Sei sulla pagina 1di 78

THE CASE BOOK

Unified Security. Delivered.

THE CASE BOOK Unified Security. Delivered.

Contact us:

Fortinet India

Bangalore 18/10 Cunningham Road 302 Saleh Center Bangalore 560052 Tel: +91-80-4132-1699 Fax: +91-80-4132-1689

Chennai DBS Corporate Services Pvt Ltd. “Suit No.322”, 31 A, Cathedral Garden Road Near Palmgrove Hotel, Nungambakkam Chennai 600 034, India Tel: +91-44-2827-5191 / +91-44-4212-3364

Delhi

Mumbai

B-3/17,(Basement)

Zear’s Centre, God Gift Tower

Safdarjung Exclave New Delhi - 110029, India Tel: +91-11-3200-1054

4th Floor, Near Lucky Hotel Hill Road, Bandra(W) Mumbai - 400 050, India Tel: +91-22-2642-5461/2/3/4/5 Fax: +91-22-2642-5460

Hotel Hill Road, Bandra(W) Mumbai - 400 050, India Tel: +91-22-2642-5461/2/3/4/5 Fax: +91-22-2642-5460 www.fortinet.com

www.fortinet.com

introduction

Fortinet is a leading provider of network security appliances and the leader of the unified threat management (UTM) market worldwide. Fortinet's award-winning portfolio of security gateways, subscription services, and complementary products delivers the highest level of network, content and application security for enterprises of all sizes, managed service providers and telecommunications carriers, while reducing total cost of ownership and providing a flexible, scalable path for expansion. Fortinet's flagship F - rtiGate® security platforms offer a powerful blend of ASIC-accelerated performance, integrated multi-threat response and constantly-updated, in-depth threat intelligence. Employing innovative technologies for networking, security and content analysis, Fortinet systems integrate the industry's broadest suite of security technologies, including firewall, VPN, antivirus, intrusion prevention (IPS), Web filtering, antispam and traffic shaping, all of which can be deployed individually to complement legacy solutions or combined for a comprehensive threat management solution. The company complements these solutions with an array of management, analysis, e-mail, database and end-point security products.

Amrita Vishwa Vidyapeetham. Less intrusions, virus outbreaks and security incidents and improved network performance after
Amrita Vishwa Vidyapeetham. Less intrusions, virus outbreaks and security incidents and improved network performance after

Amrita Vishwa Vidyapeetham.

Less intrusions, virus outbreaks and security incidents and improved network performance after the deployment of Fortinet solutions.

Business

Amrita Vishwa Vidyapeetham is a university started in 2003 and established under the University Grants Commission (UGC) Act of 1956. In its second year, Amrita became the nation's first multi-campus university to be inter-networked via satellite. This enables live interactive inter-campus classrooms. With this, Amrita is strategically positioned to lead the way in multi-disciplinary higher eduction, research

Amrita's campuses are connected by heterogeneous networks compose of redundant broadband internet connections. A data center in each campus hosts more that provides critical services, such as an online admission system with tracking and an intranet portal for staff, students and faculty members, web, email, digital library, course management system, etc. The institution stores critical data pertaining to admissions, examinations, results, research and assignments on its systems. It has a varied user base, with different requirements for students, faculty members, staff and administrative employees.

Challenge

According to Anoop VK, Manager Systems and Networks, Amrita Vishwa Vidyapeetham, “The biggest perceived threat to our network has been spam and viruses in email. Virus outbreaks frequently paralyzed the mail server for hours. The real challenge was to counter these threats, while maintaining internet connectivity and fast response times on complex networked systems and applications. The rising popularity of peer-to-peer (P2P) networks and applications such as Kazaa and eDonkey, and the proliferation of instant messaging (IM) applications, posed a new set of challenges for the network administration team. Another challenge was the detection and prevention of Distributed Denial of Service (DDoS) attacks, both from inside the campus and outside it that could cripple various services. Bandwidth shaping and Quality of Service (QoS), managing multiple ISP connections and ensuring the connection doesn't go down even if one ISP failed, were other major concerns for the institution. While the university could stop traffic between various points, there was no mechanism in place to scan for threats in real time inside the network.

1

traffic between various points, there was no mechanism in place to scan for threats in real
traffic between various points, there was no mechanism in place to scan for threats in real
All Fortinet products have a clear, easy to navigate and consistent administrative interface. Its management

All Fortinet products have a clear, easy to navigate and consistent administrative interface. Its management and policy creation are simple and set through a single console.

policy creation are simple and set through a single console. - A n o o p
policy creation are simple and set through a single console. - A n o o p

- Anoop VK

Manager Systems and Networks

This left systems that allowed entry and exit points for the internet potentially vulnerable to infection.The university was looking for a security system that had ISP load balancing, failover redirection and bandwidth shaping for different services. It also needed a gateway level firewall, antivirus, antispam and IPS, web filtering, VPN, active directory authentication, P2P control and logging and analysis.

Deployment

Amrita evaluated solutions from Sonic Wall, Juniper, Cisco ASA, Watch Guard, Radware and Cyberoam. The university chose Fortinet for several reasons. According to Anoop, “FortiGate came top on our feature-wise comparison matrix. The cost effective solution met our primary requirements. It has unique features like https filtering, IPS and P2P application control.” The university gave more preference to FortiGate as it doesn't have any per-user license, so it found the solution to be quite flexible. It evaluated FortiGate on the live network for three weeks and found that the solution was more effective than its competitors. Anoop says, “What impressed us about Fortinet was its ability to provide many of the features required to protect

the university's assets in a single hardware implementation, including intrusion detection and prevention systems, anti-virus, automated push updates and firewall functions.” Amrita deployed two FortiGate-1000A boxes as perimeter security for the Coimbatore and Kollam campuses. Each box is a complete security solution which includes bandwidth control, ISP load balancing and failover, spam, web and virus filtering, IPS, P2P control, authentication, VPN etc. VPN is enabled between the campuses and SSL VPN is enabled for mobile users. There are many features that Amrita's networks use extensively. The firewall can be set to automatically close a port if the intrusion prevention mechanism detects an attack. “All Fortinet products have a clear, easy to navigate and consistent administrative interface. Its management and policy creation are simple and set through a single console,” says Anoop. FortiGate-1000A scans gigabit speed network traffic in real time for viruses, worms and other threats. It also automatically updates virus and intrusion signature database, detects and blocks the latest malware using FortiProtect and FortiGuard services.

BENEFITS

• Reduced in network intrusions, virus outbreaks

• Improved network performance

2

services. BENEFITS • Reduced in network intrusions, virus outbreaks • Improved network performance 2
services. BENEFITS • Reduced in network intrusions, virus outbreaks • Improved network performance 2

Artha Money.

Artha Money. With an innovative security architecture in place, financial services company Artha Eon finds Fortinet

With an innovative security architecture in place, financial services company Artha Eon finds Fortinet to be the best fit.

Business

Artha Eon Financial Services is a financial services company focused on the Indian consumer. Bennett, Coleman & Co, publisher of The Times of India, currently holds a majority stake in the company. The company has a multi-channel setup to deliver financial services. This includes a team of relationship professionals, call-in trading facility, assisted and online trading. The company plans to have presence in 50 locations.

Situation

Artha Eon has set up some revolutionary technology systems in place. This includes front office solutions hosted at the Internet Data Center at VSNL in Mumbai. “This is a service-oriented architecture initiative. It is revolutionary, as nobody has done it in India so far. We are integrating a whole lot of products in the personal finance space,” says Anant Phenany, CTO, Artha Eon.

Challenge

The company handles a huge amount of personal investment information for the retail customers. So it is important to have tight security. And with the brand name of The Times of India, it becomes even more critical to have a state-of-the-art security system in place. “When you look at the technology space, the most effective and efficient way of deploying security architecture is to go with multiple UTM devices. We prevailed on UTM as we are in the Internet space. You need to be agile in terms of finding faults and fixing it,” says Phenany. Artha Eon looked at lot of solutions including those from Fortinet. Adds Phenany, “It's not that we chose Fortinet; it's more like Fortinet suited our security architecture better. We have a spiral model of security architecture, which is a different way of handling security and Fortinet's was the best fit.”

model of security architecture, which is a different way of handling security and Fortinet's was the

3

model of security architecture, which is a different way of handling security and Fortinet's was the
We have a spiral model of security architecture, which is a different way of handling

We have a spiral model of security architecture, which is a different way of handling security and Fortinet's was the best fit.

of handling security and Fortinet's was the best fit. —Anant Phenany, CTO, Artha Eon Artha Eon
of handling security and Fortinet's was the best fit. —Anant Phenany, CTO, Artha Eon Artha Eon

—Anant Phenany, CTO, Artha Eon

Artha Eon has based its security around this spiral concept. The entire computing infrastructure revolves around services that will be accessed both from the inside and outside. The paths on which these services will be accessed are etched in stone, and no other paths are allowed to access them. The next step is to authenticate the users of the services. “We also wanted coarse-grained management and fine-grained control. When I look at the services as a group I should be able to manage each part individually but the specific details are managed minutely without my having to getting into it,” he says. With these requirements in place, Fortinet's was the most appropriate solution as it also reduced the overheads involved in deploying the best-of-breed products and then managing them.

Deployment

Artha Eon has deployed two FortiGateTM-800, two FG300A, one FL800B, and one FL100B. The implementation is still under way, though the closed user group is already up and running. Outside access also has been given to some users, and it has been a smooth ride. “It's very easy to configure,” says Phenany. “We are exploring the use of the bandwidth shaping feature and the SSL-VPN aspect as well.” The solution will serve 200,000 transactions and 300 concurrent users.

BENEFITS

• Easy to deploy

• Best fit for innovative security architecture designed for the company

• Single box makes monitoring very easy

• Easy to upgrade

4

security architecture designed for the company • Single box makes monitoring very easy • Easy to
security architecture designed for the company • Single box makes monitoring very easy • Easy to
Amity Business School. Better network performance, decrease in intrusions and attacks - after the deployment

Amity Business School.

Better network performance, decrease in intrusions and attacks - after the deployment of Fortinet solutions.

Business

Amity Business School is part of Amity University, which is headquartered in Noida and has 88 institutions over 22 campuses across India. This business school was the first institution to have a wireless campus and provide wireless notebooks to its students.

Situation

Various Amity campuses are connected by a heterogeneous network of redundant Internet connections. Its data center in Noida hosts more than 15 servers that provide critical services, such as an online admission system with tracking, and an intranet portal for staff, students and faculty members. The challenge for Amity’s 50-strong IT team was how to maintain open access to information resources both inside and outside the

campus grounds, while still assuring sufficient security, so that confidential data does not leak out, nor hackers get in.

Challenge

Amity had faced network intrusions and gateway-level attacks. A review of the security infrastructure decided that the best approach to deal with these network threats was a gateway-level security solution. Amity evaluated solutions from several security vendors before eventually deciding on Fortinet. They were looking for an all-in-one solution with scalability, performance, bandwidth management and optimization. They also needed conventional security features such as firewall, antivirus and intrusion prevention. Hence, Amity chose Fortinet.

5

needed conventional security features such as firewall, antivirus and intrusion prevention. Hence, Amity chose Fortinet. 5
needed conventional security features such as firewall, antivirus and intrusion prevention. Hence, Amity chose Fortinet. 5
We deployed the FortiGate-200A at the headquarter, where our management sits. There is zero tolerance

We deployed the FortiGate-200A at the headquarter, where our management sits. There is zero tolerance for downtime there and Fortinet has helped keep it that

way.

downtime there and Fortinet has helped keep it that way. - J. S. Sodhi , Senior

- J. S. Sodhi ,

Senior Manager – IT

Deployment

Amity deployed a FortiGate-500A at its Noida campus and a FortiGate-200A at its headquarter in Delhi. Different products were deployed because of the number of concurrent network users.

The FortiGate units gave Amity the capability to support dual redundant ISP connections. Amity has a 4Mbps pipe from Reliance and a 1Mbps connection to Primus, both connected to the same gateway device. Amity also deployed FortiReporter, a browser-based analysis, reporting and monitoring solution for FortiGate antivirus firewalls. This utility generates nearly 300 pages of reports on bandwidth utilization on the Amity network, attack attempts and virus incidents. Special personnel are assigned the responsibility of reviewing those reports and developing recommendations or responses to situations that may arise.

BENEFITS

• No downtime anymore

• Drop in intrusions and virus outbreaks

• Significant improvement in performance

• Close monitoring of network possible

After the deployment of the FortiGate units, Amity Business School has seen a drop in network intrusions, virus outbreaks and security incidents, and a significant improvement in network performance.

Amity’s IT team also uses up-to-the- minute reporting facilities in FortiReporter to gain insights into the state of the network at any time, as well as important information that may help in responding to network incidents. After the deployment of the FortiGate-500A and observing its performance, Amity decided to deploy the FortiGate-200A at the headquarter, where the management sits. There is zero tolerance for downtime there and Fortinet has helped them keep it that way

where the management sits. There is zero tolerance for downtime there and Fortinet has helped them
6
6
where the management sits. There is zero tolerance for downtime there and Fortinet has helped them
Biocon. Biocon has obtained an immediate ROI after deployment of Fortinet Solution. Business Established in

Biocon.

Biocon has obtained an immediate ROI after deployment of Fortinet Solution.

Business

Established in 1978, Biocon is India’s leading biotechnology enterprise. It delivers products and solutions to partners and customers in over 50 countries.

Situation

Biocon has a network of 700 machines and 12 servers, spread over the facilities of Biocon and its subsidiaries, Syngene and Clinigene. The data generated by R&D within the company is critical and network attacks from viruses, worms and trojans over the internet would be disastrous.

Challenge

For past five years, Biocon has been using Checkpoint software for its firewall and network security functions. The company decided to consider Fortinet’s solutions as an option because it provided three to four

components in a single solution suite, including firewall, content filtering, anti-virus, intrusion detection system (IDS) and traffic-shaping features according to G Radhakrishnan, senior manager, systems, Biocon, this leads to ease of use. Further, Fortinet’s FortiGate- 800 provided bandwidth management, which was not available from Checkpoint.

Unlike Fortinet, Checkpoint software was a point solution that did not offer as many features. Checkpoint also requires the purchase of per-user licenses. “This is not the case with Fortinet solutions where user-based licenses need not be purchased, ”explains Radhakrishan.“ Here, network capacity is the only constraint.” Another security option considered was Sonicwall. However, Fortinet proved more attractive because it offered reporting tools and combined more features in one package.

7

However, Fortinet proved more attractive because it offered reporting tools and combined more features in one
However, Fortinet proved more attractive because it offered reporting tools and combined more features in one
If the security equipment can help implement the security policies, then the data i s

If the security equipment can help implement the security policies, then the data is protected

policies, then the data i s p r o t e c t e d -
policies, then the data i s p r o t e c t e d -

- G Radhakrishnan

senior manager, systems, Biocon

Deployment

It took Biocon a month to decide on which security product to use but it took only two or three days to put the security policies in place. Radhakrishnan explains, “Data protection depends on the security policies defined.” If the security equipment can help implement the security policies, then the company’s data is protected. Around August 2004, the Fortinet security solution was implemented over Biocon’s entire campus, including the Syngene and Clinigene facilities. There are now 250 users over the network covered by Fortinet’s FortiGate platforms.

“The FortiGate-800 solution was tested against the best of breed anti-virus scanning and URL filtering solutions. The

implementation at Biocon was challenging because of the mission-critical applications and the uptime commitment. Also the system engineer at Biocon was able to manage the box from day one of the evaluation till the final implementation. This speaks highly for the ease of implementation.” explains Ashok Prabhu, GM Sales of Kinfotech.

Since Biocon interacted directly with Fortinet during the implementation process, no problems or no compatibility issues came up during that stage. Within a week of the implementation, Biocon felt the need for VPN connectivity, which was also easily accomplished with the Fortinet solution in place.

BENEFITS

• Biocon could restrict spam mail over the network with the use of Fortinet’s solutions as also the incidence of virus-infected files

• Internet access is now better, in terms of increased available bandwidth and better browsing and file download performance

• Since security is a high-priority item, Biocon has obtained an immediate ROI

and file download performance • Since security is a high-priority item, Biocon has obtained an immediate
8
8
and file download performance • Since security is a high-priority item, Biocon has obtained an immediate
CNBC-TV18. Behind the scenes, Fortinet provides Media network security to CNBC-TV18. Business CNBC-TV18, a joint

CNBC-TV18.

Behind the scenes, Fortinet provides Media network security to CNBC-TV18.

