Case Study

Naranja X’s Innovation and Customer Data Protected with a Comprehensive Security Orchestration Strategy

In brief

Customer

Naranja X

Organization Size

3,000+ employees

Country

Argentina

Industry

Financial Services

Products and Services

Bank cards, loans, insurance, tourist packages and payment service provider.

Partner

N/A

Challenges

  • Ensure increased security across the environment after migrating to the Cloud.
  • Effectively control the diverse types of access in the work environment, particularly as related to home office services.
  • Improve the user experience.
  • Protect their customers’ data integrity to ensure compliance with their sector’s regulatory requirements.
  • Increase agility in the implementation and decision-making processes to favor the business.

Requirements

  • Enhance network visibility.
  • Streamline network administration tasks.
  • Optimize security with Zero Trust.

Solution

Palo Alto Networks Solutions: Prisma Access; on-premises firewalls (PA-7050), cloud firewalls (VM300) in active-active HA, and Cortex XSOAR extended security orchestration and automation platform to create a fully secure environment.
INTRODUCTION

The Naranja X Pillars: Consistent Disruption and Transformation

After more than three decades, Naranja X, Argentina's largest credit card issuer, has reinvented itself to become a FinTech with a bright future ahead. It migrated to the Cloud three years ago, where it had to maintain the same protection levels it kept with its full operation on-premises. It decided to eliminate network security technology that did not provide the required scope and replace it with Palo Alto Networks for this new scenario, obtaining much more than just protection.

Naranja X began 35 years ago as a sport shoe store extending and tracking credit via a paper card for each of their customers. It has gone on to hold a place in its country’s financial market by becoming a Fintech that provides a massive platform for access to goods and services through its app and more than 180 branches. Its credit card represents Argentina’s largest number of issued credit cards, offering exclusive e-commerce and banking services to more than five million customers nationwide.

Its entire focus is customer-oriented, as it seeks to make life easier for its customers based on two fundamental pillars: constant innovation and best-in-class cybersecurity to keep employees and customers secure today and into the future.

BACKGROUND

The Implications of Evolving into a FinTech, from an On-Premises World

Naranja X comes, like most companies, from the era in which its business was based entirely on face-to-face interactions. In 2019, just before the coronavirus outbreak, it evolved its business model to become a Fintech provider. Its goal was to lead the financial services market through virtual banking, with an ecosystem where customers can have both a credit card and a savings account to make payments, contract services, make purchases and manage all their finances.

Like many Fintechs, Naranja X focuses on ensuring the continuous optimization of the customer experience as well as deploying modern technology via a Cloud-based strategy. Naranja X knows that strengthening its investment in technology will enable them to provide an outstanding customer experience, along with superior solutions to maintain and extend their market leadership.

Also, in a business environment that turned to digitalization before the pandemic outbreak, and with 100% of employees working from home offices full-time, (except for a few face-to-face meetings per month), Naranja X must ensure its compliance with strict regulatory, auditing and security requirements dictated by its industry.

Network and business security is critical for Naranja X to protect data integrity as well as to ensure high availability for both their customers and employees.

CHALLENGE

For a budding FinTech company, security is above everything else—but also a major challenge

Naranja X’s main challenge was to emulate the security levels the organization achieved on-premise in the cloud. “By default, Cloud environments, in general, tend to provide native security, but for a company like ours, it did not provide the security we needed, which meant that we had to tighten the screws, maintain our standards and take them to the same level in the Cloud,” said Gabriel Muñoz, Senior Security Engineer at Naranja X.

Another challenge for the company’s IT team was managing thousands of users with specific administration privileges across a wide range of environments, while also maintaining remote user productivity and satisfaction. The company also sought to increase security awareness, since as a financial services company, strict regulations must be followed, and their security framework must be able to support them.

“The objective of having extreme security and control, and that not all employees can have access to everything, is to protect our customers’ data integrity and prevent potential data leaks. That is the core point of everything we do,” explained Gabriel Balástegui, Tech Lead NetSecOps IT Team at Naranja X.

Like his team members, Gabriel was clear that Naranja X had to take their security to the next level. In addition to providing protection in the Cloud, the company focused on its priority to facilitate and improve network security management across its distributed firewalls, while overseeing all traffic meant that they must access multiple technologies individually.

During the initial phase of this project, the notion of moving to a new security provider was not well received since employees already had extensive expertise with their existing Cisco and Fortinet products and were hesitant to learn new technologies. Thus the new solution had to be intuitive and provide a seamless transition in order to maintain employee satisfaction and productivity.

