By Amit Sharon, Head of Global Customer Community & Market Intelligence, Check Point
Paschoalotto Financial Services is a leading supplier of call-center and tele-billing services to the Brazilian financial industry. I met with Alan Cosin, Chief Information Officer at Paschoalotto, to learn more about how the firm implemented a flexible security architecture that can meet stringent customer requirements and scale instantly in an environment of hyper-growth.
Paschoalotto has become a key partner to many financial services companies by providing excellent service to end customers, as well as offering new services and expanding the capacity of existing services quickly to meet growing demand. When its aging security infrastructure could no longer keep up with changing customer requirements, the company looked for a comprehensive solution that could block the latest cybersecurity threats, while offering centralized management. The new solution needed to support two data centers serving seven different locations and interoperate smoothly with its VMware-based private cloud infrastructure.
Amit Sharon: Your organization has a very complex infrastructure that spans multiple sites as well as the cloud. What approach did you employ to protect it?
Alan Cosin: Our security team concluded that a distributed architecture provided the most secure, flexible approach. We deployed Check Point Maestro Hyperscale Orchestrator to coordinate our multiple firewalls, which lets us deliver near-instantaneous flexibility and scalability across our network’s multiple nodes. Check Point’s Maestro Hyperscale Orchestrator not only protects our organization, but lets us add capacity on the fly, allowing us to optimize our network, protect our investment, and provide our customers with the scalability they require.
Amit Sharon: New threats are emerging all the time. How do you ensure that the network perimeter remains safe from bots, viruses, and other new threats?
Alan Cosin: Check Point 16000 Next Generation Firewalls provide the foundation of our security architecture. We installed the Check Point Intrusion Protection System, along with Data Loss Prevention (DLP), Mobile Access Application Control, URL Filtering, Content and Identity Awareness, Anti-Bot, and Anti-Virus Protection. Our security team also installed 5200 Firewalls to secure dedicated network connections to each site and the private cloud. This design establishes a ring of security that protects our own data, as well as our clients’ data, from virtually any attack.
Amit Sharon: Your organization is also using VMware NSX private cloud infrastructure, which provides some security features. How does Check Point enhance your protection of this environment?
Alan Cosin: We initially felt that we didn’t need any additional security protection beyond Layer 4, a feature already provided by VMware NSX. However, during the POC, the Check Point team ran a comparison using two models in parallel—one with CloudGuard Network Security; one without—while under attack by various types of malware. CloudGuard for NSX, which protects all network layers, including the application layer (Layer 7), stopped application-based attacks that passed undetected without CloudGuard installed. We were extremely impressed seeing an advanced cloud security attack with and without Check Point, because CloudGuard stopped it. The Check Point and VMware products are also very well-integrated. They work together seamlessly, unifying the cloud and the hardware-based systems, and give us a complete picture of our networks.
Amit Sharon: With so many security solutions working together, how do you manage and monitor your environment, and stay out in front of issues?
Alan Cosin: The Check Point R80 Unified Security Management system gives us a single pane of glass to look through instead of needing to look in multiple locations. It also provides us much more information than our previous system, giving us detailed and thorough reports that we can show our Board of Directors.
Read the full story here.