Business

CNBC-TV18, a joint venture of Television Eighteen (TV18) and CNBC Asia, is an emerging media powerhouse with business interests in content, broadcasting and new media. It is among the fastest growing media companies in India with a CAGR of almost 100% since its inception in 1993. In addition to running the premier Business News Channel it owns moneycontrol.com, a business portal, and other channels such as Awaaz, South Asia World and CNN-IBN.

bureaus in India and abroad. The company has grown from only 200 employees and 70-80 computers to around 1500 employees. The new office in Delhi has more than 1500 nodes while Mumbai has a capacity of about 1000 nodes. The 12 mbps pipeline between the Mumbai and Delhi offices handles a lot of video and data every day.

Challenge

The security infrastructure for such a large setup could not adequately be managed by the company’s IT team alone and a year ago, the company decided to implement a new security solution. After looking at both appliance and software security solutions from a number of vendors, the company eventually chose FortiGate for two main reasons.

Situation

Growing

business

brought

more

content,

applications and users into the computer networks at offices in Mumbai, Delhi and other

9

brought more content, applications and users into the computer networks at offices in Mumbai, Delhi and
brought more content, applications and users into the computer networks at offices in Mumbai, Delhi and
The Fortinet box could be configured to take inputs from multiple service providers, unlike most

The Fortinet box could be configured to take inputs from multiple service providers, unlike most others which couldn’t

service providers, unlike most others which couldn’t - Rajesh Sharma Senior Manager Systems, CNBC-TV18 First,
service providers, unlike most others which couldn’t - Rajesh Sharma Senior Manager Systems, CNBC-TV18 First,

- Rajesh Sharma

Senior Manager Systems, CNBC-TV18

First, Fortinet’s FortiGate UTM platforms could be configured for inputs from different service providers. CNBC-TV18 has redundant network connections from 2-3 providers so that if one link goes down, the other takes over. Most of the security products in the company’s solution and product evaluation could not be configured for inputs from multiple service providers. Second, all the security functions the company was looking for—IPS, IBS, firewall and content filtering— were available in one box, making FortiGate an easily manageable solution.

Deployment

In December 2004, the company contracted Sify, a Fortinet solutions provider, to deploy its new security infrastructure. Sify’s

engineers installed two FortiGate-800A boxes at its Mumbai office, two more FortiGate- 400A boxes were installed at Delhi office in January 2005. Both deployments were completed at night and users experienced no downtime. Entry-level FortiGate Unified Threat Management (UTM) devices were also deployed at 17 other bureaus of CNBC-TV18 in India and abroad, which connect to Mumbai and Delhi offices through either leased lines or VSAT. The Fortinet units have been operating successfully in CNBC-TV18’s network for around a year now, protecting the media company’s information assets. CNBC-TV18 is now a satisfied Fortinet customer.

BENEFITS

• Multiple layers of security implemented in the company’s computer network

• Fortinet solution has solved the network of internal problems

• A Single UTM appliance solution has made it easy to manage security

has solved the network of internal problems • A Single UTM appliance solution has made it
10
10
has solved the network of internal problems • A Single UTM appliance solution has made it
Cambridge Solutions. Cambridge Solutions uses Fortinets appliances for total security and optimized bandwidth usage.

Cambridge Solutions.

Cambridge Solutions uses Fortinets appliances for total security and optimized bandwidth usage.

Cambridge Solutions offers a range of IT and business process outsourcing services, including IT services, BPO services and claims and risk management services. These services are combined with strong onshore presence in the client’s home country and expertise in knowledge-based processing. Cambridge has presence in more than sixty locations worldwide. In India, Cambridge is present in five locations—Bengaluru, Cbennai, Shimoga, Mumbai and Pune.

Situation

Cambridge began using Fortinet’s solutions about four years ago, when the need for unified threat management (UTM) devices was felt to secure the company’s networks. The appliances deployed at that time were FortiGate-500A, 300A and 100A. For the Bengaluru office that has close to 1,300 employees, the company is planning to upgrade to FortiCate-1000A. The FortiGate-500A platform features two 10/100/1000 tri-speed Ethernet ports providing flexibility for networks running at or upgrading to gigabit speeds, four user- definable 10/100 ports for redundant WAN links, high availability and multi-zone

capabilities. The platform enables administrators to segment their network into zones for granular control of network traffic and an internal four-port switch for direct connectivity with the FortiGate-500A. FortiGate-300A also has similar features as the 500A and is ideal for medium - sized enterprise networks. FortiGate-100A is suitable for small offices. It features dual WAN link support for redundant Internet connections and an integrated four-port switch that can be used to provide networked devices a direct connection to the security device. FortiGate-1000A is suitable for large networks. It features ten 10/100/1000 tri-speed interfaces. All FortiGate platforms integrate enterprise firewall, virtual private network (VPN), intrusion prevention, antivirus/antimalware, Web filtering, antispam and application control features to keep enterprise networks secure.FortiGate units are designed to meet the most stringent requirements for performance and reliability and include redundant, hot-swappable power supplies and fans to minimize single-point failures and also support active/active redundant failover for uninterrupted service.

11

and fans to minimize single-point failures and also support active/active redundant failover for uninterrupted service. 11
and fans to minimize single-point failures and also support active/active redundant failover for uninterrupted service. 11
We find the devices very useful in controlling Internet access, in order to optimize bandwidth

We find the devices very useful in controlling Internet access, in order to optimize bandwidth usage for our operations

in order to optimize bandwidth usage for our operations -Pradeesh Karunakaran , Senior Technical Support Engineer,
in order to optimize bandwidth usage for our operations -Pradeesh Karunakaran , Senior Technical Support Engineer,

-Pradeesh Karunakaran ,

Senior Technical Support Engineer, Cambridge Solutions

Their high capacity, reliability and easy management are factors that work in their favour, when it comes to enterprise’s security infrastructure.

Challenge

“Implementation took hardly two days.” says Pradeesh Karunakaran, senior technical support engineer, Cambridge Solutions. Initially, when Cambridge began using Fortinet’s appliances, they were based on LDAP authentication. Later, however, a firmware upgrade by Fortinet added Active Directory authentication capabilities to these devices.

Deployment

“Fortinet is really good in UTM” says Karunakaran. “We find the devices very useful in controlling Internet access, in order to optimize bandwidth usage for our operations” he explains. He adds that for their setup, content filtering and VPN are among the most useful features of the solution. “It is an effective solution with respect to cost and working principles” says Karunakaran. “It is easy to deploy and new users can learn to use it easily” he concludes.

BENEFITS

• Controlled Internet access, better management of Internet bandwidth through policies

• The solution is easy to deploy and easy for new users or administrators to learn

• The solution is cost-effective

The solution is easy to deploy and easy for new users or administrators to learn •

12

The solution is easy to deploy and easy for new users or administrators to learn •

eClerx.

eClerx. The deployment of a unified threat management solution from Fortinet helped eClerx completely secure its

The deployment of a unified threat management solution from Fortinet helped eClerx completely secure its network and data-center.

Business

eClerx provides data analytics and customized process solutions to global clients from its offshore centers in India. Its portfolio of services comprises data analytics, operations management, data audits, metrics management and reporting services.

Situation

eClerx began considering various vendors for security solutions, when its existing UTM (unified threat management) solution exhibited limitations. The organization and thereby, the network and users were growing rapidly and the security solution seemed unable to take the load. eClerx evaluated solutions from a number of vendors and finally decided on Fortinet’s solutions. “We didn’t find any other solution as holistic as Fortinet’s” says Ritesh Pothan, CIO, eClerx. He states that the extensive set of features and policies also promised that the solution would be able to take care of any future requirements at eClerx. eClerx used the

solution for a month on trial basis, before heading for a full- scale deployment.

Challenge

Both for its offices and data-centers, eClerx has used Fortinet’s solution. The products and services comprise FG1000Ax4, FG400A, FG310B, FL100B, FL800Bx2, FM400 and FC 450 for three years. Migration from the earlier UTM solution and deployment of the enterprise - wide Fortinet solution took about six months. A team of five people, including from Fortinet, the vendor and eClerx’s in- house team, were involved. Deployment threw up several challenges, including some downtime, as the system did not work as expected. “It was a complex installation. We had a set of rules on the earlier system and we were looking from additional features from the new system. The upgrade caused some instability. A lot of challenges came up during setting policies, Active Directory authentication and so on” says Ritesh.

A lot of challenges came up during setting policies, Active Directory authentication and so on” says
13
13
A lot of challenges came up during setting policies, Active Directory authentication and so on” says
It is a holistic solution with a comprehensive set of features. Its future promise is

It is a holistic solution with a comprehensive set of features. Its future promise is very high

set of features. Its future promise is very high -Ritesh Pothan, CTO Eclerx Deployment eClerx has
set of features. Its future promise is very high -Ritesh Pothan, CTO Eclerx Deployment eClerx has

-Ritesh Pothan,

CTO Eclerx

Deployment

eClerx has used the system for over a year now and Ritesh describes the experience as “Very decent, We are expecting it to get better.” Apart from securing the network, data-center and email, Fortinet’s solution has enabled eClerx to deploy security, even when an employee is outside the network. Through security clients for laptops, users can keep them secure and continue to be as productive as within company premises. “Another good feature is SSL based proxy capabilities, which have simplified proxy management” states Ritesh. He also finds Active Directory integration useful in creating protection

profiles, though this feature is not working too smoothly as of now. Through FortiAnalyzer, it is easier to generate and manage logs. ”Fortinet has the most comprehensive set of policies, which will be of use to us today and tomorrow. We haven’t used all the features and policies yet, because we have opted for a systematic, slow transition” Ritesh concludes.

BENEFITS

• Performance and business productivity have increased

• eClerx has been able to move from an IP based to a user based configuration

• Apart from the data center network and email security can also be deployed on laptops moving outside the network

• Apart from the data center network and email security can also be deployed on laptops

14

• Apart from the data center network and email security can also be deployed on laptops
Eicher Motors. Eicher Motors’ has deployed a UTM device for the protection of one of

Eicher Motors.

Eicher Motors’ has deployed a UTM device for the protection of one of its critical sites.

Business

Part of the Eicher Group since 1982, Eicher Motors has world-class expertise in designing, developing and manufacturing commercial vehicles. It uses state-of-the-art technology to manufacture and market fuel-efficient commercial vehicles with a gross vehicle weight (GVW) of 5-25 tons. These include a range of trucks and buses, and custom-built automobiles for specialized applications. It has also debuted in the Heavy Commercial Vehicle segment with Eicher 20.16.

Situation

Eicher Motors’ manufacturing facility is located in Pithampur, Madhya Pradesh and the company decided to create its disaster

recovery site also at that location. This also required the need to increase protection of the site, since the services had increased and many users were connecting to the site. After

a requirements-analysis exercise and studying

the solutions available with various vendors, the company decided to go with

FortiGateTM-800, an enterprise UTM (unified

threat management) device from Fortinet. “It

is a single box that gives so much more than a

basic firewall,” says Venkat Bhat, deputy

general manager – IT, Eicher Motors. He cites that the device is a transparent application proxy, an anti-virus solution, an anti-spam solution, an intrusion-prevention system, and much more, so that the company’s threat protection needs are completely taken care of. He also states that since it is not OS-based, they didn’t need to procure any hardware for it. In other softwarebased solutions, the company would have needed to procure hardware, install an operating system, and then use the software.

Deployment

Eicher Motors has been using Forti- Gate-800 at their Pithampur site for about one-and-a-half years. Bhat says that the appliance is “simple to configure and manage, and easy to understand”. Rules and configurations can be changed easily; the GUI provides easy access to all the features; and it doesn’t need dedicated staff for management. Alerts have been set on the appliance to report any violations of the security policies, and the administrator receives email to report such violations. “It only needs half-an-hour daily for someone to check the logs,” states Bhat.

email to report such violations. “It only needs half-an-hour daily for someone to check the logs,”
15
15
email to report such violations. “It only needs half-an-hour daily for someone to check the logs,”
FortiGate-800 has met our requirements and suited our purpose. It does all the things that

FortiGate-800 has met our requirements and suited our purpose. It does all the things that we had planned

our purpose. It does all the things that we had planned - Venkat Bhat, deputy general
our purpose. It does all the things that we had planned - Venkat Bhat, deputy general

- Venkat Bhat, deputy general ,

manager – IT, Eicher Motors

Bhat also states that the device allows administrators to divide the network into zones and apply different security policies for each zone. It has four user-definable ports (10/100) that enable granular control over security policies. It also has four trispeed (10/100/1000) Ethernet ports for networks that run on gigabit speeds. Besides, it can also be used as a VPN solution, though Eicher doesn’t use it for that purpose. A team from Sify did the initial setup, understood the requirements, deployed the solution and trained the people at Eicher Motors on how

BENEFITS

• Threat protection needs met—firewall, anti-virus, anti-spam, intrusion prevention and so on are part of the solution

• Easy to configure and manage

• GUI-based access to all features makes it easy to understand and use

• Administrators can create different zones on the network and apply different security policies for each zone

to use the appliance. Bhat says that internal planning of the deployment, policies to set, and so on took about a week—while Eicher Motors came up with its specific requirements, Fortinet and Sify provided value additions to the planning process. The implementation took about two days, mainly because Eicher didn’t want any break in network services. “FortiGate-800 has met our requirements and suited our purpose,” says Bhat. “It does all the things that we had planned,” he adds.

met our requirements and suited our purpose,” says Bhat. “It does all the things that we

16

met our requirements and suited our purpose,” says Bhat. “It does all the things that we
Forbes Marshall. Fortinet provided Forbes Marshall a customized solution that fully understands and meets the

Forbes Marshall.

Fortinet provided Forbes Marshall a customized solution that fully understands and meets the company’s requirements and does not compromise on utility and security.

Business

In the last five decades Forbes Marshall has

grown from a modest Mumbai based trading company to a multi-divisional, ISO 9001 certified global company manufacturing advanced engineering products for the world’s process industries. Forbes Marshall claims to be probably the only company in the world to have extensive expertise in both steam and control instrumentation. The dual expertise has allowed

it to engineer industry specific systems that focus

on

energy efficiency and utilities management

for

sectors as diverse as textiles, food processing,

paper, power and chemicals.“Forbes Marshall’s

goal is to provide solutions in energy, efficiency and process automation, using the best technology the world has to offer,” says Sharat

M Airani, Manager – IT, Forbes Marshall. 50

years ago it started out with steam generation solutions. Today it has seven business divisions; each one partnering the world technology leaders in their respective fields, manufacturing

products that cover the entire spectrum of

energy generation, energy efficiency, control and instrumentation for the process industry.

Situation

Forbes Marshall runs Oracle eBusiness Suite for its business process. All orders and service requests are entered from all over India. This application is running on an IBM server in its Pune office. The company had two key challenges in mind when it decided to go for the Fortinet solution: one was to protect its ap plication suite and server, which needed to be accessed from all its branches, from outside attacks and ensure business process is smooth, reachable and secure, the second important factor was to ensure support for multiple lines cost effectively without compromising on security. The company has two premises in Pune with distance of seven kilometres between them. It has one RF Link, one 2 MB leased line and one 100MB OFC connecting both these units. There is one Internet link at each of these locations. “These two premises are connected by means of different links of different speed.

link at each of these locations. “These two premises are connected by means of different links
17
17
link at each of these locations. “These two premises are connected by means of different links
Fortinet provided full cooperation in understanding the requirement and designing the solution that made us

Fortinet provided full cooperation in understanding the requirement and designing the solution that made us comfortable. We do expect the new solutions from Fortinet in different areas like: network, security, monitoring and management

areas like: network, security, monitoring and management - Sharat M Airani, IT, Forbes Marshall We wanted
areas like: network, security, monitoring and management - Sharat M Airani, IT, Forbes Marshall We wanted

- Sharat M Airani,

IT, Forbes Marshall

We wanted to have an automatic fail over and load balancing between these links,” informs

Airani, adding that the company was looking for

a single box to avoid administration and maintenance overheads.

Challenge

These links are very critical as large numbers of users depend on these links for business process.

As such, securing these links from any outside

attack or intrusion is a top priority with Forbes Marshall. With that priority in mind, the company deployed two boxes of FGT-200A, one at each

location. All the links terminate on these boxes. The company has security-enabled the Internet

links also. “Before entering the network it checks

for all controls. For other links between our own

two units, we have not enabled any such

security,” Airani says, adding that for the 3 links between the company’s two units both the units, it provides automatic fail over and load balancing

for the entire traffic. Talking about the benefits of

going for the Fortinet solution Airani points out

that with the deployment of the solution, it has

been able to discontinue manual intervention for shifting the links which used to take longer time. “Now even if any one link fails, it does not create any inconvenience to users. The changeover takes place within 4 seconds,” he says. Forbes Marshall evaluated products from three other vendors before finally deciding on Fortinet. Emphasizing that customised solution is a very important factor without compromising on the utility and security, Airani says that Fortinet provided full cooperation in understanding the requirement and designing the solution that made the company comfortable.