"By default, Cloud environments provide an inbuilt level of native security within, but for a company like ours, it did not provide the security we needed, which meant that we had to tighten the screws, maintain our standards and take them to the same level in the Cloud."

Gabriel Muñoz

Senior Security Engineer at Naranja X

REQUIREMENTS

Optimize security and efficiency, even in times of transformation

Beyond trying to emulate the levels of security they had before becoming a Fintech company, a major challenge Naranja X faced was they did not have centralized visibility of their network traffic. Furthermore, since the firewalls were not consolidated, the on-going configuration and management of their network security all had to be done manually on an individual basis. Both aspects represented a huge investment of time by the IT Division, and an incomplete security solution decreased their ability to ensure efficiency and control.

Another requirement for the company was to apply the principles of Zero Trust, which is based on the premise that attackers can be inside or outside the organization’s network and no user should be trusted by default. The existing Naranja X security infrastructure did not allow the company to achieve Zero Trust; therefore, preparing for the model meant creating a policy structure, configuring it across all firewalls including applying decryption, along with multiple additional steps that if done manually would be very costly.

SOLUTION

Technology Triad Providing a Holistic Security View to Naranja X

Naranja X chose Palo Alto Networks to facilitate their security transformation and enable them to migrate to the Cloud confirming their status as a Fintech leader. The solutions included Prisma Access, on-premises nextgeneration firewalls (NGFWs), Cloud NGFWs and Cortex XSOAR. The strength provided by all four integrated and orchestrated technologies ensures solid security levels, with greater control and full visibility of traffic in the Cloud and the different networks operated in their physical data centers.

Prisma Access —providing secure connectivity for both on-premises and Cloud business segments—represents the gateway to network services for internal employees and outsourced personnel. “The solution truly lends a hand with its unified endpoint agent Global Protect.

It provides security for users without being intrusive, with policies, posture controls and other elements that give them peace of mind while making it easier for us to control the different types of access. Since we implemented Prisma Access before the pandemic, it was very helpful when all Naranja X personnel migrated to a fully remote operation since secure access to all corporate resources remained consistent, with the same levels of security as if connecting from the company office. Users connect to the company through a proprietary Naranja X app that consumes microservices that pass through the Palo Alto Networks infrastructure.” says Pablo Miranda, Senior Security Analyst at Naranja X.

Prisma Access protects the hybrid workforce with the superior security of ZTNA 2.0 while providing exceptional user experiences from a unified, cloud-native security product. Muñoz adds, “We appreciate that users identified in Prisma Access have access based on their profiles, which are managed by the Global Protect application and shared by all the firewalls. It allows us to use the ACC (Application Command Center) to see traffic that was not visible before, and makes it easier to detect threats or determine the need for an update or anything else.”

As for the firewall infrastructure, since most of its data center is on-premises, Naranja X has two PA-7050 2nd gen to protect the integrity of the company’s customer data through its permanent traffic inspection capabilities. In the Cloud, the eight VM300 NGFWs prevent data leaks and inspect traffic since all company accounts (currently in AWS, although it also plans to use IBM and Azure) pass through Palo Alto Networks security when going to the Internet. Naranja X follows the Palo Alto Networks architecture configuration best practices, although the brand’s versatility allows it to be easily tailored to meet current and future business needs. When considering all their services across multiple clouds, about 34 TB of data passes through the Naranja X applications every month - all protected by Palo Alto Networks security.

The company continues to mitigate risks, reinforcing its security and high availability strategy. Its macro architecture roadmap includes the deployment of up to 16 firewalls for the different regions and all the organization’s data centers. The company intends to protect all network traffic by utilizing firewalls to inspect north-south traffic (client to server) and east-west traffic (server to server) to seamlessly secure the entire environment.

In this scenario, Cortex XSOAR, Palo Alto’s security automation, orchestration, and response platform, is the backbone of the Naranja X infrastructure. The firewalls report their traffic log to data lake (implemented on-premise and through Prisma Access for now), which feeds XSOAR for analysis. By next year the company’s’ data lake will also be supported in the Cloud to visualize all company traffic, analyze it as a whole and detect threats in real-time in every nook and corner of its infrastructure.

"The [Prisma Access] solution truly lends a hand with its unified endpoint agent Global Protect. It provides security for users without being intrusive, with policies, posture controls and other elements that give them peace of mind while making it easier for us to control the different types of access."

