Bangladesh Development Bank Limited secures network traffic with an integrated network security platform

Bangladesh Development Bank Limited (BDBL) is a reputed state commercial bank in Bangladesh that provides modern banking services to its customers through 50 online branches. BDBL plays a leading role in the socio-economic development of the Government of Bangladesh.

To further the bank’s mission of contributing to the economic development of the country, Tasfin Adnan, Security Officer at BDBL, and his team wanted to ensure the security of their new product lines and digital banking offerings. “Before deploying Palo Alto Networks, we were using a combination of network security solutions from different vendors to address specific needs. We were not able to monitor the network traffic and have visibility over what was being blocked,” explains Tasfin. Tasfin and his team consulted with Gazi Communications, their long-term partner, to better understand which security products could be deployed for improved visibility, threat, and policy management.

BDBL’s legacy firewalls and controls were siloed, disjointed, and did not allow for centralized management. Tasfin says, “As with every organization, threat detection and prevention was our number one priority. We needed a solution that could identify and block known and unknown threats, such as malware and other advanced threats.”

Guided by the six universal problem-solving questions—who, what, when, where, why, and how—Tasfin wanted a solution that could not only address these questions, but also understand the network traffic movement within BDBL. “Due to our specific requirements, we leveraged multivendor solutions and there was no centralized management tool,” explains Tasfin. He adds, “We needed a more comprehensive solution that would enable us to integrate multiple tools to gain visibility into network traffic movement and advanced threats, while also addressing our compliance and regulatory needs.”

BDBL consulted with Gazi Communications and wanted a solution that could help them address the following requirements:

• Detect and protect against advanced and unknown cyberthreats, including malware.
• Centralize monitoring and visibility of network.
• Automate security management for consistency and simplicity.
• Optimize security posture by enabling a Zero Trust strategy.

Along with Gazi Communications, Tasfin and his team evaluated multiple products that would help the security team achieve their desired outcome of visibility and policy control. “We assessed firewalls from different vendors. What stood out for us about Palo Alto Networks was that they were positioned as a leader in the ‘Gartner Magic Quadrant for Network Firewalls’. As with any product, we acquired the one with the best features,” Adnan states. As BDBL’s partner of choice, Gazi Communications was responsible for all the infrastructure design, device configuration, and deployment. Tasfin reiterates that Gazi Communications ensured smooth deployment and that there were “absolutely no challenges.” Md. Imdadul Islam, Head of Support at Gazi Communications, also reflects on their partnership with BDBL, saying, “We have had a long-standing relationship with BDBL and knew the value that the Palo Alto Networks solution suite could bring them. We worked with BDBL to ensure that all requirements were met, walked them through the workflow in detail, and supported them with training.”

As with all financial institutions, BDBL’s main concern was to protect their core banking system. They used Palo Alto Networks Next-Generation Firewalls (NGFWs) for their data center (DC) core server zone, DC demilitarized zone (DMZ), disaster recovery (DR) core server zone, and DR-DMZ zone. Tasfin explains, “We needed network traffic visibility to monitor inbound and outbound activities. It was essential that we identify any suspicious or malicious activity that includes monitoring network protocols, traffic patterns, and any kind of anomalies.” Cloud-Delivered Security Services (CDSS) consisting of Threat Prevention, WildFire, and Advanced URL Filtering were deployed.

BDBL used the Palo Alto Networks NGFWs to protect their core banking server and DMZ. In addition to the NGFWs that intercept attack chains, WildFire helps with cloud-based malware analysis through machine learning to prevent unknown threats. URL Filtering helps BDBL monitor and control sites that users can access to prevent phishing attacks. Internet users are more secure than before and with GlobalProtect, remote users can access the network securely.

More visibility, better management, and faster threat detection and resolution

With Panorama, BDBL can see all activity in a single pane of glass, providing them with an interactive, graphic view of network and threat activity. The security team has better visibility and can pinpoint the source of the issue. To quote Tasfin, “We were able to dramatically reduce our threat detection and resolution from 2–4 hours down to a mere 5–6 minutes with Palo Alto Networks. This has been an absolute game changer for us.”

Confidence in meeting compliance and regulatory needs

With Palo Alto Networks, BDBL has confidence that their compliance and regulatory needs can be easily met. For internal and external audits, Panorama allows BDBL to pull automated reports and print logs as needed. Additionally, as a banking and financial institution (BFSI), BDBL wants to ensure that it meets the compliance requirements put forth by Bangladesh’s central bank, Bangladesh Bank. After deploying Palo Alto Networks solutions, BDBL has also conducted external and internal vulnerability assessments, and the reports have been approved by the management.

In conclusion, Tasfin highlights the collaborative partnership between BDBL and Palo Alto Networks, saying “We continually receive strong vendor support and proactive engagement from the team. They play the role of a trusted advisor with innovative products to cater to evolving security threats.” As the relationship progresses, BDBL intends to expand their footprint with Palo Alto Networks to include secure access service edge (SASE) solutions, to secure the bank for the future.

Gazi Communications is one of the biggest system integrators (SI) in Bangladesh. The company aims to be the trusted advisor of customers for all of their data connectivity and networking needs, through the provision of Data Center solutions. In addition, Gazi Communications partners with various technology vendors to ensure they offer comprehensive solutions for their customers.