Deployment

Airani describes his experience with Fortinet as really good. “We have the comfort level with Fortinet partner we worked with,” he says. A key factor in Airani decision was to ensure that the investment is wise enough to withstand change in technologies. “These technologies changes in two years of span. Before investing, one really needs thinks about the investment also,” he remarks.

BENEFITS

• A customized solution that fully understands and meets the company’s requirements and does not compromise on utility and security

• Lower suppor t and maintenance costs

• Provides automatic fail over and load balancing for the entire traffic

• Lower suppor t and maintenance costs • Provides automatic fail over and load balancing for
18
18
• Lower suppor t and maintenance costs • Provides automatic fail over and load balancing for
Geojit. Fortinet provides a competent & secure platform for smoother transaction. Business Geojit, a joint

Geojit.

Fortinet provides a competent & secure platform for smoother transaction.

Business

Geojit, a joint venture with Kerala State Industrial Development Corporation (KSIDC), offers complete wealth management solutions through 850 trained professionals and a pan-India network of over 175 offices to over 1.75 lakh clients in India. Geojit has more than Rs 1,500 crore worth of assets under its custody and management.

Situation

Geojit has a hybrid network, which comprises of VSAT links, leased lines, VPN, etc. All the branches are networked to the head office for online information dissemination and risk management. The total number of transactions executed daily over the company’s network is almost 1,00,000. It also has a comprehensive trading website. When Geojit started offering its services online, various information security issues came to the fore. Geojit had implemented multiple

components of security solutions at multiple levels, but managing them became an issue and company management realized that an integrated platform of security solutions was necessary.

Challenge

At Geojit, all the trading transactions done across India is dependent on the server at Cochin and securing that server was a critical issue. The features of the FortiGate-800 suited Geojit’s requirements. One major consideration in favor of the FortiGate-800 was the Intrusion Detection System (IDS) and integrated antivirus solution bundled into a single platform. For the deployment of the FortiGate-800, Geojit roped in Axcenta as its implementation partner. A team of about five IT professionals from Geojit and three technical engineers from Axcenta were involved in the implementation, with remote support from one Fortinet engineer.

technical engineers from Axcenta were involved in the implementation, with remote support from one Fortinet engineer.
19
19
technical engineers from Axcenta were involved in the implementation, with remote support from one Fortinet engineer.
There is always a trade off between performance and surveillance. Now, we are in a

There is always a trade off between performance and surveillance. Now, we are in a much more comfortable situation than before and we expect a better rate of customer satisfaction

before and we expect a better rate of customer satisfaction - Balakrishnan CTO, Geojit Securities, Cochin
before and we expect a better rate of customer satisfaction - Balakrishnan CTO, Geojit Securities, Cochin

- Balakrishnan

CTO, Geojit Securities, Cochin

Since Geojit is an online trading business, any downtime during the implementation was absolutely unwanted. At present, the solution has been implemented at one location, Cochin. Geojit did not exceed the budget planned for this exercise. Satisfied with the results and the support from Fortinet, Geojit is planning to deploy FortiGate-300 platforms at the three remaining locations, Geojit will be purchasing another FortiGate-800 box at its data center at Cochin to provide load-balancing and high-availability in case of a crisis.

Deployment

For Fortinet, Geojit was one of the most challenging deployments. Downtime on this network would have cost millions in online trade. To deal with this, the implementation was done over a weekend, when no online trading activity In India takes place. The entire deployment of the FortiGate-800 was done in a day and a half, though this process would typically have taken about 10 days.

BENEFITS

• Since Fortigate is an integrated platform for security solutions, managing and controlling it is easy

• The management has instant access to information about intrusions in the security system and can take immediate action accordingly

• Filtering content is much more streamlined now

• There is a competent secure platform for smooth transaction execution

content is much more streamlined now • There is a competent secure platform for smooth transaction
20
20
content is much more streamlined now • There is a competent secure platform for smooth transaction
GMR. Fortinet’s solution at Hyderabad’s airport helped GMR to logically separate the network, without affecting
GMR. Fortinet’s solution at Hyderabad’s airport helped GMR to logically separate the network, without affecting

GMR.

Fortinet’s solution at Hyderabad’s airport helped GMR to logically separate the network, without affecting performance.

Business

GMR Group is a rapidly growing infrastructure organization, with interests in airports, highways, energy and urban infrastructure. Among the airports that the group is responsible for is the Rajiv Gandhi International Airport, Hyderabad.

Situation

To design the network and security at the Hyderabad airport, GMR required a device that would help them logically separate the networks of the customers—airlines, ground handlers, concessionaire, and so on—-and at the same time, provide them connectivity to the common network. ”We chose Fortinet’s device because it has the capability of Virtual Domains (VDOMs) with good performance, which is very useful for airport environments” says M Rajesh, AGM, IT, GMR.

Challenge

Fortinet provides Unified Threat Management (UTM) security systems. Its range of security solutions are flexible enough to help businesses of all sizes meet their security challenges. Fortinet’s security platform has

been built from the ground up and provides multiple layers of protection and easy management. This also helps to increase flexibility in deployment, better security through integration and scalability with changing business requirements. GMR has deployed FG3600A at the Rajiv Gandhi International Airport, Hyderabad. FortiGate platforms provide essential network defenses by integrating enterprise firewall, Virtual Private Network (VPN), intrusion prevention, antivirus/antimalware, Web filtering, anti spam and application control features. The FG-3000 series, which includes FG 3600A, integrates multiple security services into a modular appliance-based platform. It offers flexible network interface options, including hardware-accelerated Gigabit and 10-Gigabit Ethernet support. FG3600A has one AMC expansion slot, eight 10/100/1000 interfaces and two SFP (SX/LX/ TX) interfaces. “The deployment took about a week and there was no downtime” states Rajesh. A team of two people was involved onsite. A system integrator was involved as well.

21

was no downtime” states Rajesh. A team of two people was involved onsite. A system integrator
was no downtime” states Rajesh. A team of two people was involved onsite. A system integrator
Without this solution, we may not able to run the show. It has fulfilled our

Without this solution, we may not able to run the show. It has fulfilled our business requirements almost 100%”

It has fulfilled our business requirements almost 100%” -M Rajesh , AGM, IT, GMR The challenge,
It has fulfilled our business requirements almost 100%” -M Rajesh , AGM, IT, GMR The challenge,

-M Rajesh ,

AGM, IT, GMR

The challenge, says Rajesh, was to ensure high availability (active/passive) implementation without network downtime. The solution has been in use for the past eight months at the airport. Rajesh informs that all pending activities have been completed successfully.

Deployment

The Airport’s network has been designed as a common infrastructure platform, so that

every customer of the Airport connects to the common network for their operations. At the same time, each customer’s network is logically separated from the other networks, to ensure protection. Fortinet’s device is indispensable for achieving this complex connectivity. Rajesh states that it gives good performance as well. “We have really benefited with the box for logical separation of the network” says Rajesh.

BENEFITS

• Logical separation of the airport network has been achieved

• There is no compromise on network performance or security

separation of the airport network has been achieved • There is no compromise on network performance

22

separation of the airport network has been achieved • There is no compromise on network performance
Hindustan Times. Hindustan Times wanted a solution to not only help prevent attacks or intrusions

Hindustan Times.

Hindustan Times wanted a solution to not only help prevent attacks or intrusions but also a solution to better utilize the Internet resources. It achieved both these goals with Fortinet.

Business

Hindustan Times today operates in a highly competitive business environment that is marked by hyper growth potential, entry of new players and diversification of media companies into new areas. The Hindustan Times group itself is on an expansion mode. The company has not only a new edition of its flagship newspaper Hindustan Times from Mumbai but has also diversified into FM radio broadcast. The group recently launched FM radio channel “Fever 104 FM”. It is also close to launching a new business daily in Delhi and Mumbai. With networking and IT playing a critical role in its daily operations as well in its growth, it is obvious that protection of IT assets from malicious attacks and threats will always be of paramount importance for the group.

Situation

Hindustan Times has users spread across 15 locations in India who access application like emails, Intranet and Internet resources through the corporate data center located in New Delhi. It has a huge pool of WAN as well

as Internet bandwidth terminating in New Delhi to satisfy the end user requirements.The Challenge Hindustan Times has users spread across 15 locations in India who access application like emails, Intranet and Internet resources through the corporate data center located in New Delhi. It has a huge pool of WAN as well as Internet bandwidth terminating in New Delhi to satisfy the end user requirements.

Challenge

With these challenges in mind, Hindustan Times wanted a solution that will not only help prevent attacks or intrusions in its network but also a solution that will help it better utilize the Internet resources. “In mid 2006 when we looked at the Fortinet product profile it appeared to suit our requirements. We underwent tests and PUC at various levels to justify our needs,” Khanna says. According to Khanna, the Fortinet solution after being deployed helped Hindustan Times achieve what it desired. “The solution helped us provide a mechanism to minimize attacks in

helped Hindustan Times achieve what it desired. “The solution helped us provide a mechanism to minimize
23
23
helped Hindustan Times achieve what it desired. “The solution helped us provide a mechanism to minimize
Fortinet solutions has helped Hindustan Times prevent all kinds of threats from virus and worms,

Fortinet solutions has helped Hindustan Times prevent all kinds of threats from virus and worms, check intrusion threats and vulnerabilities from entering our internal environment

and vulnerabilities from entering our internal environment - Amit Khanna , Hindustan Times respect threats specified
and vulnerabilities from entering our internal environment - Amit Khanna , Hindustan Times respect threats specified

- Amit Khanna ,

Hindustan Times

respect threats specified above at the gateway level. It also provided us with a tool to implement a global content filtering solution to help us use our Internet resources in a better way,” points out Khanna. He says that the solution which was designed in a high availability mode intends to provide 100% uptime to prevent any such future attacks.The Solution With these challenges in mind, Hindustan Times wanted a solution that will not only help prevent attacks or intrusions in its network but also a solution that will help it better utilize the Internet resources. “In mid 2006 when we looked at the Fortinet product profile it appeared to suit our requirements. We underwent tests and PUC at various levels to justify our needs,” Khanna says. According to Khanna, the Fortinet solution after being deployed helped Hindustan Times achieve what it desired. “The solution helped us provide a mechanism to minimize attacks in respect threats specified above at the gateway level. It also provided us with a tool to implement a global content filtering solution to help us use our Internet resources in a better way,”

points out Khanna. He says that the solution which was designed in a high availability mode intends to provide 100% uptime to prevent any such future attacks.

Deployment

The Fortinet solution has helped Hindustan Times prevent all kinds of threats from virus and worms, and check intrusion and vulnerabilities from entering its internal environment. Overall, with Fortinet, Khanna is confident of handling all attacks or threats at the gateway level itself. “Any such threat is killed in the DMZ before it hits our internal resources. The primary benefit that we desired from such a solution was to provide a layer of security to our end user’s from new attacks at the gateway level itself. This goal we have achieved after the Fortinet implementation,” Khanna says. Talking about future, Khanna says that he is looking at security architecture at branch level and is looking forward to implement solutions in a similar manner at various levels on the company’s Intranet.

BENEFITS

• Prevention of all kinds of threats from virus and worms, check on intrusion threats and vulnerabilities from entering the internal environment.

• All attacks handled at the gateway level

• Better utilization of Internet resources

internal environment. • All attacks handled at the gateway level • Better utilization of Internet resources

24

internal environment. • All attacks handled at the gateway level • Better utilization of Internet resources
IIMK. The Fortinet solution helped lIM Kozhikode build a infallible defence against intrusions, viruses, worms,

IIMK.

The Fortinet solution helped lIM Kozhikode build a infallible defence against intrusions, viruses, worms, Trojans and other malware.

Business

The Indian Institute of Management Kozhikode is a part of the IIM family of institutions that have earned a reputation worldwide for academic excellence. IIMK is an institute of higher learning that conducts post-graduate management programs and executive management education programs for working professionals. The management programs cover a wide range of subjects, such as finance, IT, marketing, strategy and organizational behavior.

Situation

IIMK’s campus connects to the Internet and research and academic networks such as RENNIC and ERNETviaa5l2Kbps leased circuit from BSNL, with a 2MB ISDN line from BSNL and a 64 Kbps VSAT link as backup. IIMK’s technology department needed to design and deploy a comprehensive security solution that would not only provide necessary defenses against intrusions, viruses, worms, Trojans and other malware, but also to detect abuse within the network and provide reports of incidents and network audit purposes.

Challenge

IIMK has deployed a Fortinet enterprise-class security and management platform to protect its campus-wide network. Fortinet partner Nortech was instrumental in the deployment, which included a FortiGate” -500 multi-threat security appliance and FortiReporter’TM security reporting and analysis software. The FortiGate-500, together with Fortinet’s FortiReporter software provided for all of IIMK’s security, reporting and audit compliance needs. Before deciding on Fortinet to replace the existing Linux firewall on their network, IIMK’s technology staff evaluated solutions from SonicWall, WatchGuard and Cyber Roam.

Deployment

“To achieve our security goals, we needed a solution that could defend against external and internal threats,” says Ashok Pathak, systems manager, IIMK. “We also needed additional features such as bandwidth management and strong reporting capabilities so that we could have a good idea

additional features such as bandwidth management and strong reporting capabilities so that we could have a
25
25
additional features such as bandwidth management and strong reporting capabilities so that we could have a
To achieve our security goals, we needed a solution that could defend against external and

To achieve our security goals, we needed a solution that could defend against external and internal threats… we also needed additional features such as bandwidth management ad strong reporting capabilities so that we could have a good idea of how the network performed and how it was being used. Fortinet’s FortiGate 500

and FortiReporter addressed al our requirements

500 and FortiReporter addressed al our requirements - A s h o k P a t

-Ashok Pathak ,

System manager, IIMK

of how the network performed and how it was being used. Fortinet’s FortiGate-500 and FortiReporter addressed all our requirements.” Fortinet’s FortiGate-500A multi-threat security appliances provide performance, flexibility, and security necessary to protect today’s growing enterprises. The FortiGate- 500A platform features two 10/100/1000 tri-speed Ethernet ports, 4 user-definable 10/100 ports for redundant WAN links, high availability and multi-zone capabilities and an internal 4-port switch. All Fortinet FortiGate systems provide comprehensive network and content protection through the integration of eight essential security applications and services -- including antivirus, firewall, VPN, intrusion prevention (IPS), anti-spam, anti-spy- ware, web filtering and traffic shaping. The systems are kept up to date automatically by Fortinet’s FortiGuardTM subscription

services, which provide continuous updates to ensure protection against the latest viruses, worms, Trojans and other threats-around the clock and around the world. Fortinet’s FortiReporter Security Analyzer provides security professionals with real-time security intelligence to help identify and understand hacker, virus and SPAM/spyware behavior to combat security threats and meet compliance auditing requirements. “More organizations and businesses are deploying our products to provide of the array of functions necessary to maintain corporate security,” said Mr. Hansen Chang, Fortinet’s VP for Asia Pacific. “Fortinet provides a full range of security products that allow administrators to protect every part of their network, from the gateway, to the data center, to desktops, as well as solutions for logging, management, analysis and reporting.”

BENEFITS

• Provides performance, flexibility and security necessary to protect today’s growing enterprises

• Full range of security products that allow administrators to protect every part of their network

enterprises • Full range of security products that allow administrators to protect every part of their

26

enterprises • Full range of security products that allow administrators to protect every part of their
IDFC. After Fortinet impletation, IDFC has covered the possibilities of virus attacks, hacking, and thus

IDFC.

After Fortinet impletation, IDFC has covered the possibilities of virus attacks, hacking, and thus protected the company’s data and network.

Business

Incorporated on January 30, 1997, Infrastructure Development Finance Company Limited (IDFC) is a specialized financial intermediary for infrastructure. IDFC has approved financial assistance for 156 projects aggregating over Rs181,868.20 mn and has broadened its initial focus on power, roads, ports and telecommunications to include energy, telecom and IT, integrated transportation, urban infrastructure, healthcare, food & agri-business, infrastructure, education and tourism.

Situation

Though the network at IDFC already had routers, anti-virus software, access lists, and other server-based controls, the IT team felt that unless a firewall and an intrusion detection system (IDS) were present, the level of security was inadequate.

