Leadway Assurance Company Limited Lagos, Nigeria, Africa
LEADWAY ASSURANCE Relies on Cyberoam for its Network Security
About Leadway Assurance Company Limited, BFSI
Established in 1970 by Sir Hassan O. Odukale, LEADWAY ASSURANCE COMPANY LIMITED ("LEADWAY") is one of Nigeria's foremost insurance companies, with a reputation for service efficiency and customers' reliability. It has a chequered history of being a company with close attention to relationships, having started operations as a direct motor insurance company.
The pivotal point at Leadway is "the customer" and the company has enjoyed a steady growth in its commitment to providing integrated insurance and financial services to its numerous customers.
We were looking for a solution that would control unproductive and harmful surfing.
Mr. Henry Okonji, Head,
Engineering, IT Department,
According to Mr. Henry Okonji, Head, Engineering, IT Department at Leadway, the company was facing the following security and connectivity challenges related to its business activities.
Safeguarding the Network Periphery
The Leadway’s network basically comprised of contract document and other client sensitive information with no focused gateway security sketch that can be possibly targeted by attacks from external entities and outside access attempts. The organization, therefore, needed a gateway firewall and an IPS solution. The combination of both the solutions was needed to protect the network against intentional and unintentional intrusion attempts, and Denial of Service attacks.
Controlling Malware & Spam Numbers
In the absence of gateway antivirus, users surfing the Web (HTTP), transferring the file (FTP) and exchanging mail (SMTP, POP3, IMAP) were constantly exposed to the danger of malware infestation. These malware attacks which often took a blended form through email attachments, PDF, design documents etc had the potential to alter constructive files and demolish significant data. Simple day-to-day activities were often hampered when such malware did infiltrate the system. As a result the productivity suffered as the IT department had to interfere to rectify the situation.
The spam filtering was required to be totally automated and perform irrespective of the language and content of the mail with an absolute minimum amount of false positives - as the employees cannot afford to have spam mails in the mail boxes.
A perimeter level anti-virus and anti-spam solution was required that would protect the network, scan and clean any malware or spyware over Web mail and scan all Web traffic to ensure the contents’ sanctity.
Filtering over the Web
With hundreds of employees accessing the Internet at any one time, Leadway had growing concerns to protect its employees and network. The company has a responsibility to protect all employees, from inappropriate content on the internet. They needed a flexible web filtering solution to allow them to set different access levels for employees and management. It had then become evident that the company needed a more customized product to better manage Internet access.
Continuous Internet connectivity with no breakdown or downtime was the most important requirement for Leadway ICSA and Checkmark - dual certified Cyberoam’s stateful inspection firewall solution cordons off Leadway’s network and guards its servers against any unauthorized access. Cyberoam’s 82+ category strong Web Content filtering technology kept the organization’s internet resources productively focused.
Also, opening up access to all sites for all employees resulted in bandwidth getting “choked”. So they defined security and bandwidth management policies after taking the user’s identity and professional profile into account. Bandwidth needs to be managed and prioritized to achieve maximum business advantage. They wanted to ensure productive use of bandwidth.
Business Continuity Concerns
One major issue was the connectivity problem. "If Internet was down our business activities would come to a halt," Mr. Okonji said grimly. To avoid a single point of failure, multiple locations had multiple ISP links. So, multiple ISP links load balancing, bandwidth management and failover is also a critical need.
The Cyberoam Solution
In order to address their business challenges, Leadway looked into a number of security products and after seeing a trial demo of Cyberoam, they took the decision of replacing the existing Microsoft ISA 2006 servers at the head office in Lagos with a Cyberoam CR500ia “accelerator” series UTM appliance. The appliance was deployed in gateway mode.
The business benefits were as follows:
- Perimeter Secured – Intrusions Eliminated
Cyberoam’s ICSA and Checkmark - dual certified firewall offers stateful and deep-packet inspection, by protecting Leadway’s internal networks from DoS attacks and IP spoofing attacks.
Cyberoam’s Intrusion Prevention System has a customized database of over 3000+ signatures which reach deeper than a firewall and anti-virus to ensure second level protection for the Leadway’s network from blended threats, backdoor attempts and more.
- Virus & Spam Protection
Cyberoam’s gateway antivirus and anti spyware features lookout all the web and mail traffic – SMTP, IMAP, POP3, HTTP, HTTPS and FTP protocols and make sure that no malware or spyware creeps through the edge. Additionally, the anti-virus blocks attachments for specified file types such as executables, media files, PDF, zipped files etc. before these blended threats can demolish the network.
Recurrent Pattern Detection (RPD) powered signature-less anti spam technology works instantly on deployment, with the least human intervention and is language independent. It blocks spam in any language regardless of the content, e.g. image, audio, video or zip-based spam. The anti spam feature is also equipped with Virus Outbreak Detection. This protects the organization against any zero day attack.
- Browsing Check Accomplished
Prior to Cyberoam deployment, there was no control on sites visited by Leadway’s employees. However, all that changed with Cyberoam’s Web filtering feature which ensures protection from inappropriate and insecure Web content, including phishing and other malware-loaded sites.
Cyberoam’s constantly updated database of millions of sites is divided into 82+ categories which includes pornography, P2P, entertainment and job search. By customizing user identity-based policies, the administrator provides selective Internet access and surfing rights based on the user’s working needs. “I can now prioritize the organization’s bandwidth usage as per business requirements with more effective controls on which user consumes how much bandwidth (upload and download limits) during any time of the day”, said. Mr. Okonji. This helped the organization in controlling the user behavior on the Internet.
- Business Continuity Restored
Driven by business need of organization’s connectivity over Internet, Leadway has two (2) ISP links. Cyberoam’s Multi-Link Manager intelligently load balances the traffic and manages link failover between the two (2) broadband links. These links terminate on Cyberoam. The Multi-Link Manager constantly monitors the performance of the links. In case of a link failure, the load is automatically transferred to the working link, seamlessly, which leads to 100% Internet uptime, and round the clock availability of requisite bandwidth. In case of a link failure, Cyberoam automatically switches the traffic to the working link. So the organization gets a transparent multilink management with no human interference. On the way, it also bridges our connectivity and productivity requirements.
- Useful Reporting
Cyberoam’s reporting feature gives overview of what the users are up to in the network, including blocked sites visited, time spent on each site. According to Mr. Okonji, this has led to increased productivity as the staff knows that they are being monitored or restricted from accessing blocked sites.
Gaining easy visibility into applications with user name, source, destination, period and extent of usage, enabling them to zero in on rogue users and systems easily is the best part of Cyberoam UTM.”