Pablo Miranda

Senior Security Analyst at Naranja X

BENEFITS

There is Nothing like a Unified Security Platform to Mitigate Risks and Streamline Operations

“For Naranja X, maintaining security and high availability while providing an exceptional user experience has always been a top priority. Migrating to Palo Alto Networks and having an integrated and orchestrated security solution has allowed them to exceed this goal. Today, users quickly and securely access different services, applications, and data from wherever they are. The IT team, with its full network environment visibility, can now react to threats quickly and comprehensively.

Balástegui is forceful when speaking of the advantages obtained: “Having a single site concentrating all traffic data for queries has an enormous value for us and significantly reduces troubleshooting times. Having everything unified in the overview simplifies our work, as it allows us for example, to set up configurations and deploy the same policy on different firewalls at the same time. Also, we must highlight the business benefits obtained by quantifying the 99.99% availability in many of the services and the zero outages that encouraged the business departments to adopt the Palo Alto Networks solution happily.”

In this sense, the high availability levels offer the business real savings since it directly supports their customers need for continuous access to the applications and their financial transactions. Naranja X believes that the robustness provided by the Palo Alto Networks platform to adequately support all its requirements, preventing security or unavailability issues, is priceless.

By funneling all outgoing traffic in each Amazon region through Palo Alto Networks firewalls, the company has built significant resources that allow even the remaining firewall deployment project to pay for itself and will continue to save them money in the future. From the Business Units’ perspective, their initial resistance to change and new technology is a thing of the past. As the tool is easy to use, users connect without a problem. Furthermore, as the policies are not intrusive, internal and external employees performance and efficiency expectations are exceeded, creating an overall positive user experience.

Something must be said about the IT team’s day-to-day life too. The accompaniment of Palo Alto Networks and its level of support escalation give the team peace of mind, as does the ease of deployment of its technology. “This is important, especially in times like the pandemic, when we had to expand remote access capacity as quickly as possible,” said Muñoz when referring to Prisma Access.

Muñoz continues “Traditionally, we might have had to wait weeks to import a firewall and buy the surrounding connectivity for deployment. With Prisma Access, we achieved it in hours. It was invaluable for Naranja X to have thousands of remote users connected from home through Palo Alto Networks technology in a matter of days, especially when considering that this was a new tool for them”.

Implementation of the firewalls also provides positive experiences; centralizing the landscape makes it easier to quickly deploy common features, which was extremely useful during the pandemic. According to Miranda, migrating the infrastructure to Palo Alto Networks was simple and fluid, with help from the brand’s support team and the existing documentation. “Today, a firewall’s deployment in the cloud takes hours, and automation with scripts takes minutes,” he said, applauding the versatility of the brand’s technology.

With the technological base that they are putting together, Naranja X is preparing to continue moving forward with its security strategy. Recognizing that they are not exempt from an attack, the plan is to start tackling Zero Trust; that is, viewing the network not only as a perimeter but in a compartmentalized manner and achieving end-to-end protection with more granular control aimed at mitigating threats and reducing them to the lowest levels possible. With Palo Alto Networks technology, they believe they will be able to do this to benefit the business and its customers.

"Having a single site concentrating all traffic data for queries has an enormous value for us and significantly reduces troubleshooting times. Having everything unified in the overview simplifies our work, as it allows us, for example, to set up configurations and deploy the same policy on different firewalls at the same time. However, we must highlight the business benefits obtained by quantifying the 99.99% availability in many of the services and the zero outages that encouraged the business departments to adopt the Palo Alto Networks solution happily."

Gabriel Balástegui

Tech Lead NetSecOps IT Team at Naranja X

CONCLUSION

With Their Eye on The Future

Naranja X recently reinvented its business, which was not a minor feat. It understood from the onset that it would be impossible to change with its current technology and decided to venture into new scenarios, migrating to the Cloud and strengthening security with a new supplier. Today they know that they made the right decision. It has been a journey with many lessons learned, leading them towards a new, fully digital era at 100% and laying the foundation for constant innovation.

Thanks to the Palo Alto Networks solutions, the company’s IT Division is happy with the infrastructure it has built, which allows it to truly support the business based on the possibilities offered by the tools it uses to continue providing the best customer experience in a safe and modern environment.




To learn more about Prisma Access, visit us at www.paloaltonetworks.com/sase/access

For more information on any of the products mentioned here and more, visit us at www.paloaltonetworks.com