Challnege

IDFC considered the options of integrated as well as point implementations of security

solutions. According to V.C. Kumanan, head, information management, the concept of integrated implementation was quite interesting because you could get “Three or four major features in one device.” All teething problems could then be “Handled in one cycle instead of in three or four different cycles.” They considered two vendors: Fortinet and Symantec, eventually choosing Fortinet. In addition to firewall and IDS, the capabilities of the integrated security appliance included network traffic-shaping, VPN, and antivirus functions. Although IDFC already had Symantec AntiVirus on the network, the antivirus feature in Fortinet’s solution provided additional protection and came at 60% of the cost of the Symantec solution. Gabriel Durai, manager, IT, added that Fortinet offered bandwidth management and traffic shaping for VoIP calls and this was important since they needed improved quality in VoIP calls. Symantec did not offer this. Also, Fortinet offered them 24x7 service, including next day replacements, etc.

calls. Symantec did not offer this. Also, Fortinet offered them 24x7 service, including next day replacements,
27
27
calls. Symantec did not offer this. Also, Fortinet offered them 24x7 service, including next day replacements,
They [Fortinet] have delivered on their promises - VC Kumanan, head, information management, IDFC Deployment

They [Fortinet] have delivered on their promises

- VC Kumanan, head,

information management, IDFC

promises - VC Kumanan, head, information management, IDFC Deployment By June 2004, Fortinet solutions were implemented

Deployment

By June 2004, Fortinet solutions were implemented at two locations, Chennai and Mumbai. The entire process took three to four months. Two personnel from IDFC and one from Veeras Infotech representing Fortinet were involved in the implementation. The total cost of the security solution was Rs 6.2 lakhs. “Today we are reasonably happy with this implementation.” says Kumanan. In June 2004, IDS was implemented on the network. Later that year, when Fortinet began offering an intrusion prevention system (IPS) in newer versions of its solutions, IDFC upgraded to it. All that was involved was downloading the upgrade and

changing some security policies. “With this new version the reporting facility is really good” feels Gabriel. One concern that IDFC had was that there was no other similar implementation done in the country. This was a major risk, along with questions about delivery and implementation. The latter was because dealers were also new and unfamiliar with this technology. This was also a slightly complex deployment as there was already an existing VPN along with an IP firewall from Cisco and IDFC wanted the new implementation to sit on top of currently existing security infrastructure.

BENEFITS

• With Fortinet’s security solution in place, IDFC feels that to a large extent, it has covered the possibilities of virus attacks, hacking and thus protected the company’s data and the network. The IDFC team feels they are in better control of their network than before

• The company has been protected from losses due to attacks on the network

control of their network than before • The company has been protected from losses due to
28
28
control of their network than before • The company has been protected from losses due to

Jet Airways.

Jet Airways. Low TCO and better ROI, while ensuring a secure environment that’s easy to manage

Low TCO and better ROI, while ensuring a secure environment that’s easy to manage with Fortinet delivers huge benefits to the airline.

Business

Jet Airways, India's leading airline, operates domestic and international services. It has over 385 daily flights to 64 destinations within India and overseas including New York (both JFK and Newark) Toronto, Brussels, London (Heathrow), Kuala Lumpur, Bangkok, Colombo, Singapore, Kathmandu, Dhaka, Kuwait, Bahrain, Muscat and Doha. It is one of the fastest growing airlines in the world. With the acquisition of Jet Lite, Jet Airways has a combined fleet strength of 109 aircraft and schedules over 526 flights daily.

Situation

Jet Airways had deployed point-based security systems for its various offices. There was no perimeter level security at the branches. The company also wanted to implement a corporate level internet access policy at its branches. This would include scanning of internet traffic for malicious data, bandwidth management, authentication,

filtering of URLs visited to prioritize the traffic, and simplicity in the management of the entire solution. According to Satish Joshi, Senior General Manager - Communications, Jet Airways, “We were looking for an easy-to-manage, comprehensive and unified security system that could ensure 24x7x365 defense against network and perimeter level threats.”

Challenge

The company was in search of a security solution that would have features like firewall, SSL VPN, antivirus, anti-malware, anti-spyware, authentication, web filtering, instant messaging/peer-to-peer blocking and intrusion prevention system (IPS). Jet Airways evaluated security solutions from CheckPoint and Sonicwall. But the company chose Fortinet for several reasons. Satish Joshi says, “Fortinet has a comprehensive unified security solution that gives ease of management, local support and training. Also the solution provides low TCO and better ROI.”

that gives ease of management, local support and training. Also the solution provides low TCO and

29

that gives ease of management, local support and training. Also the solution provides low TCO and
Defining policies on the FortiGate boxes is really simple - Satish Joshi Senior General Manager

Defining policies on the FortiGate boxes is really simple

Defining policies on the FortiGate boxes is really simple - Satish Joshi Senior General Manager -

- Satish Joshi

Senior General Manager - Communications, Jet Airways

Deployment

Jet Airways deployed FortiGate-800 for firewall and SSL VPN services. This system helps the roaming users and small offices of Jet Airways to securely access the reservation system. FortiGate 800 is a complete security solution which includes firewall, SSL VPN, antivirus, antimal-ware, antispyware, authentication, web filtering and IPS. It controls instant messenger and peer-to-peer network activities to prevent blended threats.

BENEFITS

• Easy to deploy

• Secured and hassle free remote access with SSL VPN

• Better manageability of essential services

• Reduced intrusion & virus attacks

• Easy monitoring of network

It also provides integrated traffic shaping functions, which makes it a cost effective, convenient and powerful network protection solution. Jet Airways has also deployed FortiGate-50B and 60B in the branch offices to provide perimeter security and defense from external attacks. According to Satish Joshi, “Each of the Fortinet devices with its security features and prevailing security concerns provides value for money. The devices are complete and have comprehensive security defense.”

security concerns provides value for money. The devices are complete and have comprehensive security defense.” 30
30
30
security concerns provides value for money. The devices are complete and have comprehensive security defense.” 30
Larsen & Toubro. After the Fortinet implementation there has been an increase in the volume

Larsen & Toubro.

After the Fortinet implementation there has been an increase in the volume of business, lessened project times and lowered communication costs.

Business

Larsen & Toubro is India’s largest engineering and construction conglomerate with additional interests in IT and electrical business. The company has revenues of Rs 6,000 crores this fiscal year from its seven divisions. One of its divisions, the ECC (Engineering Construction and Contracts division), is headquartered in Chennai.

Situation

Half of ECC’s operations take place outside the boundary of the company. This includes interactions with suppliers, contractors, contract employees, clients and client consultants. Because of this and also because the construction industry is a nomadic one, the business applications used by the ECC must also be available to all stakeholders of ECC’s projects. The ECC standardized on a single platform - the Web and this necessarily meant providing security over a network that is open to virus infiltration, hacker attacks, etc.

Challenge

The ECC network currently controls 378 project sites, seven domestic regional offices, and 12 international area offices in the Middle

East and Asia. Each location is connected to the central server in Chennai. Their network is a heterogeneous one, comprising leased lines, VSATs, mobile links to PDAs used by engineers at remote sites and Multi-Protocol Label Switching (MPLS). Network infrastructure control includes strategies such as antivirus, firewall, spam filtering and VPN. One of their network security policies required the frequent changing of passwords. The software used in their network security infrastructure included CheckPoint firewall, configured to block specific information and spam filtering. However, the infrastructure department soon felt the need for a unified security solution, as the separate applications for anti-spam, anti-virus and firewall functions became difficult to manage.

Deployment

ECC initially thought of using Norton AntiVirus but this only provided protection against viruses that were already out “in the wild.” A year ago, they decided on Fortinet’s solutions because of the integrated anti-virus, automated online updates of virus signatures and anti-spam features.

31

solutions because of the integrated anti-virus, automated online updates of virus signatures and anti-spam features. 31
solutions because of the integrated anti-virus, automated online updates of virus signatures and anti-spam features. 31
We were able to demonstrate the effectiveness of our FortiGate based solution at the proof

We were able to demonstrate the effectiveness of our

FortiGate based solution at the proof of concept stage itself

based solution at the proof of concept stage itself - N C Ananthasayanam, Country Business Manager—RADAR
based solution at the proof of concept stage itself - N C Ananthasayanam, Country Business Manager—RADAR

- N C Ananthasayanam,

Country Business Manager—RADAR ISS, Ramco Systems

“Now we have a hybrid, unified security solution in place,” says Bhaumik. ECC took only about a month to deploy the Fortinet software and the total cost involved was Rs 9.5 lakh. One of the challenges faced by ECC was the need to enforce the discipline of network

BENEFITS

• Fortinet is helping ECC integrate the earlier diverse security solutions in place. The security policy is showing good results

• ROI for the IT infrastructure as a whole is that it has increased the volume of business, lessened project times and lowered communication costs from Rs 10.5 crore to Rs 8 crore

• The processes have become cost-effective. Larsen & Toubro is now completing big projects with less manpower and in lesser time. Budgets for projects are made in lesser time, there is timely output and the figures are more reliable

security among its employees. Further, many of the 22,000 employees were uncomfortable with using computers, so training programs had to be organized to educate employees about the network security systems.

with using computers, so training programs had to be organized to educate employees about the network
32
32
with using computers, so training programs had to be organized to educate employees about the network
Lason India. Protecting customer’s data has been taken care of with the deployment of FortiGate.

Lason India.

Protecting customer’s data has been taken care of with the deployment of FortiGate.

Business

Lason India, earlier known as Vetri Software, undertakes BPO operations in vertical

industry segments such as healthcare and financials. It is a wholly-owned subsidiary of Lason, a US-based business process outsourcing (BPO) company. Lason reported

a turnover of $170 mn in 2002, to which Lason India contributed $30 mn.

Situation

Protecting the workflow environment, from

start to finish, that is, back to the customer, in

a processed form, requires multiple levels of

checks and balances, in the areas of physical and IT security. The network security solution that Lason India wanted had to fulfill the criteria of reliability, availability, scalability, serviceability and service support. Lason’s security requirements included a firewall, intrusion detection and prevention facilities, VPN, traffic-shaping and access control

functions, virus protection, spam and content filters, either in a combined product, or in

multiple products. Fortinet offers these features in a single integrated network security appliance. According to M S Kannan, GM, IT support and member, executive leadership team, Lason has tried both hardware and software point security solutions. Fortinet offers an integrated hardware, software and firmware security platform, which makes it interesting. Lason India has two networks, one connecting the management center to the production sites, the other to the overseas corporate office.

Challenges

One of the main concerns that Lason India had was that they may be the first adopters of Fortinet’s technology in India. According to Kannan, their worries were eased when they found that Fortinet was quick to respond to all aspects of support during the implementation of the platform. There were some firmware issues, which were resolved by Fortinet. The implementation also had to overcome some initial resistance from employees to the restrictions imposed by the FortiGate solution.

also had to overcome some initial resistance from employees to the restrictions imposed by the FortiGate

33

also had to overcome some initial resistance from employees to the restrictions imposed by the FortiGate
We wanted to be pioneers in the industry, in handling data securely - MS Kannan

We wanted to be pioneers in the industry, in handling data securely

to be pioneers in the industry, in handling data securely - MS Kannan GM, IT support,
to be pioneers in the industry, in handling data securely - MS Kannan GM, IT support,

- MS Kannan

GM, IT support, and member, executive leadership team, Lason India

Deployment

The initial strategy was to implement a Checkpoint firewall at their international gateway. For Lason’s intranet sites, the considerations of cost-effectiveness, compliance to global standards and interoperability led to a decision to use Fortinet products. Fortinet India trained Lason’s engineers and a test bed was set up to ensure that they were capable of supporting the Fortinet solution. Installation of the devices was then simply, a matter of plug and play.

BENEFITS

• Lason’s biggest worry was protecting customer’s data. That’s been taken care of with the deployment of FortiGate

• The customers are also more confident in doing business with Lason since they are assured of data security and privacy

• Being both cost-effective and scalable, this combo product will protect Lason’s investment for three years. It doesn’t need augmentation for next two years. Any enhancements required will only be for firmware

“The security solution was up and running almost immediately.” said Kannan. VPN services offered by the FortiGate platform, were deployed at production and management sites. This feature ensured secure data transmission and was also easy to customize. The FortiGate security platform was also compatible with the existing infrastructure, which included Lason’s own Linux-based VPN and an existing server-based content filter for e-mail.

infrastructure, which included Lason’s own Linux-based VPN and an existing server-based content filter for e-mail. 34
34
34
infrastructure, which included Lason’s own Linux-based VPN and an existing server-based content filter for e-mail. 34

Malayala Manorama.

Malayala Manorama. The media house uses Fortinet boxes and three other layers of solutions to repel

The media house uses Fortinet boxes and three other layers of solutions to repel intruders and Media to stay virus-free

Business

Malayala Manorama was established in 1888, and has become one of the leading newspapers in Malayalam today. The company publishes many well-regarded periodicals such as The Week, Vanitha, Vanitha Hindi, Magic Pot, English Year Book, Amar chitra katha and Balarama among others. Malayala Manorama has 75 offices and 15 printing locations across India.

Situation

Malayala Manorama gets news, photos, advertisements from all over the country and the world. Previously, the mode of collection was very manual and a lot of work went into converting material into digital format. Currently, the internet is used as the primary medium for collecting and publishing news stories and getting advertisement revenue. The company thus needed the flexibility to stay connected to the internet all the time.

According to V V Jacob, Manager - Systems, the networks have to be continuously running at all hours. The situation can get critical, especially when the newspaper goes for printing and when no support can be expected from vendors. Downtime would severely impact the operations and revenues of the company.

Challenge

To deal with the risks of an “always on” connection to the internet, Malayala Manorama decided to put in place a security infrastructure that could effectively protect their data assets. The company evaluated products from many vendors and eventually selected Fortinet. What tipped the decision in Fortinet’s favor were the integrated security functions, such as antivirus and firewall and the ability of Fortinet’s FortiGate products to operate in transparent mode.

such as antivirus and firewall and the ability of Fortinet’s FortiGate products to operate in transparent
35
35
such as antivirus and firewall and the ability of Fortinet’s FortiGate products to operate in transparent
Most security products operate on a per-user basis. In the case of Fortinet, the product

Most security products operate on a per-user basis. In the case of Fortinet, the product secures the whole network. It requires only a one-time investment and has no license restriction on the number of users.

- V V Jacob

no license restriction on the number of users. - V V Jacob Manager- Systems Deployment The
no license restriction on the number of users. - V V Jacob Manager- Systems Deployment The

Manager- Systems

Deployment

The company decided to deploy the FortiGate units at the outer most perimeter and just in front of the mail server to screen incoming mail for viruses before they have had a chance to break into the network. In all, two FortiGate-200s, one FortiGate-400 and one FortiGate-500 are deployed in three locations, including their main uplink facility. All units have real-time antivirus, firewall, VPN, network intrusion detection and prevention and traffic-shaping services turned on. Supporting this infrastructure is FortiAnalyzer which provides reporting functions. The security infrastructure has been operating successfully for a little over 2 years now. The deployment was done by the company’s IT team and it went very smoothly, without any problems or downtime during the installation.

Jacob says that the number of virus attacks has dropped dramatically and is very infrequent now. The number of intrusions has also come down considerably. Fortinet boxes have been able to deliver the bandwidth QoS required and network performance has also improved because of the improved security. Malayala Manorama was so impressed with the FortiGate products that it is now in the process of evaluating FortiMail spam control software. Explains Jacob, “Most security products operate on a per-user basis. In the case of Fortinet, the product secures the whole network. It requires only a one-time investment and has no license restriction on the number of users.” All Fortinet products deployed by Malayala Manorama are automatically updated through FortiGuard, a subscription-based service

BENEFITS

• Zero downtime during installation

• Dramatically reduced number of virus outbreaks and intrusions

• Improvement in network performance

• No per-user licensing, so the solution is cost effective

intrusions • Improvement in network performance • No per-user licensing, so the solution is cost effective
36
36
intrusions • Improvement in network performance • No per-user licensing, so the solution is cost effective

Maharashtra

Mantralaya

Maharashtra Mantralaya.

A complete overhaul which included using a FortiGate box solved the issues with a slow and vulnerable Mantralaya network

Business

The Local Area Network (LAN) in Mumbai’s Mantralaya started with around 600 systems in 1988-89. In 2005, it had more than 3,500 systems located in different buildings. Apart from the Mantralaya building and the New Administrative Building, the network is also accessed by the PWD, Vidhan Bhavan, the Treasury Office and offices in Nagpur—which are part of the Wide Area Network (WAN) and Mahanet, the network of Maharashtra’s district offices.

Situation

Network usage within the Mantralaya’s LAN and from the various offices connected to it had increased over the years. The deployment of more process-intensive applications on the network increased the traffic many folds. To compound matters, the network had no security systems deployed. It was open to threats—viruses, worms, Trojans, hacker attacks - from outside as well as from users within the LAN. All these factors had led to the network slowing down. Bandwidth was choked with heavy usage, switches were running at 80-90 percent of their capacity leading to frequent breakdowns and users were getting

increasingly frustrated as the network was down nearly everyday and applications were either inaccessible or slow. The objective, thus, was to get the network back on its feet and to make it faster and more secure.

