Bank OCBC NISP is one of the oldest and largest banks in Indonesia. Founded in 1941, the bank has approximately 7,000 employees and 340 offices throughout the country.
The bank underwent a period of transformation following a relaunch in 2008, bringing it in line with OCBC, its parent company. OCBC is the second-largest financial services group in Southeast Asia by assets, and is consistently ranked among the “World’s Top 50 Safest Banks” by Global Finance magazine.
“Protecting the business against cybercrime is a major challenge, particularly as we develop a BYOD strategy to allow staff to work from anywhere,” says Filipus H. Suwarno, Technology Security & Governance Division Head, Bank OCBC NISP. Moreover, Suwarno says, “Staff needs valid access, but we have to protect corporate data.”
Suwarno says there are currently 3,000 mobile users within the bank, all of whom need to access corporate data and email. This figure is expected to rise as the business develops a more flexible, mobile approach to working.
Palo Alto Networks® helps by enabling secure access to corporate applications and resources for this mobile workforce. Bank OCBC NISP deployed Palo Alto Networks Next-Generation Security Platform a few years ago, and as international banking has become increasingly digital, the platform – comprising the Next-Generation Firewall, Threat Intelligence Cloud and Advanced Endpoint Protection – has continued to de- liver safe enablement of applications, users and content, as well as protection against known and unknown cyberthreats. The Threat Intelligence Cloud provides central intelligence capabilities and automates the delivery of preventive measures against cyberattacks.
“We compared offerings from several suppliers, and Palo Alto Networks proved to be the most attractive,” says Suwarno.
“The threat protection, threat identification, and management console were of a different standard.”
“With Palo Alto Networks, we have the ability to filter traffic all the way down to the application layers. Additionally, Palo Alto Networks also comes with security profile features, such as antivirus, anti-spyware, VPN, URL Filtering and WildFire features, that are useful in averting both known and unknown threats.”
At Bank OCBC NISP, Palo Alto Networks PA-5060 next-generation firewall prevents threats and safely enables applications over the bank’s internet gateways across two data centers. In addition, the WF-500 appliance provides WildFire® threat analysis service as an on-premise, private cloud to analyze suspicious files in a sandbox environment without the need to send them outside the bank’s network.
“We like the threat protection. We’ve blocked threats; we can automate or intervene manually,” says Suwarno. “Being able to identify threats all the way to the name and IP address is extremely useful. For instance, we can even identify threats coming through malicious web access. It’s that detailed.”
Overall, Suwarno says, time spent managing network security has been halved, even as the business becomes more mobile and digitally native: “There are features in the Palo Alto Networks security platform that help to manage firewalls. For instance, the shadow policy warning during the commit will prevent us from duplicating a policy, the Application Command Center tab helps us to review history of global and specific uses of the policy. Moreover, the Highlight Unused Rules feature can quickly review the policies that never get a traffic hit on an active device.”
The bank, he continues, is now more secure, more mobile and better able to move quickly on new business opportunities: “We’re a digital bank; data protection is a huge issue; and we’re now more agile in the way we develop and bring to market new services. Having our staff able to work from anywhere, securely, has transformed our productivity. The business is flourishing.”
Looking ahead, according to Suwarno, the relationship with Palo Alto Networks inspires confidence: “There are already many things we like about Palo Alto Networks, but we are excited to see how they develop technology specific to the banking sector. I also like the community aspect. I’m keen to see how users can work together to tackle threats.”