case study domain group · the palo alto networks next-generation security platform with aperture...
TRANSCRIPT
Palo Alto Networks | Domain Group | Case Study 1
Australian Media Giant Secures Its Publishing Enterprise in the Cloud With Palo Alto Networks Next-Generation Security Platform
CASE STUDYDomain Group
Palo Alto Networks | Domain Group | Case Study 2
Industry Media
Challenge Prevent cyberattacks from compromising vital media assets and disrupting workflows critical to the company’s revenue streams.
Solution Palo Alto Networks Next-Generation Security Platform hosted in Domain Group’s private cloud to provide granular visibility and intelligent control over private network and internet traffic from endpoints to the data center.
SubscriptionsThreat Prevention, URL Filtering (PAN-DB), GlobalProtect, WildFire, Traps, Aperture, AutoFocus, Panorama
AppliancesVM-200 (4)
ServicesConsulting Services, Education Services
Results• Assured network security in the cloud without sacrificing control
• Gained greater visibility of network traffic at the endpoint, edge and cloud level
• Simplified policy creation and management across a virtualized security environment
• Tripled company size without adding network and security staff
• Freed IT staff to focus on value-added projects for the business
BackgroundAs one of Australia’s biggest property media companies, Domain Group is a prime target for cyberattacks. However, the agile, fast-moving company did not want to be slowed down by a complex physical security infrastructure. Therefore, to protect its vital media assets and network, the company deployed Palo Alto Networks® Next-Generation Security Platform in its private cloud.
As a result, Domain Group has complete visibility and control of network traffic at the endpoint and edge, as well as in the cloud. Palo Alto Networks Next-Generation Security Platform enables Domain to proactively guard against cyberthreats without slowing
down end-user productivity. Moreover, Domain maintains continuous prevention against known and unknown threats with minimal staff overhead, thanks to a comprehensive threat intel-ligence dashboard. This allows IT and security staff to focus on adding value to the business with assurance that the company’s revenue streams are protected.
Summary
Publishing Deadlines Don’t Wait
Despite many reports that “print is dead,” it is alive and well in the real estate markets of Australia. Just ask Domain Group, one of Australia’s biggest and most successful property media and marketing companies.
Domain runs an integrated online and print publishing business focused on high-end real estate and lifestyle. The company’s revenue – in the hundreds of millions of dollars annually – relies on keeping its workflows moving efficiently. Every area of the business, every moment of the day, is on a deadline – whether it is closing an ad sale, creating ad materials, writing a story, taking photos, assembling content for a page or getting materials to the printer. Any disruption to that flow has a cascading effect that could mean missed deadlines and lost dollars.
“That’s where network security comes in,” says Ben Thomas, IT manager at Domain Group. “In publishing, if you have any com-promises to your network, you could miss print windows. That leads to unhappy customers and even possible legal ramifica-tions for not publishing by a certain date. The costs can be huge.”
End-to-End Network Security in the Cloud
Domain Group is a fast-moving, agile enterprise. It’s not weighed down by a physical data center. In fact, nearly every aspect of the company runs in a cloud environment, including its network.
Domain’s cloud-based network provides site-to-site networking as well as ingress and egress to the internet, all fully secured with Palo Alto Networks Next-Generation Security Platform. The Palo Alto Networks platform comprises the Next- Generation Firewall, Threat Intelligence Cloud and Advanced Endpoint Protection. It delivers application, user and content visibility and control, as well as protection against known and unknown cyberthreats. The Threat Intelligence Cloud provides central in-telligence capabilities and automates the delivery of preventive measures against cyberattacks.
2
"We go to industry lunches and hear people talking about problems like people clicking on malicious links that bring down their networks, and we just look at each other. That doesn’t happen to us, because we have complete control and visibility into what’s happening on our network any moment of the day with the Palo Alto Networks Next-Generation Security Platform."Ben Thomas | IT Manager | Domain Group
Palo Alto Networks | Domain Group | Case Study 3
To secure Domain’s network, two Palo Alto Networks VM-200 vir-tualized next-generation firewalls were deployed in its Melbourne data center, and a second pair of VM-200 firewalls in Sydney for high availability and disaster recovery. Domain uses the full suite of Palo Alto Networks subscriptions, including Threat Prevention, URL Filtering with PAN-DB, GlobalProtect™ network security for endpoints, WildFire™ cloud-based threat analysis, Traps™ advanced endpoint protection, Aperture™ SaaS security, and AutoFocus™ contextual threat intelligence service. The company also uses Panorama™ network security management to centrally manage its hosted network security infrastructure, with support provided through Palo Alto Networks Premium Partner Support services.
Filling a Security Hole for Google Apps
Domain has seen the benefits of Palo Alto Networks Next-Gen-eration Security Platform from one end of its enterprise to the other. That starts right at the business application level.
As its application platform, Domain relies heavily on Google® Apps like Gmail™, Docs™, and Drive. Traditional security solutions simply aren’t designed for cloud-based applications like these, and may leave businesses vulnerable to breach. But the Palo Alto Networks Next-Generation Security Platform with Aperture solves that problem for Domain.
Andy Huggett, Domain’s solution architect, explains, “As a Google Apps shop, one of our biggest security issues is when users share confidential information externally from Google Drive or shared corporate folders. It’s a big hole in the network that Aperture fills for us. We now have visibility into what is shared and who it’s shared with in the cloud. That’s especially valuable for identifying any PCI or PII-related issues.”
The Palo Alto Networks Next-Generation Security Platform also prevents threats from entering into Domain’s network through user endpoints. With Traps, Domain can automatically block both malware and sophisticated exploits without dragging down end user productivity.
