Vodacom Tanzania Limited Dar Es Salam Tanzania Africa
Cyberoam Provides Vodacom Tanzania with a Comprehensive Internet Security Cover
About Vodacom Tanzania, Cellular Network

Vodacom Tanzania Ltd is the leading cellular network in Tanzania with around 6M subscribers. In the corporate head-office situated at Dar Es Salam, Vodacom needed a comprehensive Internet security solution to maintain its lead position in the cellular network companies.

Internet is the primary business enabler as it is used for backoffice administration, mailing and maintaining the contact with the outside world. We needed a firewall rich in features and with best performance. We also needed
anti-spyware, anti-spam, as well as web and content filtering, intrusion detection and prevention.

Mr. Saidi Buhero
Manager, Data Networkst
(IP Networks Dept.)
Vodacom Tanzania Limited

Mr. Saidi Buhero, the Manager - Data Networks (IP Networks Department) and Mr. Musa Gama, the Senior Network Administrator at Vodacom, while enumerating their needs said, “We needed a firewall rich in features and with best performance such as firewall throughput in Mbps, Virus protection features such as anti-spyware, anti-spam, as well as web and content filtering, intrusion detection and prevention. Internet is the primary business enabler as it is used for back-office administration, mailing and maintaining the contact with the outside world. In the era of blended threats, if our network is crippled, our business can come to a grinding halt.”

Dwelling in to the depths of Vodacom’s needs Mr. Buhero elucidated:

Defense at the Perimeter

The first step to perimeter defense is a firewall. There are multiple Web and mail servers deployed in the DMZ of the organisation. The organisation needed a robust solution that provides access control over its Internet traffic. They also needed an Intrusion Detection and Prevention feature coupled with the firewall to ensure that all internal and external intrusion attempts by malware and individuals can be blocked. This combination should also protect Vodacom against any
Denial-of-Service attacks launched from within or without the organisation.

Filter the Web

To maintain and enforce Internet surfing discipline for around 500 active Internet users within the organization is a daunting task. Mr. Buhero wished to contain unbridled surfing and downloads. All P2P applications, Instant Messengers and other unproductive application downloads and usage were to be curbed. Blended
threats need to be tackled at multiple levels. Phishing and pharming sites were to be blocked and productive surfing and business critical applications were to be given priority in bandwidth usage.

Protection against Malware and Spam

Viruses, trojans, worms, spyware and rootkits should be blocked at the gateway. All malware entering the organisation’s network through web surfing and file transfer had to be curtailed. Spam targeted at Vodacom was to be neutralized at the gateway and the mail traffic sanitized.

Knowing Who is Doing What

All this control enforcement has to be backed up by a strong logging and reporting solution. This feature is needed to check the efficacy of all the security measures that are being put in place.

The Cyberoam Solution

Mr. Buhero and Mr. Gama carefully studied the market for viable solutions. After careful scrutiny, they decided to deploy a fully bundled Cyberoam 1500i at the Dar Es Salam head-office in Gateway mode. The Cyberoam appliance blended seamlessly into the existing network without much ado. For external authentication, Cyberoam is integrated with Active Directory and Single Sign-On has been implemented.

Hence when a user logs in to his / her machine, the login is transparent to Cyberoam too. Cyberoam is a fully Identity aware solution where identity is used as a decision parameter across all its features. This enables the administrator to formulate Identitybased security policies and the user is firmly ensconced in a security bubble irrespective of the machine through which he logs in the network.

  • Firewall and Intrusion Prevention

    Cyberoam’s Dual certified firewall – Checkmark and ICSA, provides access control over all the internet traffic. Stateful inspection firewall and Intrusion Prevention solution guard the LAN and the DMZ network from unauthorised access and intrusion attempts.

  • Filtering the Web

    Cyberoam's identity-based filtering feature enables the administrator to assign Internet access rights to users as per their professional profiles and designations. The content filtering database has more than 44 million sites neatly grouped into more than 82 categories. With identity and time as additional parameters, the administrator has granular controls and unparalleled flexibility. Web-mail, Spyware, phishing and pharming sites are blocked to ensure that no employee is duped into compromising his or her personal and professional information. P2P, unauthorised and illegal downloads are now out of bounds for all employees. Using a combination of identity, IP address, service and time schedules, the administrator can now create policies to allow controlled access to a few unproductive sites during stipulated time periods. All downloads of Instant Messengers have also been blocked.

  • Neutralizing Malware

    Cyberoam’s gateway anti-virus solution watches over the Web and mail traffic. All traffic, including HTTP and FTP and mail traffic over SMTP, IMAP and POP3, is scanned for malware and sanitised. All compressed files are decompressed and checked for any hidden malware. This level of all-round anti-virus security prevents virus outbreaks and translates into fewer housekeeping calls to Vodacom’s IT department.

  • Spam Slips through No More

    Cyberoam's gateway anti-spam solution now checks all inbound and outbound mails for spam. According to the initial requirement, it is truly a 'Configure and Fire’ solution. With a spam detection rate of 98% and a false positive rate as low as one false positive per 100,000 mails, Cyberoam's spam filter ensures that Vodacom’s in-boxes are spam-free and no mail-based business opportunities are lost.

    All this efficiency is achieved by the solution's inherent adaptive intelligence, irrespective of the language and the content of the mail.

    The anti-spam solution also has a unique feature - Virus Outbreak Detection (VOD). Using this feature, Cyberoam detects and blocks any zero day attack and vulnerability exploits. After installing the Cyberoam solution, the number of spam attacks dropped to almost nil and the inboxes were clean and spam free. This situation is also reflected in the saved bandwidth.

  • Finding Who is doing What

    On-appliance comprehensive reporting is one of Cyberoam's most significant features. Reports include ‘Internet bandwidth usage’, ‘top accessed sites’ as well as Google search reports, which enhance the visibility of users’ online behaviour. The ‘traffic discovery’ report helps the administrator identify the amount of bandwidth used by various applications. This also helps the administrator to fine tune the entire solution for optimum business benefit.

  • Conclusion

    Jointly voicing their views, Mr. Buhero and Mr. Gama said, “Cyberoam is a robust and potent solution which is simple to configure and easy to manage. It definitely has a productive impact on the entire organisation. We at Vodacom are happy with our decision to invest in Cyberoam and plan to procure and deploy more such appliances in future in our network.