Case Study
D Commerce Bank is transforming its security to meet the challenges of a modern banking environment – by placing a showcase Palo Alto Networks network security platform in the vanguard. Innovative features like active/active configuration and AIdriven automation ensure 24/7 compliant banking operations and security alerts have dropped by 50%, increasing operational efficiency.
Geopolitical uncertainty, the rapid digitalisation of banking services, and shifts in underlying IT systems make European banks a top target for security attacks. These cyberthreats can quickly choke everyday corporate and retail customer operations.
D Commerce Bank, a leading Bulgarian financial services organisation, has responded to these challenges with a highly resilient network security strategy using Palo Alto Networks ML-Powered Next-Generation Firewalls (NGFWs). Innovative active/active configuration delivers complete redundancy in support of 24/7 banking operations and compliance. The Bank is more agile now too: the volume of alerts has dropped by 50%, and the NGFWs are decrypting and inspecting 100% of network traffic with the Cloud-Delivered Security Services (CDSS), intercepting threat vectors to stop known, unknown, and zero-day threats, compared with 80% previously.
In brief
D Commerce Bank
Financial Services
Bulgaria
45 branches across Bulgaria
Safeguard the bank from sophisticated state-sponsored and other attackers attempting to target customer identities, assets, and account credentials.
Palo Alto Networks
Network Security Platform:
CHALLENGE
D Commerce Bank is a midsize Bulgarian bank offering a comprehensive portfolio of corporate and investment banking solutions to small and medium-sized enterprises (SMEs), together with consumer retail banking services.
The Bank is continually alerted to sophisticated attackers attempting to target identities, assets, and account credentials. And these attacks are intensifying. Stefan Tsonev, CISO at D Commerce Bank, explains: “In the last six months, we have experienced denial-of-service attacks and exploit attempts on almost a fortnightly basis. As a highly respected financial services provider, our number one goal is to safeguard highly sensitive information from every type of attack.”
One of the reasons for this spike in security threats could be related to the Bank’s geopolitical position. Located on the Balkan Peninsula, Bulgaria faces the ever-present threat of state-sponsored attacks, such as sophisticated botnets used to launch DDoS attacks and other zero-day exploits.
The previous firewalls were evolving to maintain the security of sensitive financial data. However, they lacked the enterprise flexibility and natively integrated protection to manage this ever-increasing threat landscape.
The key priority for D Commerce Bank is to maintain continuous operations. Any changes or updates to the firewall settings, policies, or configurations could have potentially disrupted banking operations. Ensuring minimal downtime during updates and changes was crucial for the Bank.
SOLUTION
Stefan and his team recently embarked on a network security transformation strategy. “We evaluated multiple vendors, but Palo Alto Networks stood out for its breadth of security technologies, proven integration, and simplicity. We were also impressed by their unprecedented investment in R&D. Our Gartner evaluation confirmed these beliefs.”
D Commerce Bank has standardised on a resilient network security strategy based on ML-Powered NGFWs. Two NGFWs are deployed - one in the primary and data centre and one in the secondary data centre, to address data protection, data security, cyber hygiene, third-party risk, and operational resilience.
They operate in an active/active high availability configuration using Route-Based Redundancy. In the unlikely event of a link or firewall failing, traffic is instantly redirected to the functioning firewall. “We are the first active/active customer in Bulgaria, and this HA cluster is ideally suited to our high-performance, scalable network. It helps create defence in depth, meets our 24/7 banking commitment, and ensures we adhere to financial compliance obligations.”
The Bank is also using CDSS, including Advanced URL Filtering, WildFire, and DNS Security. “WildFire provides malware sandboxing and fully integrates with our firewalls to stop evasive and unknown malware and send data to the cloud for analysis. One of the reasons we didn’t choose any of the other firewalls we reviewed was because their sandboxes didn’t integrate with our data centre infrastructure,” says Stefan.
Training has also been provided by Palo Alto Networks. He comments, “Palo Alto Networks Education Services were highly professional. We could learn at our own pace, covering all elements of the technology from fundamentals to specialised role-based learning.”
RESULTS
Palo Alto Networks is effectively addressing current cyberthreats, safeguarding customer data, facilitating regulatory compliance, and ensuring operational effectiveness.
The platform offers multiple benefits, including that it: