Saudi Engineering Group International (SEGI) Saudi Arabia, Asia
Saudi Engineering Group International (SEGI) Banks on Cyberoam for Internet Security
About Saudi Engineering Group International (SEGI), Construction & Engineering

Saudi Engineering Group International (SEGI) is a multidisciplinary engineering company belonging to Al-Saihati Group of Companies, established by Dr. Engr. Abdullah Ali Al-Saihati, the pioneering industrialist of the Eastern Province in Kingdom of Saudi Arabia.

They are also involved in Design, Engineering and Consultancy in the fields of Hydrocarbons, Petrochemicals, Power Generation, Transmission and Distribution, Water Resources Development and Management, Communication Systems, Commercial Projects and Light Industry.

SEGI has gained reputation among its clients by providing highly professional and skilled manpower for their various projects.

SEGI servers contained applications and data which were under constant threat from spyware attacks. So they needed a strong Firewall solution.

Mr. Muhammed Shafeekh
IT Head

The group was looking for one box, simple to manage perimeter defense. Mr. Muhammed Shafeekh, the IT Head for the group while explaining about the need of Internet Security, said: “We need internet for back office administration, email, FTP, to monitor staff movements, ERP and VPN etc. We were looking for a solution that was robust, flexible and still easy to manage.”

Basic Perimeter Defense

A Deep Packet Inspection Firewall was needed to control the Internet access. They also wanted to regulate the exposure of the servers placed across all their networks in the DMZ, to the external world, in addition to auditing them.

Spam Menace

Spam and blended threats consisting of spyware and Trojans were the prime source of concern. Almost 90% of the total mail traffic was spam. Most of the time, the organization's network were clogged with un-wanted and un-solicited mails. Often genuine mails were wrongly classified as spam – false positives and deleted while spam still poured in. These mails not only cost them in terms of storage space, but also wasted staff's valuable time and efforts. SEGI was concerned about the spam problem as it would not only eat into precious bandwidth, but would also pose storage crisis.

Regulating Surfing Behavior

As one of their most critical issues, SEGI wanted to raise workplace productivity by putting a complete end to indiscriminate Internet surfing by its internal users. It also wanted the solution to ensure precious bandwidth is not wasted on downloads of audio, video and streaming files and nuisance applications like Yahoo Messenger and instead, diverted to more productive use. Moreover, Mr. Shafeekh knew, unbridled surfing represented an added layer of threat through malicious sites such as phishing and pharming which had to be resolved.

VPN Connectivity

SEGI has evolved into an organization with independent networks at remote sites supporting many users. The primary challenges for SEGI were to provide access to sensitive data across a more secure and stable VPN. Internet is relied on profoundly to allow remote sites VPN access back to the main office.

The Cyberoam Solution

The organization was cautious and did an extensive market survey and a few Proof-of-Concept tests to find out the most appropriate solution to fulfill their demands. They then took the decision of deploying One (1) CR100i at the head office and One (1) CR50i, and Three (3) unit of CR25ia at the branch offices in Jeddah in Gateway mode.

The business benefits are as follows:

  • User Integration

    Cyberoam UTM adds a feather to its cap with a unique identity-based security solution which protects against insider threats by giving absolute visibility into “Who is doing What?” in the network and allows creation of user identity-based policies. Mr. Shafeekh at SEGI used Cyberoam's Active Directory (AD) facility to achieve the task of integrating SEGI's users in the network through a wizard to trade in users.

  • Guarding the Network Gateway

    SEGI's servers contain the applications, and data that can be possibly targeted by attacks from external entities. Servers in their networks host client's information which had to be protected against outside access attempts. Cyberoam ICSA and Checkmark Certified firewall provides granular access controls over Internet traffic and the network resources.

  • Gateway Anti-Spam

    Cyberoam's Recurrent Pattern Detection (RPD) powered signature-less anti spam technology works instantly on deployment, with the least human intervention and is language independent. It blocks spam in any language regardless of the content, e.g. image, audio, video or zip-based spam. The anti spam feature is also equipped with Virus Outbreak Detection. This protects the organization against any zero day attack.

  • Productive Surfing Enforced

    In order to solve the problem of unrestricted surfing in the organization, Mr. Shafeekh configured Cyberoam's web content filtering feature which selectively blocks web access in the organization without affecting productivity. This is done through Cyberoam's constantly updated database of millions of filtered sites divided into 82+ categories including pornography, P2P, entertainment and job search. The filtering blocks all malware-laden sites, P2P, Instant Messengers, illegal audio, video, streaming media and other bandwidth-guzzling downloads. Phishing and pharming sites are also no longer a cause of concern.

  • VPN Connectivity

    Cyberoam UTM's IPSec VPN solution bridged the geographical distances between the branch and head offices. This now ensures that the user can connect securely from any location and use the resources.

  • Who is Doing What

    On-appliance comprehensive reporting is one of Cyberoam's most significant features. Reports include 'Internet bandwidth usage', 'top accessed sites' as well as Google search reports, which enhance the visibility of users' online behaviour. The 'traffic discovery' report helps the administrator identify the amount of bandwidth used by various applications.