Challenge

The evaluation and appraisal process took nearly six months, where the department of IT consulted its in-house experts and experts from other public sector undertakings such as the State Bank of India, Unit Trust of India and HPCL. They did a complete review of the network and then evaluated solutions from various vendors that would satisfy their requirements. Having faced problems with multiple vendors in the past, Dr. Pandey says they decided to appoint a single party this time.” After a competitive bidding process, CMS Computers was given this contract. The upgrade involved some major changes. The earlier IBM switches, which had become obsolete, were replaced with Cisco 6500 series switches. The network was also redesigned by segregating it into virtual LANs (VLANs) for better management. The other critical upgrade was the installation of Fortinet’s FortiGate-3600 Antivirus Firewall at the gateway.

The other critical upgrade was the installation of Fortinet’s FortiGate-3600 Antivirus Firewall at the gateway. 37

37

The other critical upgrade was the installation of Fortinet’s FortiGate-3600 Antivirus Firewall at the gateway. 37
Users have begun to rely on the network and to believe that it will always

Users have begun to rely on the network and to believe that it will always be available.

the network and to believe that it will always be available. - Dr Ajaybhushan Pandey Secretary
the network and to believe that it will always be available. - Dr Ajaybhushan Pandey Secretary

- Dr Ajaybhushan Pandey

Secretary (I.T.), Government of Maharashtra

This box, which has a throughput of 4 Gbps (gigabytes per second), includes Intrusion Detection System (IDS), Intrusion Prevention System (IPS), gateway-level antivirus solution, content filtering to safeguard against spam and a log generator. Deployment Fortinet’s solution was tested for six months before the actual implementation and was found to be better than similar solutions from other vendors, mainly because it included virus protection at the gateway level, which other solutions did not provide. In addition, Symantec’s Norton AntiVirus solution was

installed on all desktops. Updates for antivirus solutions on the Fortinet box and on all desktops and servers are programmed to happen automatically. It took about eight days for the actual installation and upgrade of the network. The cost was about Rs 1 crore. However, downtime was minimal—on weekends and nights—and end users did not even realize the changes that had happened in the network. According to Dr Pandey, the upgrade and the transition to the new network were smooth. They have not faced any problems in the two months since the new network has been operational.

BENEFITS

• The network is running smoothly, there is ample bandwidth, applications are running at good speed and there have been no security threats so far

• Users confidence in the network has increased. There are no complaints of the network being inaccessible

• Since FortiGate scans both incoming and outgoing traffic, threats of the network being compromised from outside have reduced

• The redesign of the network has made it easier for other offices to connect to the network.

have reduced • The redesign of the network has made it easier for other offices to
38
38
have reduced • The redesign of the network has made it easier for other offices to
Ma Foi. Ma Foi opts for Fortinet’s UTM solutions and sees better manageability and security

Ma Foi.

Ma Foi opts for Fortinet’s UTM solutions and sees better manageability and security despite being on island networks.

Business

Ma Foi Management Consultants is one of the leading HR services provider in India. After its merger with Vedior N. V, a Euro 6.85 bn staffing company, the organization now has a strong global presence across Europe, Middle East, South Asia and Southeast Asia. It offers a diverse range of HR services and HR outsourcing solutions.

Situation

Ma Foi has presence across India in various locations. All these locations have been running on island networks. This posed a major manageability and information security challenge. “We decided to address these issues first before tackling the entire array of information systems management,” says Ananthakrishnan K, manager - Information Security & Business Continuity at Ma Foi.

Ma Foi evaluated several products including Cisco, WatchGuard, Sonicwall and Fortinet. Fortinet stood out on several accounts. It scored better on interface to interface throughput, ease of defining and revoking policies, and routing capabilities and the

cost.It also has a customizable load balancing feature, and can support SSL and IPSec based VPN. “Unlike other products, the graphical user interface of Fortinet is much simpler and designed very well,” says Ananthakrishnan.

Challenge

The solution Ma Foi opted for is a complete Unified Threat Management system. It chose FortiGateTM-200A, 100A and 60A depending on the number of seats at each location. The solution includes policy based firewalling, policy based routing, traffic management, anti-spam, antivirus, and host-based intrusion protection system (HIPS). This feature is a plus as conventional network based IPSs look for signatures and HIPS looks for patterns. It has an extensive Web filtering system where can handle exceptions. The organization can block an entire set of websites falling under a category and still provide exceptions as per business needs. “This places a crucial role in business like ours. For example, we don’t want our users to shop online, but still allow them to browse a few sites which enable our consultants to research on specific retail companies,” Ananthakrishnan says.

to browse a few sites which enable our consultants to research on specific retail companies,” Ananthakrishnan
39
39
to browse a few sites which enable our consultants to research on specific retail companies,” Ananthakrishnan
The solution has made the administrator’s job simpler as the network segmentation and prioritybased routing

The solution has made the administrator’s job simpler as the network segmentation and prioritybased routing is much easier to handle

m u c h e a s i e r t o h a n d
m u c h e a s i e r t o h a n d

- Ananthakrishnan K, manager

Information Security & Business Continuity, Ma Foi

Other features like protocol based filtering, and the ability to create separate profiles for different user groups is an added advantage. “IM, P2P and VoIP filters enable us to control Internet traffic on potentially bandwidth consuming services. And it allows for better network segmentation,” he adds. Fortinet conducted a features-based training, which involved being briefed on every menu and options available on the box. This was location specific and was done in our headquarters.

Deployment

It’s been a year and a half since the deployment. According to Ananthakrishnan, Ma Foi has seen an immediate fall in virus and

BENEFITS

• Immediate fall in virus and spam

• Bandwidth usage optimized

• Better network segmentation

• Simple policy definitions and revoking

• Easy to use interface makesmanageability simpler

spam related issues. The bandwidth usage is also more optimized. “The ability to connect major offices across the country and our overseas office gives us better manageability on essential services,” he says. Users do complain that they can’t browse or use IMs. This suggests the system is working without any deviation. The Fortinet solution has made the network administrator’s job simpler as the entire network segmentation along with running a DHCP server and prioritybased routing is much easier to handle with the GUI.

network segmentation along with running a DHCP server and prioritybased routing is much easier to handle
40
40
network segmentation along with running a DHCP server and prioritybased routing is much easier to handle
Mahanagar Gas limited. Fortinet helps protecting the network that protects the environment. Business Mahanagar Gas

Mahanagar Gas limited.

Fortinet helps protecting the network that protects the environment.

Business

Mahanagar Gas Ltd (MGL) was incorporated from a joint venture between the Gas Authority of India Limited (GAIL), the BG Group UK (formerly British Gas), and the Government of Maharashtra. MGL supplies Piped Natural Gas (PNG) directly to over 600,000 homes and 500 commercial establishments and industries in Mumbai. The company also operates a network of 100 Compressed Natural Gas (CNG) filling stations.

Situation

MGL corporate network has similarly grown

in size and sophistication since 1995. The

company, headquartered in Bandra Kurla

complex in a Mumbai suburb is connected to

a nearby billing and call center and the

emergency control room via a 2 Mbps leased line. Five distribution offices around the city and two satellite offices each have 128 Kbps dedicated connections to the headquarters. The company maintains nearly 15 servers and

more than 200 workstations, and runs applications for inventory management, workflow and an employee intranet. Numerous technical libraries are hosted on the servers and the company depends on a mission critical database on Oracle 9i. The company also had a 128Kbps broadband

connection to the Internet. Rapid growth in the company has also introduced some unique challenges for the company’s IT department: With the recent proliferation of network threats from viruses, Trojans, spam and intrusion techniques, the IT staff soon found themselves frenetically plugging holes and putting out fires. With a planned Enterprise Resource Planning (ERP) project implementation in the pipeline, the company recognized that security had become a top priority item and decided to conduct an IT Security Audit to identify loopholes and vulnerabilities in the network.

Challenge

The security audit defined a list of features that MGL needed in a security solution, and these included comprehensive firewalling, antivirus functionality for detecting and destroying viruses, Trojans and other threats at the gateway between the corporate network and the Internet, and tracking bandwidth utilization. ‘The organization was reeling tinder constant virus attacks. This kind of situation restricted MGL from letting its remote users access the corporate network, or even, for that matter, mails.” Prashant Mudbidri, Director of Logix Consultancy Group Pvt. Ltd, said.

network, or even, for that matter, mails.” Prashant Mudbidri, Director of Logix Consultancy Group Pvt. Ltd,
41
41
network, or even, for that matter, mails.” Prashant Mudbidri, Director of Logix Consultancy Group Pvt. Ltd,
Unsecured access to the internet resulted in security mayhem in our organization with a plethora

Unsecured access to the internet resulted in security mayhem in our organization with a plethora of virii, spyware and other malware creating dangerous bottlenecks in our network and bringing day to day activities in our enterprises to a grinding halt

-Hemant Joshi ,

Deputy Manager (IT)

to a grinding halt -Hemant Joshi , Deputy Manager (IT) The Logix Consultancy Group Pvt. Ltd
to a grinding halt -Hemant Joshi , Deputy Manager (IT) The Logix Consultancy Group Pvt. Ltd

The Logix Consultancy Group Pvt. Ltd is a reseller of Fortinet products, who assisted Mahanagar Gas Ltd in evaluating security solutions. “Fortinet’s product functionalities mapped to the audit report’s suggestions.” “We wanted a solution that conformed to the suggestions in the IT Security Audit report. We zeroed in on Fortinet, because, besides offering all the features that we needed, they had achieved all 4 ICSA certifications, and had an Intrusion Prevention System (IPS) feature. Fortinet provided us with a FortiGate-300 for testing for a couple of days, and we were impressed with how easy it was to install, its outstanding wire-line performance and robust security features,” explained Mr. Joshi. ‘All broadband traffic now filters through the Fortinet firewall. We have also enabled NAT (Network Address Translation) for our mail and Citrix servers.” Mahanagar Gas Ltd purchased and deployed one unit of the FortiGate300 antivirus firewall platform in mid-2004. The implementation was smooth, with minimum difficulties, and it now secures 225 users in all offices for email and 25 users in headquarters for Internet access.

Deployment

Mahanagar Gas Ltd. has seen a dramatic reduction in the number of virus attacks and other network intrusion incidents since the

deployment, and network performance and user experience has improved significantly. “This has phenomenally improved the performance of our Internet connection,” said Mr. Joshi. With security now in place, the imminent rollout of the ERP suite can continue and plans have already been made to deploy a mail server in- house. The company now has plans to expand the use of Fortinet products as its network expands. “We haven’t yet used the ability to create DMZs or the feature for traffic- shaping, and when the mail server is installed, we will need the antispam feature,” says Mr. Joshi, “we will also need to provide access to the Internet for our Kalina office. Fortinet is a natural choice. We are a very satisfied customer.” The FortiGate-300 antivirus firewall platform provides complete real-time network protection through a combination of network- based antivirus, web and email content filtering, firewall, VPN, dynamic intrusion detection and prevention, traffic shaping, and anti-spam. All FortiGate-series firewalls eliminate viruses, worms, and grayware/ spyware from email, file transfer, and real-time Web traffic without degrading network performance, through its innovative hardware-accelerated ASIC-based architecture.

BENEFITS

• Easy to deploy

• Cost effective

• Comprehensive security solution

ASIC-based architecture. BENEFITS • Easy to deploy • Cost effective • Comprehensive security solution 42

42

ASIC-based architecture. BENEFITS • Easy to deploy • Cost effective • Comprehensive security solution 42
Nilgiris. Integrated threat management from Fortinet helps the super market chain bring down spam and

Nilgiris.

Integrated threat management from Fortinet helps the super market chain bring down spam and virus attack levels and increase employee productivity.

Business

Nilgiris is a century-old company based in South India, and is known for its fresh cakes, other bakery and confectionery items, and supermarkets. It has around 70 retail outlets across South India. Nilgiris has its own manufacturing units for baking and confectionery and is a trusted brand for hygiene and quality products.

Situation

The company had deployed separate solutions to handle the various aspects of security. They had multiple tools catering to their anti-spamming, antivirus & intrusion detection systems. On their own, they all worked fine for the company. But Nilgiris wanted a single solution to handle all their security challenges to bring in ease of

management. According to Mr.Venkataraman , CIO, Nilgiris, “The prevalent solutions were working fine in their own areas, but we were looking at a single box from where we could manage the entire security system.”

Challenge

Also like any other progressive organization Nilgiris desired that the time spent by the employees was more productive. Viruses was affecting the company productivity as a whole. Spam was another big challenge for Nilgiris, which was impacting productivity as well. Says Venkataraman, “Spam was taking too much of space and wasting the company's resources and time.” Nilgiris decided to opt for a Unified Threat Management system to tackle all these challenges.

resources and time.” Nilgiris decided to opt for a Unified Threat Management system to tackle all
43
43
resources and time.” Nilgiris decided to opt for a Unified Threat Management system to tackle all
The Fortinet box is a modern day solution for security woes that IT brings with

The Fortinet box is a modern day solution for security woes that IT brings with it. Use of IT has multiple advantages. But to deal with the flipside of IT, products like those from Fortinet are a great help.

—Mr.Venkataraman , CIO, Nilgiris,

are a great help. —Mr.Venkataraman , CIO, Nilgiris, Deployment Nilgiris evaluated other solutions available in
are a great help. —Mr.Venkataraman , CIO, Nilgiris, Deployment Nilgiris evaluated other solutions available in

Deployment

Nilgiris evaluated other solutions available in the market and short listed Fortinet. The company chose Fortinet because of several reasons. According to Venkataraman, “Fortinet is a reliable name and has proven solutions in the industry. It is a leader in the UTM market.” Fortinet has a clear road map for its products, and brings in newer technology faster than others, he adds. At the same time, Nilgiris found that Fortinet's solutions are also cost effective. Nilgiris opted for the FortiGate-400A box along with

FortiManager Centralized Management and FortiAnalyzer Centralized Reporting. FortiGate-400A is a complete security solution which includes content inspection firewall, IPSEC & SSL VPN, intrusion prevention, web filtering, antispam, antivirus and antispyware. It has controls to monitor instant messenger and peer-to-peer network activities to prevent blended threats. It also has integrated traffic shaping functions, to ensure that employees visit authorized website during office hours and that the company's bandwidth is optimally used.

BENEFITS

• Cost effective

• Increased employee productivity

• Reduced spam & virus attacks

used. BENEFITS • Cost effective • Increased employee productivity • Reduced spam & virus attacks 44
44
44
used. BENEFITS • Cost effective • Increased employee productivity • Reduced spam & virus attacks 44
Jubilant Organosys. Multi-vendor servicing woes have been replaced with a single-box solution which takes care

Jubilant Organosys.

Multi-vendor servicing woes have been replaced with a single-box solution which takes care of all the operational IT issues.

Business

Jubilant Organosys, a leading giant in custom research and manufacturing services, is a

composite enterprise with a major presence in the pharmaceuticals industry. With revenue of

Rs 1176 crore in 2003-2004, the company has

around 2000 employees in India and abroad. Jubilant Organosys has subsidiaries in USA, Europe and China. Domino’s and Hot Breads are some of their prominent brands in the non-pharmaceuticals segment.

Situation

The security infrastructure previously in place

at Jubilant Organosys was not adequately

effective in stopping current network threats,

from virus attacks to intrusion. Since they have

a B2B and B2C setup, performance was

important and became an issue when the vendors and the clients became dissatisfied with the time it took to access information on these sites. At that time, Jubilant Organosys was using solutions from different providers to address their security needs. The different

solution providers often blamed each other for network failures without addressing the real

issues. An effective solution was needed for these problems and to meet the increasing demands of such a big organization.

Challenges

It took about three months for Jubilant Organosys to conduct a thorough and exhaustive industry survey. “Since using a multi-vendor approach had not been a very feasible solution, this time, we were looking for a single-box solution from a single vendor,” shared Mr Satya, Chief (IT), Jubilant Organosys. In 2004, FortiGate-1000 turned out to be the answer. This appliance could satisfy all their security needs, such as anti-virus features, junk mail filtering, content inspection and load balancing. The company was looking for a one-time investment in security solution because IT was not their core business.

