Network Security System in Mahesh Bank

AP Mahesh Cooperative Urban Bank of Hyderabad has become one of the few banks in the country to have a full-scale network security solution ensuring security of both its internet and intranet applications.

The bank has recently deployed FortiGate network security platform and FortiAnalyzer centralized reporting appliances to secure its data center and network of 39 branches. Alongside, the bank has also deployed the purpose built FortiOS 4.3 security operating system that brings in the ability to deploy Fortinet’s UTM inspection capabilities, including firewall, IPS, application control, VPN and web filtering. “Today, with this implementation, we have a virtualized framework with different security policies for internet and intranet users,” says Milind Rajhans, AGM-IT & CISO of the bank. “The system is equipped with 3G connectivity in failover mode. In case the main MPLS connectivity fails, there will be an automatic dialup using the 3G connection. There exists common policies for users to access applications by enabling a broad range of security features including antivirus, antispam, web filtering, VPN, intrusion prevention and application control. In addition, it also provides visibility to IT administrators by analyzing the network and reporting anomalies,” says Rajhans. The bank was the first cooperative urban bank in the state of Andhra Pradesh to computerize all its branches and is one of the few cooperative banks that have automated its operations. It was also the first cooperative bank to be accorded scheduled bank status by the Reserve Bank of India and today, it has presence in three states across India, with 39 branches nation-wide.

Need For Security

The bank had a basic security solution in place and this was not adequate enough protect the network from advance threats, says Rajhans. A perimeter level enterprise class security solution was needed to protect the data and applications in the network. “So, we had to deploy centralized policies to control the internet and intranet usages at the branches and also ensure they were securely connected to the main network .More importantly we needed a complete security revamp to meet RBI guidelines,” he says recalling the system prevailing in the bank. “We were adding more customer services and resilient security architecture was mandatory to provide perimeter level security at branches, secure data, ensure complete control of the network with visibility and adhere to the guidelines of RBI. We needed to plan, design and deploy a security framework that would meet the industry standards,” he says, adding FortiGate-40C appliance was the ideal choice.

Advantages

Rajhans explains the advantage of FortiGate-40C appliances: “The appliance also supports FortiGuard security subscription services that deliver dynamic, automated updates to help ensure up-to-date protection against sophisticated threats. In addition, the appliances support a web-based GUI, single pane of glass management console and on-board reporting, as well as data loss prevention, vulnerability management and WAN optimization. These combined capabilities are essential to secure data in transit as well as remote networks from which data is originating. The FortiGate-40C is a single device that integrates comprehensive enterprise-grade protection with a broad range of wired and wireless connectivity options. It enables you to deploy a high performance, highly secure remote infrastructure with one appliance that’s easy to set up and centrally manage.”

Appliance at each branch

Rajhans says the bank’s 39 branches have each deployed FortiGate-40C appliance to extend edge security,

providing secure network access via VPN. They also serve as routers to connect the branches to the internet

via MPLS. Using a centralized network security policy, the head office now has complete control of the internet and application usage as well as transactions conducted at every branch. “In case the main internet connectivity fails, there will be an automatic dialup using the 3G connection. This 3G connectivity feature was not available in competitive products. The two FortiGate-300C appliances implemented at our data center have a virtualized framework with different security policies for internet and intranet users. The edge FortiGate solutions work together with these appliances to define common policies for users to access applications by enabling a broad range of security features. A FortiAnalyzer-200D centralized reporting appliance provides visibility to IT administrators by analyzing the network and reporting anomalies,” he elaborates.

Ideal Solution

Rajesh Maurya, country manager, India & SAARC, Fortinet, explains that the bank had found that FortiGate virtualization capabilities perfectly met its needs to secure both its internet and intranet applications. “The network security platform’s comprehensive functionality, stability, scalability and low total cost of ownership convinced Mahesh Bank touse Fortinet exclusively in its network. The bank required link load balancing to comply with RBI guidelines. In case the main internet connectivity fails, there will be an automatic dialup to the secondary internet connection.” Maurya says the foundational building block of Fortinet’s Advanced Threat Protection Framework is the FortiOS network security platform that runs on its flagship FortiGate physical or virtual appliances. “On its own, FortiOS delivers a strong baseline of capability across all five components of access control, threat prevention, threat detection, incident response and continuous monitoring. However, financial institutions can choose to extend that capability with integrated add-ons including FortiSandbox to detect the most sophisticated threats, FortiAuthenticator to scale strong authentication for larger organizations, FortiAnalyzer for richer and deeper reporting, FortiManager for consolidated monitoring and management of larger deployments, and FortiGuard services as well as partner integrations in the areas of anomaly detection, threat intelligence and security management for faster response and a bigger picture.