“As an administrator, you’re constantly trying to allow the business to run the things it needs to, but also prevent it from running things it shouldn’t,” notes Huggett. “With our previous antivirus software, we had dropped calls in the call center every time it ran a scan. Traps has been lightweight while still providing the protection we need.”
Thomas adds, “What we really like about Traps is the visibility. You can see every device, every user. If there are any security
incidents, you get granular detail on what it was, when it happened, how it worked. Traps is part of a complete platform, and that’s really key for us.”
Easy, Economical Security for Mobile and Remote Users
Domain’s staff is highly mobile, and the company often needs to provide outside contractors and service providers with access to its network. GlobalProtect has proven to be an easy and economical solution to enable secure VPN access for remote and mobile users. In fact, Domain first adopted GlobalProtect as an alternative to VPN Tracker for its Apple® Mac® environment. Now GlobalProtect is the standard for the entire enterprise.
Damian Dixon, server and network engineer at Domain Group, recalls, “I had never touched a Palo Alto Networks product before and I was able to figure out how to set up GlobalProtect with no problem. No one could believe how easy it was to install a VPN. And GlobalProtect ended up being a lot less costly than VPN Tracker while giving us 20 times more licenses.”
Proactive Incident Control
One of the most valuable aspects of the Next-Generation Security Platform has been enabling Domain to be more proactive than reactive in dealing with network security incidents. That’s where WildFire plays a central role.
“The best thing about WildFire is that it’s integrated at every level of the Palo Alto Networks platform,” Thomas asserts.
“Anything suspicious that isn’t automatically blocked by Traps, GlobalProtect, or our next-generation firewalls, gets uploaded to WildFire and checked. As a cloud service, WildFire pulls data from all around the world that we can leverage at the edge, desktop and cloud level to stay ahead of exploits we may not even know about. There’s no comparison to a traditional onsite database or signature-based solution.”
Also key is having AutoFocus as a single dashboard to monitor and respond to threats regardless of where they sit in Domain’s environment.
Huggett recalls one particular incident in which the Palo Alto Networks Unit 42 threat intelligence and research team picked up a new Mac exploit. “The Unit 42 folks posted the threat on the AutoFocus dashboard. That gave us immediate awareness of the attack so we could coordinate with our Mac support team to make sure we were properly patched and not vulnerable.”
3
“As a Google Apps shop, one of our biggest security issues is when users share confidential information externally from Google Drive or shared corporate folders. It’s a big hole in the network that Aperture fills for us. We now have visibility into what is shared and who it’s shared with in the cloud. That’s especially valuable for identifying any PCI or PII-related issues.”Andy Huggett | Solution Architect | Domain Group
Palo Alto Networks | Domain Group | Case Study 4
Simplified Administration Frees Up IT for Value-Added Projects
Domain Group has a small IT staff that doubles as a security team to keep the organization lean and efficient. Huggett suggests that wouldn’t be possible without the intelligence and automation of the Palo Alto Networks security platform.
“For a lot of companies, firewall monitoring and maintenance can be a full-time job,” he says. “Being a small team, we need to let the software do most of the work and just check in on the dash-boards from time to time. By going with the Palo Alto Networks security platform, we’ve been able to support a company that’s nearly tripled in size without adding any headcount for network-ing and security.”
Thomas adds, “Security is one of the most important areas of our job, but we don’t want it to be the thing that takes up the most time. The Palo Alto Networks platform helps IT spend more time working on projects to help the business grow and increase revenue instead of just managing our security infrastructure. We can stay on top of security without spending all day doing it. That’s a real testament to the power of the platform approach.”
While Domain is just beginning to use Panorama for central ad-ministration of the Palo Alto Networks platform, Dixon is already using it for policy management and to set up additional firewalls.
“The advantage Panorama will ultimately have for us will be to manage firewalls in disparate data centers from one dashboard,” he predicts. “It assures us of consistency in deploying firewall configurations and managing policies across our enterprise. And the potential for scale with Panorama is huge. If we decided to deploy firewalls for every site in the company, the additional overhead to manage that would be zero.”
Thomas notes, “It all comes down to having our finger on the pulse of the network at any moment of the day. It’s a lot easier to get a quick snapshot of your security environment from a centralized dashboard than going to a half dozen places every day, hoping the data you get is right. The way Panorama handles it is brilliant.”
Keeping Security Simple Without Sacrificing Control
Domain Group has Premium Partner Support to handle any technical issues with the Palo Alto Networks platform, but the company hasn’t needed to call on any help to date. However, based on his experience working with the Palo Alto Networks account manager for Domain Group, Huggett expects prompt, expert support.
“Any time we have a question or want advice, our account manager has connected us with an engineer who can answer our question, usually within an hour,” he reports. “Our experience with other vendors is that same scenario could take a whole day after getting bounced from one person to another. Knowing that if we have a problem, Palo Alto Networks will be there to solve it for us straightaway makes such a difference. It comes back to helping us remain productive and protecting our revenues.”
Thomas remarks, “The reason we went down this path with Palo Alto Networks was to make network security as simple as possible, but still have as much control and detail as possible even in the cloud. We feel we’ve achieved that.”
He concludes, “We go to industry lunches and hear people talking about problems like people clicking on malicious links that bring down their networks, and we just look at each other. That doesn’t happen to us because we have complete control and visibility into what’s happening on our network any mo-ment of the day with the Palo Alto Networks Next-Generation Security Platform.”
“The reason we went down this path with Palo Alto Networks was to make network security as simple as possible, but still have as much control and detail as possible even in the cloud. We feel we’ve achieved that.”
Ben Thomas | IT Manager | Domain Group