Deployment

When it came to implementing FortiGate-1000, Jubilant Organosys was a little apprehensive. Being one of the first few organizations to use the Fortinet product, they had to wait for the product to be launched. Moreover, since FortiGate-1000 was a very

to use the Fortinet product, they had to wait for the product to be launched. Moreover,

45

to use the Fortinet product, they had to wait for the product to be launched. Moreover,
We used IT for our business success and not to build a museum of IT

We used IT for our business success and not to build a museum of IT products

business success and not to build a museum of IT products - Mr. Satya head IT,
business success and not to build a museum of IT products - Mr. Satya head IT,

- Mr. Satya

head IT, Jubilant Organosys

new product, they didn’t have many references that could vouch for the performance of the product. Jubilant Organosys could not afford to have their networks down for long periods due to real time B2B/B2C transactions. Therefore, instead of implementing the technology in 2-3 weeks, the entire exercise was phased out in 6 months. As a result, the downtime, which

BENEFITS

• All the content, which passes through the network, is safe and there is no downtime involved because of network jamming

• No manpower time is wasted in clearing junk and spam mails

• Multi-vendor servicing woes have been replaced with a single-box solution, which takes care of all the operational IT issues

• FortiGate-1000 blended well with the existing infrastructure and practically no additional costs were incurred

• By adopting the single vendor approach instead of a multi vendor approach, the costs decreased significantly

was initially expected to be 80 hours, actually turned out to be 60 hours. Apart from the support given by Fortinet, Jubilant Organosys also kept a team of 9 people in house to roll out the application to safeguard against any risks. Jubilant Organosys claims that there have been no technical snags so far.

application to safeguard against any risks. Jubilant Organosys claims that there have been no technical snags
46
46
application to safeguard against any risks. Jubilant Organosys claims that there have been no technical snags
Spice. The Fortinet solution provide the performance, flexibility and security necessary to protect enterprise networks.

Spice.

The Fortinet solution provide the performance, flexibility and security necessary to protect enterprise networks.

Business

Launched nine years ago as a cellular phone service operator, Spice Telecom currently serves 1.5 million subscribers in Punjab and Karnataka regions with wide coverage in urban areas and road networks.

Situation

Spice Telecom's IT department was continuously challenged with trying to manage and maintain a large assortment of point security products from numerous vendors. This challenge was compounded every time a computer was added to the network.

Challenge

As Spice Telecom's network grew, the IT department found it increasingly difficult to keep virus and spam signatures up-to-date and to effectively enforce security policies. Spice Telecom recognized the need for a comprehensive, streamlined network security solution to meet its critical and diverse security requirements. IT administrators were eager for a solution that would be easy to manage, grow with the network as necessary and ensure up-to-the-minute security updates to virus and spam signatures. The

company was also seeking a solution that would support High Availability (HA) and Load Balancing operations to eliminate any possibility of a single point of failure.

Deployment

After evaluating solutions from several vendors, Spice Telecom purchased and deployed two FortiGate-300A systems in a HA configuration to provide comprehensive, non-stop multi-threat security. The deployment of the FortiGate-300A platforms has resulted in dramatic improvements in the integrity and flexibility of Spice Telecom's network security infrastructure and a marked increase in IT staff efficiency. The ASIC-accelerated FortiGate systems provide a full suite of network security capabilities -- including firewall, antivirus, intrusion prevention systems (IPS), VPN, Web filtering, anti-spam and traffic shaping – to protect against content and blended threats in real-time. Tests performed on the FortiGate-300A systems by Spice Telecom indicated that scanning of inbound and outbound traffic achieved throughputs in excess of 300 Mbps, highlighting Fortinet's excellent performance.

and outbound traffic achieved throughputs in excess of 300 Mbps, highlighting Fortinet's excellent performance. 47

47

and outbound traffic achieved throughputs in excess of 300 Mbps, highlighting Fortinet's excellent performance. 47
Fortinet's unified threat management systems provided us the best functional range of security applications and

Fortinet's unified threat management systems provided us the best functional range of security applications and services, most of which are ICSA certified and offered the best total

cost of ownership.

ICSA certified and offered the best total cost of ownership. - N a v i n

- Navin Kaul, COO

Spice Telecom, Karnataka

According to Navin Kaul, COO - Spice Telecom Karnataka, Fortinet's robust capabilities and ease-of-use made it the clear choice for network security “Fortinet's unified threat management systems provided us the best functional range of security applications and services, most of which are ICSA certified and offered the best total cost of ownership. Additionally, we liked the high performance the systems delivered, made possible by ASIC-based hardware acceleration." The FortiGate-300A systems provide the performance, flexibility and security necessary to protect enterprise networks. The FortiGate-300A systems are kept up to date automatically by Fortinet's FortiGuard Network, which provides continuous updates that ensure protection against the latest viruses, worms, Trojans and other threats -

around the clock and around the world. Navin Kaul continued, “With Fortinet's UTM systems in place, we've reduced our administration complexities and management headaches, as well as improved the robustness of our network security. Additionally, we no longer have to worry about a single point of failure in our network, which was previously our only gateway to the Internet. The other real plus we've experienced with Fortinet is the fact that we only bear a one-time acquisition cost versus the huge annual maintenance and licensing costs for other solutions. Overall, this has been an exceptional value proposition for us.”

BENEFITS

• Easy to deploy

• Protection against virus, worms & trojans

• Better manageability

• One time acquisition cost versus huge annual maintenance and licensing costs for other solutions

• Reduced network complexity

cost versus huge annual maintenance and licensing costs for other solutions • Reduced network complexity 48

48

cost versus huge annual maintenance and licensing costs for other solutions • Reduced network complexity 48
SAIL. Multiple security features in one solution is what SAIL found most appealing in Fortinet.

SAIL.

Multiple security features in one solution is what SAIL found most appealing in Fortinet.

Business

Steel Authority of India Limited (SAIL) is the leading steel-making company in India. It is a fully integrated iron and steel maker, producing both basic and special steels for domestic construction, engineering, power, railway, automotive and defence industries and for sale in export markets. Ranked amongst the top ten public sector companies in India in terms of turnover, SAIL manufactures and sells a broad range of steel products, including hot and cold rolled sheets and coils, galvanised sheets, electrical sheets, structural, railway products, plates, bars and rods, stainless steel and other alloy steels. The Indian steel industry has been going through a very dynamic phase. Driven by the unprecedented boom in the economy that has created a huge demand for steel in sectors like infrastructure and real estate, the steel industry is witnessing a new phase of modernisation and expansion. While there has been no dearth of demand for steel for the past few years, there has been no lack of pulls and pressure too. Growing cost of production has led many steel companies to look for ways to achieve new economies of scale.

That’s one of the reason the industry has witnessed a spate of consolidation driven by mergers and acquisitions. Stressing that in the present scenario of cutthroat competition right decision at right time is most important not for competitive advantage, Deo Murti Thakur, Joint Director (CC&C), SAIL, points out that IT is the biggest facilitator in this endeavour. “The IT group is always trying to put its sincere efforts so that SAIL should have all the relevant information to take right decision at right time,” he says, informing that SAIL’s IT department had commissioned some major projects in the past year.

Situation

Ensuring a continuous flow of information and high availability of the network is one of the key tasks before Thakur and his team. “The IT department has to ensure that failure in IT system should be minimum or almost zero,” he says. And one of the serious challenges posed to the availability of the SAIL’s network is from virus attacks and other types of intrusions. “These threats are serious whether they are virus attacks and or something else,” Thakur says.

types of intrusions. “These threats are serious whether they are virus attacks and or something else,”
49
49
types of intrusions. “These threats are serious whether they are virus attacks and or something else,”
SAIL analysed almost all types of security systems and Fortinet proved to be the best

SAIL analysed almost all types of security systems and Fortinet proved to be the best for us. After installation of the Fortinet solution, SAIL’s LAN at its two corporate offices in

New Delhi is now completely secured

two corporate offices in New Delhi is now completely secured - Deo Murti Thakur , Joint

- Deo Murti Thakur ,

Joint Director (CC&C), Steel Authority of India Limited

Challenge

In order to control all kinds of threats to SAIL’s network posed either by Internet or by a mail, SAIL decided to go for a solution that can ensure that all threats are controlled at the gateway level itself. “We decided to install a system at the gateway level of the LAN and WAN of SAIL,” says Thakur. However finding the right solution wasn’t an easy job given the fact that the market is flooded with scores of security solutions. “There are many types of security system. Some are software based and some are hardware based,” he observes. The other challenge was to ensure that deploying a security system should not affect network performance. “Putting different security system for different applications create lot of problems which slow down the network,” Thakur adds. With all these factors in mind, SAIL analysed a number of solutions available in the market before finalising Fortinet. “SAIL analysed almost all types of security systems and Fortinet proved to be the best for us,” Thakur says. The most appealing feature of the Fortinet solution

BENEFITS

• Unified solution that meets all security requirement

• Better Internet usage management

• Threats controlled at the gateway level

according to Thakur is that it is a hardware-based system with multiple security features in one solution. “It meets all our security requirements as it has Firewall, IDS/ IPS, anti-virus, Spam control, User authentications for Internet and more importantly for more than one Internet lease line connections,” he points out.

Deployment

After installation of the Fortinet solution, SAIL’s LAN at its two corporate offices in New Delhi is now completely secured. “No virus threat that can disrupt work or mail has been experienced. Our interaction with plants and outside never got hampered. No data loss or mail loss as occured. This has created smooth working environment at our corporate office,” says Thakur of his experience after deploying the Fortinet solution. Moreover, the Fortinet solution has also given SAIL better Internet management capabilities. “Now we are able to connect and disconnect Internet users as per requirement. Every thing can be controlled through a consol only,” he adds.

and disconnect Internet users as per requirement. Every thing can be controlled through a consol only,”

50

and disconnect Internet users as per requirement. Every thing can be controlled through a consol only,”
SIBM. Fortinet’s solution has helped Symbiosis Institute of Business Management to manage Internet bandwidth and

SIBM.

Fortinet’s solution has helped Symbiosis Institute of Business Management to manage Internet bandwidth and create security policies for its gigabit network.

Business

Symbiosis Institute of Business Management (SIBM), Pune is counted among the best business schools in India. Established in 1978, it received permanent affiliation from the Pune University in 1996. In 2006, the UGC recognized it as a full-fledged university, and SIBM became part of Symbiosis International University (SIU). Apart from two-year MBA programs for residential students, SIBM offers one-year MBA programs for working professionals and customized MBA programs for corporates.

Situation

SIBM has a gigabit network with multiple virtual LANs spread across the campus. For securing this network, SIBM decided to deploy an appliance based UTM (unified threat management) product. “The product had to support the following features:

firewall, IDS/IPS, anti-virus, web filtering, spam control, user authentications for Internet, Internet load balancing and failover lease line connections,” states Rajesh B Bagewadi, senior network administrator. A project consultant for the network project

listed the criteria for selection of vendor. As a result of this process, Fortinet’s products were selected.

Challenge

SlBM decided to deploy FortiGate 800 and FortiAnalyzer. ile Fortigate 800 is a UTM appliance, FortiAnalyzer is a dedicated hardware solution that securely aggregates and analyzes log data from the FortitGate appliance. The FortiAnalyzer appliance accepts and processes a range of log records provided by FortiGate, including traffic, event, virus, attack, content filtering, and email filtering data. It also provides advanced security management functions such as quarantine archiving, event correlation, vulnerability assessments, traffic analysis, and content archiving. It also provides more than 300 customizable reports, whether scheduled or on-demand. Network administrators thus get a comprehensive and detailed view of network usage and security information, which helps them to discover and address vulnerabilities faster.

view of network usage and security information, which helps them to discover and address vulnerabilities faster.
51
51
view of network usage and security information, which helps them to discover and address vulnerabilities faster.
The FortiGate 800 solution has fulfilled our requirement in terms of user authentication, Internet load

The FortiGate 800 solution has fulfilled our requirement in terms of user authentication, Internet load balancing, antivirus, Web filtering, firewall, and so on”

-Rajesh B Bagewadi ,

Psenior Network Administrator, Symbiosis Institute Of Business Management

Administrator, Symbiosis Institute Of Business Management With the help of a system implementer, the project
Administrator, Symbiosis Institute Of Business Management With the help of a system implementer, the project

With the help of a system implementer, the project consultant and the Fortinet team, the installation and implementation took about a week and did not involve any downtime. However, challenges came up during installation in Internet network load balancing, failover of Internet and web content filtering, as well as in Active Directory integration.

Deployment

The FortiGate-800 network security system features four 10/100/1000 tri-speed Ethernet

ports for networks running at gigabit speeds and four user-definable 10/100 ports that provide granular security through multi-zone capabilities. The platform has allowed administrators at SIBM to segment the gigabit network into zones and create unique security policies between zones. This helps to manage the Internet bandwidth and user authentication with Active Directory. The system is easy to manage through a Web console and has enabled SIBM to manage Internet usage in a better way through policies.

BENEFITS

• Better management of Internet bandwidth through policies

• Network can be segmented into zones and unique policies for each zone created. User authentication with Active Directory data about viruses, traffic, violations and so on

• Easier management of the system through Web console

• Security from multiple threats through antivirus, Web filtering, firewall, IDS/IRS, etc.

through Web console • Security from multiple threats through antivirus, Web filtering, firewall, IDS/IRS, etc. 52

52

through Web console • Security from multiple threats through antivirus, Web filtering, firewall, IDS/IRS, etc. 52

Sodexo.

Sodexo. With a UTM solution, Sodexo now has a secure centralized setup, which has resulted in

With a UTM solution, Sodexo now has a secure centralized setup, which has resulted in multifaceted savings.

Business

Established in 1966 in France, Sodexo has operations in more than 80 countries and revenues exceeding 13.4 bn Euros. Sodexo started off with its operations in India a decade ago. Sodexho Meal and Gift Vouchers have become the prominent tool for motivating employees in all sectors of industry. The head office is in Mumbai, and there are seven branches in the major cities.

Situation

Sodexo had deployed SonicWall in a decentralized manner. There were separate clients for IDS, IPS, antivirus and antispam from various vendors. Sodexo needed a

unified solution so that there was only vendor

to manage. When the organization moved to

a centralized network setup, it wanted to

explore a centralized security solution as well. According to Charmaine Sequeira, head-IS&T of Sodexo India, “I needed a good security solution which was scalable with the network, and would have an assured uptime.

And it had to be cost effective as well.” Sodexo was looking for a unified and comprehensive security solution to detect not

only external but also internal intrusions, and internal abuse of privileges, which could lead to lower productivity levels. Adds Sequeira, “I also wanted a comprehensive logs and reporting mechanism, because we will soon have audits for certification of our processes, controls and security.” The solution had to be able to give a dashboard analysis of the information. Not only would this aid in audit compliance but also help in the bandwith optimization.

“I wanted the solution to have an easy-to-use interface. We also needed good service and support after implementation,” says Sequeira.

Challenge

Sodexo evaluated Sonicwall, Cisco, Checkpoint and Fortinet. Global policy dictated the use of Checkpoint and Cisco, but the Indian team dared to change that and chose Fortinet’s solution as the market feedback was excellent. Also, since Checkpoint was partnering with various vendors to deliver unified solutions, Sodexo was not confident of a roadmap for their products.

partnering with various vendors to deliver unified solutions, Sodexo was not confident of a roadmap for
53
53
partnering with various vendors to deliver unified solutions, Sodexo was not confident of a roadmap for
I needed a good security solution which was scalable with the network, and would have

I needed a good security solution which was scalable with the network, and would have an assured uptime

- Charmaine Sequeira,

head-IS&T, Sodexo India

uptime - Charmaine Sequeira, head-IS&T, Sodexo India Fortinet has SSN VPN certification, so Sodexo did not
uptime - Charmaine Sequeira, head-IS&T, Sodexo India Fortinet has SSN VPN certification, so Sodexo did not

Fortinet has SSN VPN certification, so Sodexo did not have to go for third party certification. The box comes with its own ASIC processors thus taking the load off the network’s servers. “We deployed two boxes of FortiGateTM- 800 in the high availability mode in our head office along with FortiAnalyzer. Internal auditors were happy with the tests conducted on the security setup,” says Sequeira. The deployment was done in October 2007. It was seamless and there was absolutely no problem, she says. The system administrator received basic training.

Deployment

Ever since the deployment, there are no

issues related to viruses

or spam. The

BENEFITS

• Unified threat prevention

• No more issues related to spam and virus

• Better management of bandwidth

• High uptime

• Good return on investment—lower product and support costs, bandwidth savings

granular logging is excellent which helps the organization gets reports on top ten users of bandwidth, time spent on browsing, and so on. Bandwidth management has become easy. The box prevents internal and external threats and vulnerabilities very well. As two boxes are deployed, there is automatic failover and load balancing, which ensures a high uptime. The Fortinet solution delivers good return on investment on many accounts. “It’s a single box, which means there is a definite RoI compared to multiple boxes all over the place,” says Sequeira. Also, now that bandwidth consumption is optimized, there are cost savings there as well. And there is a lower support and maintenance cost.

consumption is optimized, there are cost savings there as well. And there is a lower support
54
54
consumption is optimized, there are cost savings there as well. And there is a lower support
South Indian Bank. South Indian Bank opts for Fortinet’s solution to deliver secure services without

South Indian Bank.

South Indian Bank opts for Fortinet’s solution to deliver secure services without having to worry about growth or obsolescence.

