Case Study

Road and Transport Authority Strengthen its Security Landscape for Known and Unknown Threats

Business Scenario

One of RTAs in UAE wanted to enhance its security posture while mitigating real time threats in its network.

For the client, Information security was the key focus area for such uninterrupted and smooth public services. With around more than 5000+ employee base scattered across UAE, and increase unknown or Zero day cyber attacks could make the IT assets vulnerable to the hackers.

With the evolution of network attacks and defense technologies, advance and imperceptible attacks are emerging, especially the persistent and stealthy APT attacks aiming at core information assets, are emerging now and then, causing great losses to government agencies and adversely impacting their operations.

Looking into the above mentioned inevitable cyber attacks, the project objective was to implement a comprehensive solution with capability of defending both the known and unknown attacks from internal and external vulnerabilities, and hackers.

Challenges

  • Lack of visibility to information security vulnerable areas, any exceptions for hackers
  • Missing reporting and Incident management with minimal impact to the public services, and core business
  • Lack of visibility of the distributed IT assets across the region without threat protection mechanism available on them
  • Traditional Approach to security
  • Only signature-based Malware protection
  • Missing Malware Prevention Capabilities

Solution

After proper due diligence and assessment of several APT solutions available in the market, Intertec recommended Palo Alto Networks’ APT to address the client challenges. The below features and functionalities make it a perfect fit:

  • Stop infection from happening by identifying and blocking zero-day malware, worms, virus, trojans, and malicious URL
  • Minimize and heal the impact of APT attacks by locating, blocking, and fixing compromised devices
  • Identify compromised devices sending command and control communications, botnet traffic, and exfiltrating stone data
 

Below are the key aspects of the implemented solution for achieving the project objectives.

  • Traffic Analysis and File Restoration – The APT defense system will correctly identify protocols through traffic analysis and detect malware hidden in packet using techniques like protocol encryption, fragmentation, and obfuscation
  • Known Threats Defense – The solution will provide a unified security protection policy that provides fine grained multi-dimension control based on time, user/user group, application layer protocol, geographical location, IP address, port, and content security for ease of management
  • Detection of unknown Malicious Files – APT defense system inspect the malicious files using sandbox through traffic analysis and file restoration.
  • Behavior pattern-based Threat Analysis
  • Security Posture Visualization – This platform analyze network wide security incidents internally and externally using existing services and network components to locate malicious activities

Benefits

  • Protection from Advance Malwares and Threats
  • Improved visibility of unsecured traffic in network
  • Prevention of known and unknown threats
  • Protection from Zero-day exploits/ malwares
  • Automatic prevention from threats spreading globally through “Global Threat Intelligence”

Return on Investment

  • Reduced turn around time per security Incident by 50%
  • 70% automation in security Incidents reporting and handling
  • 25% productivity improvement for the onsite staff being not spare time in unknown threats detection and analysis