Gaming developer Sega Europe has deployed a next-generation firewall from Palo Alto Networks to boost visibility into traffic on its network, providing functionality not available in its Cisco platform.
Sega Europe is one of three international division of the Japan-headquartered company, with network and security manager, Kashif Iqbal, tasked with enforcing centrally mandated security policies and standards to protect its corporate information from malicious attacks.
Last year, the company decided to invest in Palo Alto Networks' firewall products to enhance its ability to monitor applications used by staff and prevent threats reaching its networks.
“It was one of the requirements that we need the visibility inside the network - what is going on, how many people are using applications such as Skype, and importantly what type of DNS traffic is going though it,” said Iqbal.
“That type of visibility, no other firewall was able to give at the time, although now Cisco is making some claims.”
The main concern for the firm is around loss of data. While it is does not handle PCI data, with customer's financial transactions conducted via the Steam online game store, it has business critical intellectual property data that needs protecting - predominantly games under development at its various studios.
The company has also become more focused on security, with senior executives keenly aware of related risks following a high-profile data breach affecting the wider Sega business in 2011, and are taking a proactive approach to securing its network.
"They fully understand what it is like when you are on that side of the table, so it is a lesson learnt. This has meant investing more heavily in security tools, but also in the approach," he said.
The addition of the Palo Alto firewall is part of the strategy. Although the company is continuing to use Cisco’s ASA system, Iqbal said that the Palo Alto solution and WildFire virtual sandbox - which traps and investigates unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) - offered functionality that was missing in the Cisco tool.
“We are seeking a strength in depth approach, so we have ASA on our perimeters, and Palo Alto as a second layer of protection. With two vendors - if one [misses] it, the second one definitely catches it.”
“Palo Alto offered visibility, WildFire, threat prevention and unified threat management type of features, that was not on Cisco ASA. Cisco bought three or four or five companies [to offer similar services], put them together and they were not talking well with each other. In Palo Alto you don’t have that limitation.”
The WildFire platform has been efficient at discovering suspect activity, he said. “Two weeks ago we had a report and there were around 40 zero days that were being uploaded to WildFire, and about 30 of them were malware.”
One benefit was the threat prevention: “So if there is any vulnerability then we find out. So for example if there is a vulnerability in Firefox which is very critical, Palo Alto puts a signature in threat prevention, we are blocking it at the firewall perimeter, and we can take our time to patch the rest of the PCs in two days, but we know we are safe from the Palo Alto side, so we can protect it. I am not aware of any solution from Cisco that can do that.”
However, there are some drawbacks with using a less recognised tool, he said. “Every time you have a problem with the Cisco solution, the techie guys say they will Google it and find an answer. It will take some time [for Palo Alto] to do that but it is getting there - they are building up a community and the Fuel user group initiative will help us.”