Business

South Indian Bank is one of the leading scheduled commercial banks in India with a strong focus on technology and service. It has presence in 23 states and union territories of India. The bank has 489 branches, 26 extension counters and 204 ATMs across the country.

Situation

The bank was working in a decentralized manner, with inhouse standalone applications running in the various branches. On the advice of its IT consultant, the bank decided to move to the core banking solution from Infosys, Finacle. This was done in 2001. With this came the option to deliver Internet banking services to the customers. This was the only service where the bank’s systems had to be accessed from the outside. This was a huge security concern for the bank. In 2002, the bank opted to go for the best of breed applications for its various levels of security.

The application proxy, IDS (intrusion detection system) and gateway antivirus were from Symantec, and Stateful Inspection from Checkpoint. However, when Symantec announced end-of-life for some of its products, the bank opted to go with a Unified Threat Management solution as the technology had matured. The key concern during evaluation was that management of different products, even from the same vendor, was not without issues. “So the idea of using a single box was accepted to enable the comfort of deployment, ease of operation and better management for the bank,” says Sreekumar Chengath, chief manager-Networks & IS Security. Among the available UTM solutions, the bank evaluated those from Checkpoint and Fortinet. “The market feedback on the Fortinet solution was very good. Fortinet is a pioneer in the UTM solutions space. That is why we went with Fortinet,” says Sreekumar. He also adds that Fortinet’s products have a clear roadmap, which most other rivals do not.

says Sreekumar. He also adds that Fortinet’s products have a clear roadmap, which most other rivals
55
55
says Sreekumar. He also adds that Fortinet’s products have a clear roadmap, which most other rivals
Fortinet is a pioneer in the UTM solutions space. That is why we went with

Fortinet is a pioneer in the UTM solutions space. That is why we went with Fortinet

the UTM solutions space. That is why we went with Fortinet - Sreekumar Chengath, chief manager-Networks
the UTM solutions space. That is why we went with Fortinet - Sreekumar Chengath, chief manager-Networks

- Sreekumar Chengath,

chief manager-Networks & IS Security, South Indian Bank

Another criteria for selecting Fortinet was expandability and enhancement options available in the solution. It has boxes built for small organizations, enterprises, carriers and large organizations. “With Enterprise solutions, we get a lot of expandability. We don’t have to worry about scaling up for the next 5-7 years, says Sreekumar.

Challenge

The bank opted for two boxes of FortiGateTM- 800 deployed in redundancy mode and the FortiAnalyzerTM which monitors the boxes setup as a cluster in active-passive mode. The solution basically has firewall, anti-spam, antivirus and intrusion prevention system modules. The deployment was done in October 2007. The UTM solution is deployed in the bank’s data center in Kochi. It controls all the branches and 2700 users across the country.

• Better spam control • Safe way to enable Internet access in branches without needing

• Better spam control

• Safe way to enable Internet access in branches without needing a dedicated proxy

• Clear road map of products ensures obsolescence is not an issue

• Expandability of solutions ensures that growth will not be a challenge

BENEFITS

Deployment

“The benefit we immediately saw after the deployment was that of better spam control,” Sreekumar says. Earlier, they used to receive lots of spam mail. Now there is absolute control over spam. “We used to get 150-200 spam mails per day, now that has reduced to less than 10!,” he adds. Deploying the Fortinet solution also has opened up a secure way of providing PCs at each branch office. Currently the bank has provided separate Internet connected PCs in each bank, so it is not part of the bank’s closed user group. A pilot is on to ensure that using the Fortinet firewall, it will be safe to provide PCs with Internet access as part of the bank’s network without needing a dedicated proxy. This will ensure that parallel infrastructure is not required at each branch.

without needing a dedicated proxy. This will ensure that parallel infrastructure is not required at each

56

without needing a dedicated proxy. This will ensure that parallel infrastructure is not required at each

Times of India.

Times of India. THE TIMES OF INDIA Application-level security from a single box keeps TOI secure.

THE TIMES OF INDIA

Application-level security from a single box keeps TOI secure.

Business

Bennett, Coleman & Co. Ltd is India’s largest media house. The Times of India Group has many leading publications, some of which have many editions. The group also is into the entertainment media through Radio Mirchi, Planet M, Times Music and Times Multimedia.

Situation

With about 15 centers across India housing 300 or more employees at each center and with round-the-clock Internet access to all, it is no wonder that the media house has a security policy which ensures protection at gateway level as well as at the desktop level. All aspects of content delivery are digital and incorporated into a single workflow. This includes: News gathering, editing, photos/image collection, layout, advertisement sign up collection, approval and so on. 2 mbps lines are provided for each center for Internet access. There are 120 such lines in all. With so many users over the network and using the Internet, it becomes imperative to have intrusion detection—external as well as internal.

Challenge

The TOI group had been using various firewalls and security boxes to ensure security. According to Akhil Chandra, GM, Systems Modernization, there were some problems with that. It was difficult to manage a fragmented system. More importantly, they wanted an application layer control (layer 7). What they had could only monitor and protect up to the network layer (layer 3). Various products were evaluated and at the time of evaluation, only Fortinet could give most of the features they wanted in a single appliance as well as provide layer 7 control.

Deployment

That was in October 2004. Now the media group has various units of FortiGate deployed at eight locations. These include FortiGate 100-A, 200-A and 500-A. The management tool FortiManager is also being used, which according to Chandra is not an expensive option at all. Deployment was easy, as the boxes are very user-friendly.

which according to Chandra is not an expensive option at all. Deployment was easy, as the

57

which according to Chandra is not an expensive option at all. Deployment was easy, as the
The trend now is to go for single appliances that also provide layer 7 or

The trend now is to go for single appliances that also provide layer 7 or application-level security. Fortinet has given us a single box that takes care of our intrusion prevention requirements

that takes care of our intrusion prevention requirements - Akhil Chandra General Manager, Systems Modernization, The
that takes care of our intrusion prevention requirements - Akhil Chandra General Manager, Systems Modernization, The

- Akhil Chandra

General Manager, Systems Modernization, The Times of India Group

Deployment of the units and the training of the team onsite did not take up more than 2 days at all the location. The deployment of units was managed centrally by IT department. Support of the units is also not an issue, because the units are robust and the team itself is able to handle problems if they crop up. Things have been pretty smooth after the installation of the FortiGate units and there have been no intrusions so far. There was no downtime during the changeover from legacy applications to the Fortinet solution, nor has there been any instance of downtime since the deployment. Chandra says that as a

BENEFITS

• Has provided application level security to mission- critical workflow and data

• Network perfrmance has improved ; no downtime

• Single box makes monitoring very easy

• User friendly boxes and software that require little training and support solution

backup option, they have set up a proxy also to detect intrusions and malicious attacks. This is in case the Fortinet units ever fail, but that instance has not cropped up yet, and the group is happy with the performance of the boxes and software. The reporting tool is quite comprehensive and easy to use. Both Internet and network performance have become better, according to Chandra. What he misses is the option of a redundant power supply for low-end units

have become better, according to Chandra. What he misses is the option of a redundant power
58
58
have become better, according to Chandra. What he misses is the option of a redundant power
TATA Communications. Fortinet Powers Tata Communications vUTM Services Tata Communications recently selected

TATA Communications.

TATA Communications. Fortinet Powers Tata Communications vUTM Services Tata Communications recently selected

Fortinet Powers Tata Communications vUTM Services

Tata Communications recently selected Fortinet's FortiGate carrier-class systems as the backbone for its new virtualized UTM (vUTM) service. This is the first time that vUTM services are being offered in India. Virtualized UTM integrates critical security functions including firewall, intrusion detection & prevention, anti-virus, anti-spam and Web content filtering as part of its Managed Security Services portfolio. “Businesses that depend on the Internet for operations are struggling to balance the need to adequately address security issues with budget realities,” said Adam Rice, Vice President of Global Managed Security Services for Tata Communications. “Tata Communications vUTM service changes the whole cost equation by eliminating the cost

of customer premise equipment and providing monitoring and management services to enhance the security value beyond what many enterprises are accustomed to. For organizations with remote locations requiring secure Internet connectivity, our vUTM service delivers high value and very low cost of ownership.” vUTM is targeted at customers who require a secure Internet gateway with a preference for a hosted security appliance instead of a self procured and locally installed firewall in their premises. The physical hardware based on Fortinet security technology is logically partitioned into multiple virtual domains with each domain serving as a distinct firewall with unique policies for that respective customer.

virtual domains with each domain serving as a distinct firewall with unique policies for that respective

59

virtual domains with each domain serving as a distinct firewall with unique policies for that respective
Our systems provide unique virtualization capabilities and carrier-grade security that go beyond other security solutions.

Our systems provide unique virtualization capabilities and carrier-grade security that go beyond other security solutions.

security that go beyond other security solutions. —Patrice Perche, VP, EMEA, Fortinet Tata Communications
security that go beyond other security solutions. —Patrice Perche, VP, EMEA, Fortinet Tata Communications

—Patrice Perche, VP, EMEA, Fortinet

Tata Communications vUTM service is fueled by four Fortinet's FortiGate-5140 carrier-class security systems, which provide a complete suite of security functions at multi-gigabit performance. “With its new virtual UTM service offering, Tata Communications addresses an increasing demand from enterprises to benefit from true value added services from their telco providers,” said Patrice Perche, vice president of EMEA at Fortinet. “Our FortiGate-5000 systems provide unique virtualization capabilities and

carrier-grade security that go beyond other security solutions. By leveraging our virtualized security technology, Tata Communications will be able to offer strong and flexible security that can scale to the current and future needs of its customers, thereby increasing the profitability of their managed security service.”

current and future needs of its customers, thereby increasing the profitability of their managed security service.”
60
60
current and future needs of its customers, thereby increasing the profitability of their managed security service.”
TAFE. Scalability, reliability, and easier management are some of the advantages that TAFE has seen

TAFE.

Scalability, reliability, and easier management are some of the advantages that TAFE has seen after deploying a unified threat management solution from Fortinet.

Business

TAFE (Tractors and Farm Equipment) is a US$750 tractor major based in Chennai, Tamil Nadu. It is among the top five tractor manufacturers in the world. Through its other divisions and wholly owned subsidiaries, TAFE also makes diesel engines, gears, panel instruments, hydraulic pumps, engineering plastics, plantations and passenger car distribution.

Situation

TAFE used a firewall and other security measures, but the growing number of threats in an Internet-enabled world prompted the organization to invest in a standardized security product that would provide protection from the entire range of security threats.TAFE decided to deploy unified threat management (UTM) technology, which would encompass antivirus, Web filtering, content filtering, spam filtering, IDS, IPS, and VPNs. To this end, TAFE explored the features of UTM products available in the market with various vendors. “We created a test

environment for evaluating the UTM boxes and measured the UTM throughput, VPN configuration, firewall capability in blocking unwanted traffic, log management and reports, firewall rule management complexity and support feedback in forums.” says Valavan of TAFE.“Fortinet was selected based on f ire- wall performance, bandwidth, support, VPN compatibility, license terms, pricing, and existing customers’ feedback.” he adds.

Challenge

TAFE has deployed two FortiGate 300A boxes, along with FortiAnalyzer. A team of four people—three from TAFE and one from their partner—were involved in the implementation. A Fortinet representative also assisted in the process. Implementation took about fifteen days. Most of the tasks, such as creation of rules and objects, were done in offline mode. TAFE took a day’s downtime, in order to move the FortiGate boxes to the live environment.

61

were done in offline mode. TAFE took a day’s downtime, in order to move the FortiGate
were done in offline mode. TAFE took a day’s downtime, in order to move the FortiGate
We are satisfied on the implemented UTM features - A Amirtha Valavan , Principal Consultant,

We are satisfied on the implemented UTM features

- A Amirtha Valavan ,

Principal Consultant, Network Security, Tafe

Valavan , Principal Consultant, Network Security, Tafe Valavan recalls one challenge that came up during

Valavan recalls one challenge that came up during implementation. When FortiGate was implemented on the network, the mail service failed completely, because the IMSS server failed to communicate with TAFE’s internal mail server. This was because of existing configurations on the IMSS server—when the fire- wall was implemented on this server, the server could not communicate with internal and external mail servers at the same time, because of these configurations. A change in configuration had the system working smoothly. The

system went live in March 2008.

Deployment

Valavan acknowledges it’s early days yet, but says he’s satisfied with the UTM features of the boxes, though TAFE is still figuring out the intricacies of licensing in the FortiGate system.

He says that reliability, scalability, and ease of management of the system have increased considerably, compared to their earlier firewall.

BENEFITS

• Better scalability, able to monitor all network traffic based on bandwidth, as well as type of traffic

• Improved reliability, availability of accurate data about viruses, traffic, violations and so on

• Easier management

reliability, availability of accurate data about viruses, traffic, violations and so on • Easier management 62

62

reliability, availability of accurate data about viruses, traffic, violations and so on • Easier management 62
United Telecoms Limited United Telecoms Limited Savings have been seen in terms of manpower, additional

United Telecoms Limited

United Telecoms Limited

Savings have been seen in terms of manpower, additional resources and the cost of implementation.

Business

United Telecoms Limited (UTL) is the flagship company of the UTL Group, whose main business areas are telecommunications, networking, turnkey solutions, software development and technology services, and training. It has recently entered the BPO arena with the setting up of UI-CL, an India-based BPO services provider operating from India USA and UK, delivering customer services ranging from technical-support help-desk services to BPO.

Situation

Being a start-up company, information security was very important to UI-CL to protect its data assets and intellectual capital from increased attacks from viruses and network intrusions. A BPO company such as UI-CL has customer-confidential information, which cannot be allowed to be lost, or tampered with. It was necessary to choose one single product that would offer the required security services and perform efficiently at the same time. This was a difficult

task as traditional software solutions, requiring separate purchases—for anti-virus, intrusion detection system (IDS), firewall and VPN products, would increase costs significantly.

Challenge

UI-CL was very satisfied with the performance of Fortinet’s products during evaluation. While other products have one cost for the base product and additional user licensing costs, this was not the case with Fortinet which has no per—user licensing charges.

Deployment

For Internet connectivity, the company chose the FortiGate-200, to deal with network threats such as virus attacks, spam and intrusions. The FortiGate 800, a high-end ASIC-based appliance was set up on the server farm for IDS fuctions. Planning took a few weeks, while configuring and adapting the FortiGate platform to the network took two to three days, Rajagopalan Karthikeyan, Senior Manager, IT, UI-CL, adds

the FortiGate platform to the network took two to three days, Rajagopalan Karthikeyan, Senior Manager, IT,

63

the FortiGate platform to the network took two to three days, Rajagopalan Karthikeyan, Senior Manager, IT,
Biggest menace on a network are spam, viruses, and intrusions—they can d r i v

Biggest menace on a network are spam, viruses, and intrusions—they can drive an IT team crazy,

r i v e a n I T t e a m c r a z
r i v e a n I T t e a m c r a z

- Rajagopalan Karthikeyan

Senior Manager, IT, UI-CL

“The solution was deployed in a couple of hours over the network, once planning was over.” However, things didn’t stop here since security devices need to be fine-tuned continually. The boxes were set up in July-August 2004 and one person from UI-CL and two from Fortinet’s partners were involved in the process. Since the network had to be set up from scratch, there were no compatibility issues involved in setting up the Fortinet boxes. Adds Rajagopalan Karthikeyan, Senior Manager, IT, UI-CL “If you have an existing network, this network security appliance can

BENEFITS

• With the security solution in place, BPO processes are now more efficient, now the company is more comfortable and so are the customers

• The maximum benefit will be derived over the next six to nine months, for a small segment box like Fortinet 200 and the ROI can then be measured

• Savings have been seen in terms of manpower, additional resources and the cost of implementation. This is because Fortinet offered UI-CL provision for unlimited number of users

go in pretty easily. Fortinet’s higher-end boxes have a lot of scalability.” UI-CL faced no major challenges during the implementation of Fortinet boxes since planning was thorough and implementation smooth. Regarding its performance, Karthikeyan says “The login system is fantastic. The Fortinet box can handle available patterns and signatures.” UTL is happy with the clean network, as they haven’t had any virus attacks or intrusions since the system was operational.

happy with the clean network, as they haven’t had any virus attacks or intrusions since the
64
64
happy with the clean network, as they haven’t had any virus attacks or intrusions since the
United Breweries Limited. FortiGate 300 provides the beer company with firewall, antispam and intrusion detection

United Breweries Limited.

FortiGate 300 provides the beer company with firewall, antispam and intrusion detection and prevention features.

Business

United Breweries Limited (UBL) is the leading beer company in India. Founded in 1915 with the merger of five breweries in India, the company is headquartered in Bangalore and commands 50% of the domestic market with brands such as Kingfisher, UB Export, London Pilsner, Zingaro, Sandpiper, Ice, Kalyani Black Label and Jaguar.

