We were eager to control these problems at its earliest.”

The Cyberoam Solution

The management was initially not too sure about how to proceed with addressing so many disparate business security concerns. They were exploring multiple security solutions when they found Cyberoam through Bluepoint Technologies, its authorized partner in Liberia. After seeing a live demo, they placed order for a Cyberoam CR50i appliance at the head office, and five CR25i appliances at remote offices. Bluepoint Technologies supplied these units to the bank and also assisted them in designing their security network, and deploying the solutions. All Cyberoam UTM appliances were deployed in gateway mode which helped them achieve the following goals.

Unified Security through One Appliance

Instead of having to run multiple security solutions for addressing different business challenges, Cyberoam Unified Threat Management appliances, through a unified GUI-based dashboard proved to be more effective for the bank‘s objectives, that too within reasonable budget.

Firewall Protection

The bank‘s perimeter was now protected through Cyberoam‘s ICSA-certified stateful inspection firewall. Compared to its earlier struggles with a CLI-based interface, the new firewall menu was more user-friendly and placed within easy reach of the administrator since it could be run directly as an option through the web GUI interface.

Access Control Limited to Internal Users:

A unique feature of Cyberoam‘s firewall is that it runs on identity-based Layer 8 protection technology. Mr. Lablah used this technology to unify access control policies and identify users directly based on username rather than through IP addresses alone. For authentication, he implemented Single-Sign-on (SSO) with Cyberoam‘s Active Directory Services (ADS) facility, mapping users and groups directly from the database. This ensures only bank employees are allowed network access, and outsiders kept at bay.

One Password, Access All

The Automated SSO feature also saves bank employees the trouble of remembering multiple passwords for different applications within the system.

Thwarting Intrusions

Since, IB had subscribed to Cyberoam UTM‘s Intrusion Prevention System feature, the administration is able to rest easy over any known and unknown intrusion attempts. With a comprehensive database of over 3000+ regularly updated intrusion signatures, this feature is able to detect any anomaly in the network across real-time, therefore safeguarding the LAN and web/mail servers.

Remote Connectivity to Head Office

With Cyberoam‘s VPN solution, Mr. Lablah was able to securely connect the isolated branches with the head office. Since, the VPN option is also enabled as a menu item on the Cyberoam web GUI interface, he is able to monitor the connectivity status at these branches from a central location

Moreover, the Cyberoam VPN link failover facility saves a lot of money and time in inquiring connectivity status for remote branches, and aiding in troubleshooting. When an Internet connection fails, this feature transparently switches traffic over to an active connection, maintaining business continuity for the entire bank operations.

Regulated Internet Usage

Prior to Cyberoam deployment, there was no control on surfing activities of IB‘s employees. However, all that has changed with Cyberoam‘s Web filtering feature which blocks millions of harmful region-specific popular sites, grouped into 82+ categories such as pornography, phishing, proxies, IMs, P2P and more.

Adds Mr. Lablah, “Not only are we happy with the fact that we no longer have to deal with phishing and other malware-laden sites, we are also able to block Internet access to our employees during working hours. They may now casually surf only once the day is over -even then, they get warning messages when they try to visit a restricted site.”

Along with curbing non-productive surfing, Mr. Lablah‘s use of Cyberoam‘s Bandwidth Management feature saves on the bank‘s ISP bills, with more effective controls on which user consumes how much bandwidth (upload and download limits) during the limited time they‘re allowed to surf the Web.

Malware - Spam Reined in

Cyberoam‘s Gateway Anti-virus feature defends the bank‘s network from newer malware variants - worms, rootkits, Trojans and many more due to ability to update in real time against such attacks. In addition, Cyberoam‘s Virus Outbreak Detection (VOD) feature protects the bank against any mail-based virus, adware, phishing attacks.

Cyberoam‘s advanced anti-spam feature enables the bank to filter all mails received over SMTP, POP3 and IMAP protocols including for different languages, characters and images. This functionality has helped bring down spam incidence from earlier levels of 30% to almost negligible now. The IB mployees were pleased to receive clean inboxes for the first time.

In Conclusion

Mr. Lablah adds, “My long term search for a very robust device that could solve most of our network hurdles has been found in Cyberoam. I can now monitor VPN connectivity at all of my remote branches from my office and manage the company‘s bandwidth with ease. Cyberoam is really very easy to deploy and use.”