Sharjah Educational Zone Sharjah UAE
Cyberoam Secures Société Générale Viet Finance – The
Largest Consumer Credit Arm
About Sharjah Educational Zone (SEZ), Education
Sharjah Educational Zone is a federal department followed by Ministry of Education; authorized to manage operations for all education entities inside Sharjah including government schools, private schools, and adult education centers. They control and decide the education activities, grant approval of new upcoming private or government schools, perform inspection and Quality survey of the schools. They have more than 118 schools under them.
The main mission of Sharjah Educational Zone is to improve the quality of education, also provide greater motivations to teachers towards their professional development and keenness to go beyond the traditional approach to teaching. T
he SEZ initiative is to permit students to accomplish skills, boost up student creativity, and smooth out their progress to cope with the requirements of the modern workplace. Internet is used as a lifeline as it is the key business facilitator and department cannot run forward without Internet connections.
The SEZ network basically comprised of web and mail servers with no focused doorway security outline. Hence we needed a good Internet security solution.
Mr. Mohamed Al Mulla,
Sharjah Educational Zone
According to Mr. Mohamed Al Mulla, IT Head, the department was facing the following security and connectivity challenges related to its business activities.
Protecting the Network Fringe & Tough IPS
The SEZ network basically comprised of web and mail servers with no focused doorway security outline. The outside of the DMZ is under constant attack. The inside is limited to the traffic that is routed to it. The department contains the confidential document and other student’s sensitive information and data that can be possibly targeted by attacks from external entities and outside access attempts. The organization, therefore, needed a gateway firewall to regulate user authentication and access control.
Also, the sensitive servers were under constant threat from spyware, DoS attacks, fragmented and malformed packets, blended threats and more. Therefore, they needed a strong IPS solution which would be capable in retorting these threats.
Controlling Malware and Spam Numbers
Spam and blended threats consisting of spyware and Trojans were the prime source of concern. Almost 90% of the total mail traffic was spam. Most of the time, the employees’ inboxes were clogged with un-wanted and un-solicited mails. Often genuine mails were wrongly classified as spam – false positives and deleted while spam still poured in. These mails not only cost them in terms of storage space, but also wasted employees’ valuable time and efforts. SEZ was concerned about the spam problem as it would not only eat into precious bandwidth, but would also pose storage crisis.
Business Continuity Concerns
One major concern was the connectivity problem. If Internet connectivity is lost, critical applications such as Exchange Server and Intranet Application gets affected." Mr. Mohamed Al Mulla said. For total business connectivity; the department has two (2) ISP links. So they needed bandwidth management, multiple-link load-balancing and link fail- over solutions. Internet is relied on profoundly to allow remote sites VPN access back to the main office.
The Cyberoam Solution
SEZ looked into a number of security products in order to address their department challenges. Previously SEZ’s gateway was secured through a UTM appliance. However, it had to be soon replaced as they were not effectively blocking the spam & malware threats because of limited IPS and Anti-Virus definitions. The search was on for a new appliance which would have a large number of IPS and Anti-Virus definitions, good anti-spam solution while carrying more features at the same price.
Vision Tech Systems is the IT service desk/support provider for SEZ. On the recommendation of Raj Iyer, Business Development Manager, the department decided to replace the existing Internet security device at head office in Qitaab –Sharjah, Govt Data Center with one (1) Cyberoam 500i UTM appliance.
Today, SEZ has Three (3) Cyberoam Appliances deployed in Gateway mode – One (1) CR500i at the head office and Two (2) CR25ia at the remote site. All the appliances are subscribed for Firewall, Intrusion Prevention, Anti-Spam, Anti-Virus, Multi-Link Management and VPN subscriptions too.
The business benefits were as follows:
- Firewall and Intrusion Prevention
Cyberoam firewall is ICSA and Checkmark certified - provides granular access controls over Internet traffic and the network resources. Coupled with Intrusion Prevention module, Cyberoam UTM can counter any Denial of Service attack Mr. Mohamed Al Mulla now felt the network is secure.
- Gateway level Antivirus & Anti-Spam
Cyberoam’s gateway anti-virus pickets all the web and mail traffic – SMTP, IMAP, POP3, HTTP, HTTPS and FTP-o-HTTP protocols and makes sure that no malware or spyware creeps through the boundary and the network is fully safe and sound against malware including root-kits, viruses, worms, Trojans, spyware, backdoors, key-loggers and more.
Each and every file going through gateway is scanned against antivirus engine that is powered by more than 4 million signatures. “The SPAM slayer also helped our mail server to discern the unwanted mails and give great relief to the users”, said Mr. Mohamed Al Mulla. Recurrent Pattern Detection (RPD) powered signature-less anti spam technology works instantly on deployment, with the least human intervention and is language independent. It blocks spam in any language regardless of the content, e.g. image, audio, video or zip-based spam. The anti spam feature is also equipped with Virus Outbreak Detection. This protects the organization against any zero day attack.
This saves a lot of bandwidth & protects students & staff from viruses, phishing, and spyware threats.
- Continuous Data Availability
Driven by academic need of college connectivity over Internet, SEZ has two (2) ISP links. Cyberoam’s Multi-Link Manager intelligently load balances the traffic and manages link failover between the two (2) broadband links. These links terminate on Cyberoam. The Multi-Link Manager constantly monitors the performance of the links. In case of a link failure, the load is automatically transferred to the working link, seamlessly, which leads to 100% Internet uptime, and round the clock availability of requisite bandwidth. In case of a link failure, Cyberoam automatically switches the traffic to the working link. So the department gets a transparent multilink management with no human interference.
- VPN Connectivity
The CR500i appliance deployed at the Head Office was used to ensure IPSec VPN connectivity along with the 2 CR25ia appliances at remote offices. This allowed remote office users to flawlessly access their work without any uncertainties of collapses in Internet traffic.
Threat-free Tunnelling (TFT)-driven VPN ensures that all such traffic is securely encrypted and no malware sneaks through it.
- Enhanced Reporting
Mr. Mohamed Al Mulla adds, “We were unquestionably very pleased with this reporting module. Gaining simple view into applications with user name, source, and destination, extent of usage, enabling them to zero in on knave users and systems easily is the best part of Cyberoam UTM.”
- To Wrap it Up
Summarizing his Cyberoam experience, Mr. Mohamed Al Mulla said, “Cyberoam is an outstanding product that brings remarkably high performance and I would strongly back it as- reliable security.”