Leading fund management company improves overall security posture with Zero Trust Network Access

Located in Southeast Asia, this government-linked fund management company had all its branch offices connected to a private Metro Ethernet link with 4G backup. The network traffic for internet access was routed back to the headquarters.

The main challenge faced by this customer was lagging performance or congestion due to legacy MPLS architecture. As such, the IT team was looking at ways to optimize their existing bandwidth, simplify IT operations, and increase network visibility. With changes to the working environment, the customer needed a solution that could provide them with both security and networking capabilities to enable a hybrid workforce.

The security team was looking for a solution that could meet the following requirements:

• SD-WAN and security in a single integrated solution rather than disparate point products
• Visibility into application behavior and network performance
• MPLS replacement and cloud connectivity to improve application performance and business agility
• Simplification of IT operations
• Consistent and standardized approach to security policies and framework

The customer evaluated SD-WAN solutions from leading vendors, and Prisma SD-WAN from Palo Alto Networks was shortlisted for a proof of concept exercise due to the next-generation SD-WAN capabilities based on application performance metrics.

With the implementation of Prisma SD-WAN, each branch of the company could now have its local breakout for internet access, as cloud-based security infrastructure is used as an alternative to installing firewalls, thereby eliminating the need to backhaul cloud traffic to a central firewall. Access to internal applications could also be enhanced by dynamic path selection, and application performance visibility could be further delivered by Prisma SD-WAN.

The customer wanted a full secure access service edge (SASE) solution that comprised SD-WAN and security to eliminate the need to integrate different solutions from multiple vendors. Built on the principles of ZTNA 2.0, Palo Alto Networks was able to deliver a true SASE solution that provided the customer with better security, ease of operation, enhanced visibility, and, most importantly, a future-proof solution to support them in their rapidly evolving digital transformation needs. The customer reiterates that Palo Alto Networks was the only vendor that provided a full SASE solution.

For their overall network security, the customer selected ML-powered NGFWs. Coupled with Cloud-Delivered Security Services (CDSS), such as Threat Prevention, Advanced URL Filtering, DNS Security, GlobalProtect, and WildFire, the customer was reassured of a sound security posture.

Another highlight for the customer was the ease of onboarding and deployment of the Palo Alto Networks solution with the help of the Professional Services team. Together, the Palo Alto Networks solution suite integrates well, offering a centralized network security management solution for all NGFWs, irrespective of their form factors and locations. It reduces complexity by simplifying the configuration, deployment, and management of the company’s security policies. Palo Alto Networks Panorama provides centralized visibility and comprehensive insights into network traffic, logs, and threats.

With a Zero Trust strategy in place, the customer can maintain strict access control to applications, services, internet access, as well as any sensitive internal applications, regardless of where the users are located. All users are authenticated before being granted access, no matter where they are, and this has improved the overall security posture of the organization.

Centralized network security management solution

The Palo Alto Networks network security platform, including Prisma Access and NGFWs, are managed through centralized network security management. This reduces complexity by simplifying the configuration, deployment, and management of security policies. With Panorama, the customer gains the advantage of centralized visibility, as well as comprehensive insights into network traffic, logs, and threats. It reduces administrative workload by managing updates, automating threat responses through policy-based actions, and using API-based integrations with third-party systems.

Best-in-class detection, investigation, automation, and response capabilities

Partnering with an enterprise cybersecurity platform provides the customer with consistent, integrated, and effective network security, cloud security, endpoint protection, and various cloud-delivered security services. With best-in-class capabilities, there is a significant reduction in data breach risks, and all users, devices, applications, and data are consistently protected. Using deep machine learning and powerful advanced threat prevention capabilities, unknown attacks are prevented in real time.