Situation

The beer manufacturing giant owns 14 factories and has five regional offices, which are connected to the headquarters through 128 Kbps leased lines running over MPLS. The headquarters hosts email servers and portal applications, which feature employee self-help applications and facilities for tracking sales, promotions and advertising. The head office has a 512 Kbps internet connection, which is used in UB’s Network was ideally suited for Fortigate implementation. Even though challenging, it turned out to be very smooth and UB today relies on Fortinet as the first line of defense into their network and we feel proud to be associated with UB as the security solutions

primarily for email and to allow remote users access to the corporate portal applications. Previously, the company had deployed a software-based firewall that doubled as a proxy server. Though this solution was sufficient at the time that it was deployed, the increasing sophistication and virus attacks, and the deluge of spam mail in the past year compelled the IT team to re-visit its security infrastructure.

Challenge

S Ramakrishnan, controller-IT (Breweries Division) for United Breweries explains that UBL had several requirements in mind as they reviewed the current threats on the Internet and gaps in the company’s security. The new security solution had to protect UBL’s network and mail infrastructure from virus attacks, it also needed to have good web filtering features to restrict the use of Internet bandwidth to authorized activities only and have bandwidth optimization capabilities.The new security solution also needed to have antispam and firewall features. In evaluation tests, UBL found that Fortinet’s FortiGate-300 outclassed the competition on cost effectiveness, manageability and user-friendliness.

that Fortinet’s FortiGate-300 outclassed the competition on cost effectiveness, manageability and user-friendliness. 65

65

that Fortinet’s FortiGate-300 outclassed the competition on cost effectiveness, manageability and user-friendliness. 65
The user interface [of the FortiGate 300] was quite simple, so the learning curve for

The user interface [of the FortiGate 300] was quite simple, so the learning curve for my team was not steep.

curve for my team w a s n o t s t e e p .
curve for my team w a s n o t s t e e p .

- S Ramakrishnan

Controller-IT (Breweries Division), United Breweries Ltd

Explains Ramakrishanan. “The user interface [of the FortiGate 300] was quite simple, so the learning curve for my team was not steep. It was more like a plug-and-play box - with all the security options fully integrated. It helped us manage our organization’s security effortlessly. “Apart from the strong antivirus gateway features, the firewall and antispam capabilities, the FortiGate 300 also provides intrusion detection and prevention features. We had more peace of mind.”

Deployment

After the deployment in October 2004, UBL has seen a dramatic drop in virus attacks on the network and mail systems. With the basic security requirements met, the company has now moved on to activating additional features, such as antispam, on the FortiGate platform and rolling out an organization-wide ERP suite. Ramakrishnan expects that the IT infrastructure in UBL will consolidate and applications will become more centralized in the near future. The challenge then will be

performance and scalability. “Performance and scalability were high priority criteria during our evaluation of security products. Fortinet has also proven itself there, because of its unique ASIC-based hardware acceleration. As we grow our infrastructure, licensing can be an issue with some vendors, but with Fortinet, we do not have to worry about compliance issues because there are no restrictions on the number of nodes behind the firewall.” Implementing an SSL VPN network that connects the many offices, contract manufacturing units and depots is next for UBL. “The encryption methodology implemented by Fortinet’s product and its firewall features will definitely supplement the SSL VPN and the token-based authentication system we are planning to roll out,” says Ramakrishnan. “So far, Fortinet has effectively addressed our needs. I’m sure we can count on them in future, too.”

BENEFITS

• Cost effective

• Better manageability

• User friendly

• Greater intrusion detection & preventation features

• Better manageability • User friendly • Greater intrusion detection & preventation features 66

66

• Better manageability • User friendly • Greater intrusion detection & preventation features 66
Virtusa. Virtusa banks on Fortinet’s technology expertise to ensure that its outer layer of the

Virtusa.

Virtusa banks on Fortinet’s technology expertise to ensure that its outer layer of the networks is secure.

Business

Virtusa Corporation is a global information technology services company that provides IT consulting, technology and outsourcing services. The organization serves Global 2000 enterprises and the leading software vendors in communications and technology, banking, financial services & insurance and media & information industries.

Situation

Virtusa delivers a range of services to its customers. These include IT Consulting Services, Technology Implementation Services and Application Outsourcing Services. It has product partnerships with edocs, Microsoft, FAST, Pegasystems, BMC Remedy and Vignette. Virtusa has also evangelized the concept of Productization, which is its unique methodology to create and consolidate technology assets in organization specific platforms. Virtusa is headquartered in Massachusetts and has offices in U.S., U.K. and Asia. In India, the organization has presence in Hyderabad and Chennai.

Challenge

Virtusa had existing point solutions for its safety on the network. These included firewalls, antivirus, antispam, IDS and IPS solutions. The organization wanted to add a perimeter layer of security to this to be able to handle all the threats. This would ensure that with multiple layers of security in place, the threats to the organization’s security could be brought down significantly. That was almost three years ago. At That time Unified Threat Management was a fairly new technology and there were not many players in That space. “Fortinet’s was the only credible story at the time, which was the reason for us to go with Fortinet’s solutions,” says Vikram Dhanda, head-global IT operations, Virtusa. “Secondly, Fortinet is the only company, as far as I know, that has all the parts done inhouse and thus offers a fully integrated solution. The others work in partnerships or have third party licenses. So we were not keen on outsourcing more solutions, in addition to our existing point solutions,” he adds.

licenses. So we were not keen on outsourcing more solutions, in addition to our existing point

67

licenses. So we were not keen on outsourcing more solutions, in addition to our existing point
The focus of Fortinet on constant improvements is a definite benefit. Over the years, we

The focus of Fortinet on constant improvements is a definite benefit. Over the years, we have seen continuous improvements in the product and delivery

- Vikram Dhanda, head-global IT

operations, Virtusa

delivery - Vikram Dhanda, head-global IT operations, Virtusa Deployment Depending on the capacity of different locations,
delivery - Vikram Dhanda, head-global IT operations, Virtusa Deployment Depending on the capacity of different locations,

Deployment

Depending on the capacity of different locations, Virtusa opted for multiple FortiGateTM- 3600A, 1000A, 400 and 200A. FortiGate-3600A delivers high performance protection against network level and content level threats, while FortiGate-1000A handles large enterprise requirements and 400 and 200A are for smaller networks. These have been deployed in replicated environments in all locations. The deployment was done in a phased manner. “We started with one location and we implemented different services at different points in time and we made sure we were getting the required benefit of that approach before we went to the next level. Then we replicated it across locations,” says

BENEFITS

• Load on the inner security layers has decreased

• Continuous improvement in product and delivery, which brings great value to the company

Dhanda. Since it was all done in a planned manner, there was no downtime. As for training, the organization received training from Fortinet and continues to receive it as and when required.

With the Fortigate boxes securing the perimeter layer, the load on the inner layers has come down. With URL filtering, which is again, Fortinet’s inhouse expertise, and not an outsourced service, the pressure on the inner points has been reduced. “The focus of Fortinet on constant improvements is a definite benefit. Over the years, we have seen continuous improvements in the product and delivery. This is good for us, as it shows our investments also bring in value.”

improvements in the product and delivery. This is good for us, as it shows our investments
68
68
improvements in the product and delivery. This is good for us, as it shows our investments
WNS. Fortinet solution has been good on ROI and other benchmarks yielding expected results for

WNS.

Fortinet solution has been good on ROI and other benchmarks yielding expected results for WNS.

Business

WNS Global Services is a leading provider of offshore BPO services. It delivers value to its customers by bringing operational excellence and deep industry and functional knowledge to their critical business processes. It provides high-quality execution of client processes, monitors these processes against multiple performance metrics, and seeks to improve them on an ongoing basis. The company serves clients in multiple industries that include travel, banking, financial services, insurance, manufacturing, retail, logistics, utilities and professional services. In addition to industryspecific services, WNS also offers a range of services across multiple industries, in areas such as finance and accounting; human resources; supply-chain management; market, business and financial research, and analytical services.

WNS’ provides end-to-end support to its clients across consulting services, BPO delivery and IT solutions. WNS has multiple operation centers in India at Mumbai, Pune, Nashik and Gurgaon. The location utilizing

the Fortinet implementation, WNS Nashik, is primarily into health claims processing as well as caters to other enterprise service requirements. WNS Nashik is certified for ISO 9001:2000, BS7799:2002 security standard and also complies with the HIPAA regulations.

Situation

WNS is in a business where data protection and confidentiality of information is of prime importance. All WNS delivery centers, including the Nashik one, operate 24x7, thus high availability of systems and security is of prime importance. Viruses, malicious scripts, intrusion attempts are the prime threats from Internet. “To protect all underlying infrastructure and ensuring data protection, WNS has put in significant investments towards information security enablers keeping abreast with the changing dynamics of the security domain,” says Arup Chatterjee, CSO-Information Security Risk Management, WNS Global Services. At WNS, all information processing is carried out over secure and private data circuits VPN over Internet.

Services. At WNS, all information processing is carried out over secure and private data circuits VPN
69
69
Services. At WNS, all information processing is carried out over secure and private data circuits VPN
Fortinet is helping us to protect from Virus threats, the past results shows that virus

Fortinet is helping us to protect from Virus threats, the past results shows that virus detection in local network is now completely negligible. Overall, Fortinet has given WNS desired performance and is yielding expected results

WNS desired performance and is yielding expected results However, some of the operational activities and corporate
WNS desired performance and is yielding expected results However, some of the operational activities and corporate

However, some of the operational activities and corporate use bring in the need for access to the Internet. Talking about the challenges faced by a service provider like WNS, Chatterjee points out that virus, DoS attacks are the key challenges in an open Internet environment. However, he adds, intruders go beyond this and new hacking techniques in the form of manual automated intrusion attempts over the Internet have become commonplace and frequent.

Challenge

To protect its IT system from such attacks and intrusions WNS needed a unified security solution that can not only detect but prevent attacks from reaching internal networks from external sources without impacting network performance and ensuring accuracy of detection / prevention. Even though all computing systems are protected with anti-virus solution, perimeter security is essential too for ensuring that all data transactions are filtered at the perimeter. “Fortinet has provided us a unified security solution that incorporates perimeter security in the form of firewall, intrusion prevention

system, gateway antivirus and Internet content filtering,” says Chatterjee. WNS had evaluated other solutions prior to deploying the Fortinet solution benchmarking them against operational requirement, VPN capability, intrusion prevention, support and ROI. “On most of these parameters, Fortinet provided us the expected results packaged in one solution,” says Chatterjee.

Deployment

Since the deployment of the Fortinet solution, virus detection has come down to negligible level at WNS. “Fortinet is helping us to protect from Virus threats, the past results shows that virus detection in local network is now completely negligible,” points out Chatterjee, observing that overall, Fortinet has given WNS desired performance and is yielding expected results. On further expectations from Fortinet, Chatterjee emphasises that secure tunnelling management needs to be easier to build and understand. “Ability to incorporate SSL VPN technology would be an added advantage,” he adds.

BENEFITS

Uni f ied secur i ty solut ion that incorporates perimeter security in the form of firewall, intrusion prevention system, gateway antivirus and Internet content filtering

Virus detection has come down to negligible level in local network

and Internet content filtering • • Virus detection has come down to negligible level in local

70

and Internet content filtering • • Virus detection has come down to negligible level in local
Pantaloon Retail (India) Limited. After implementation of Fortinet solution Pantaloon expects number of business benefits

Pantaloon Retail (India) Limited.

After implementation of Fortinet solution Pantaloon expects number of business benefits from the enhanced network.

Business

Pantaloon Retail (India) [PRIL] is a successful retailing company and plans to grow its business in a big way this year, with the help of new outlets and business ventures. IT will play a critical role in the organisation’s productivity, and the company has crafted a roadmap to ensure that its information infrastructure will scale as required to support business growth. Going by its IT strategy roadmap, as a key effort, PRIL plans to deploy secure nationwide connectivity links. It has also built a sizeable server infrastructure, created a security architecture from scratch and deployed a financial management software. The company also plans to deploy an ERP, set up a B2B portal, put up a Disaster Recovery (DR) site, use Business Intelligence (BI) tools, implement VoIP, and install CCTVs at all locations that can be monitored from a central console and location.

The company began as a textile and fabrics manufacturer in 1987 and its foray into the

retail business was kicked off with the first Pantaloon retail store in Kolkata in 1997. It ventured into other retail business lines and now has 13 Pantaloon stores, nine hypermarket discount stores (Big Bazaars), 13 Food Bazaars and one Central mall in various nationwide locations. The Central mall has restaurants, shopping arcades, toys, books and lifecycle products all under one roof. As we read, the actual number of the outlets is rising at a good pace. The company owns brands like John Miller and Anabelle and has also purchased a few companies such as Indigo Nation and Scullers to add to its business portfolio. It plans to build 20-odd outlets more in the next few months as a part of its business expansion plans.

Situation

The IT strategy has been framed keeping in mind its ambitious growth plans. The highlights are:

Create a robust and reliable information infrastructure.

71

in mind its ambitious growth plans. The highlights are: • Create a robust and reliable information
in mind its ambitious growth plans. The highlights are: • Create a robust and reliable information
We had to design the network so that the ge graphi- cally dispersed workforce would

We had to design the network so that the ge graphi- cally dispersed workforce would have uninterrupted access to the enterprise applications from any corner of the country

from any corner o f t h e c o u n t r y -
from any corner o f t h e c o u n t r y -

- Jitendra Sarode,

Senior Manager, IT infrastructure, PRIL

Keep the large base of customer and financial information secure with no scope of unauthorised access.

Network all offices and outlets of the company to exchange information in real-time.

Use tools to simplify operations and accounting processes across the entire organisation.

Build the IT infrastructure with special emphasis on scalability to allow growth on a large scale.

Keep looking at ways in which the business can reduce costs.

In line with the IT strategy the company has made a number of deployments and has plans to introduce large scale deployments in areas like connectivity, security, server infrastructure, networked storage and enterprise applications.

Challenge

The key to the success of the IT strategy lies in the ability to network all nationwide company locations in a secure and organised manner. PRIL has a head office (HO) in Mumbai, has regional offices in Kolkata and Bangalore, a manufacturing unit and central warehouse in Tarapur (Thane district), zonal offices and retail outlets in various nationwide locations. Due to the company’s geographical spread and critical nature of business, the most significant need laid out in the IT strategy was that of connectivity.

Jitendra Sarode, Senior Manager, IT infrastructure, PRIL has taken up the responsibility of creating a nationwide secure connectivity.

Deployment

Earlier all locations including retail outlets and warehouses were not connected directly to the HO. A group of three or four outlets in a particular vicinity were connected to the nearest regional or zonal office, which, in turn was connected to the HO. “We had to design the network so that the geographically dispersed workforce would have uninterrupted access to the enterprise applications from any corner of the country. As we grow, it is necessary that information from locations is constantly updated to the central servers” explained Sarode. Keeping in mind the need for scalability and complexity that may arise from an organisation that’s growing at a fast pace, Sarode created the blueprint of a VPN architecture to link all the company’s offices to the HO. The VPN network will link all company locations including retail outlets and the manufacturing unit in phases. “In the first phase, we have connected around 24 locations.

retail outlets and the manufacturing unit in phases. “In the first phase, we have connected around
72
72
retail outlets and the manufacturing unit in phases. “In the first phase, we have connected around
“In any store if a particular shirt has high demand, requisition can be made from

“In any store if a particular shirt has high demand, requisition can be made from a central location to ensure the particular item is available. Functionalities like this saves cost and provides transparency in the supply chain,”

—Sarode

and provides transparency in the supply chain,” —Sarode In the second phase, we plan to connect
and provides transparency in the supply chain,” —Sarode In the second phase, we plan to connect

In the second phase, we plan to connect 25 more, depending on the growth pattern. The last mile connectivity will be on Radio Frequency (RF),” explained Sarode.

Information security is a very important consideration in the IT strategy because the network has to handle a large amount of company and customer information. After careful consideration, the company decided to use multi-function device (MFD) - based security rather than point solutions. Following

BENEFITS

• The company expects a number of business benefits from the enhanced network

• Free flow of information between the head office and various nationwide locations

• Easier to create sales and analysis reports

the evaluation of products from companies such as Fortinet CheckPoint, NetScreen and CyberGuard, PRIL chose to deploy a solution from Fortinet called FG500A. “The device allows unified capabilities and is easy to manage and monitor. It is used at the perimeter,” said Vishak Raman, Country Manager India, Fortinet.

and is easy to manage and monitor. It is used at the perimeter,” said Vishak Raman,

73

and is easy to manage and monitor. It is used at the perimeter,” said Vishak Raman,