In the past five decades, Botswana Power Corporation (BPC) has played an integral role in developing Botswana. The organization provides energy transmission and distribution across the country. Moving forward, BPC is increasing the use of renewable energy in its mix as it continues to bring electricity to underserved rural areas and empower citizens.
Evolving Security for Digital Transformation
From lighting up classrooms and connecting students to the world through the internet, to powering the plants that provide clean water, BPC has helped build the nation of Botswana. Digital transformation is shaping its next steps into the future. As part of a larger digital transformation strategy, BPC undertook a security assessment to align its cybersecurity posture with its business goals and the current threat landscape.
Power organizations like BPC operate and maintain strategic infrastructure, which has increasingly come under cyber attack. Making matters worse, organizations in Africa are targeted more than those on any other continent. According to Check Point Research, an average of 1,848 attacks per week target an organization in Africa compared to 1,164 attacks per week for organizations globally. Ransomware attacks lead the pack, with email as the most prevalent attack vector.
“From our initial security assessment, it was clear BPC needed to evolve its security posture,” said Godfrey Mathumo, IT infrastructure and Operations Manager for BPC. “Previously we had used multiple security vendors and solutions, but they were not keeping pace with digital transformation and the evolving threat landscape.”
Upgrading security involved taking many factors into consideration. As a power company, BPC endpoints include not just desktops, laptops, and servers—they also include supervisory control and data acquisition (SCADA) and operational technology (OT) systems located in substations and power plants. BPC’s environment had become even more complex when the pandemic forced many employees to work remotely, relying heavily on mobile and BYOD devices, cloud access, and internet connectivity. The security operations team needed to ensure comprehensive security and visibility across all of its environments—enterprise, endpoints, cloud, collaboration, SOC, and OT.
BPC had also adopted National Institute of Standards and Technology (NIST) and ISO 27001 as governance frameworks for monitoring security posture. It needed an easier way to measure progress and compliance performance against these standards.
A Strong Defensive Framework
BPC’s security assessment spanned every area of the organization, from endpoints and mobile devices to cloud and virtual environments. In addition to upgrading security infrastructure, the team wanted to improve security controls and manageability.
“We chose Check Point for our upgrade,” said Mr. Mathumo. “Not only did Check Point address all of our environments, it provided specific control capabilities that we needed combined with the visibility to see everything, everywhere.”
Check Point Quantum Security Gateways in high-availability clusters form the network security infrastructure cornerstone. They provide ultra-scalable protection from sophisticated Gen-V cyber attacks against networks, data centers, OT, and users. Quantum is powered by Check Point ThreatCloud, which combines AI technology with big data threat intelligence to prevent the most advanced attacks while reducing false positives.
“Check Point Quantum Security Gateways are not just firewalls,” said Mr. Mathumo. “They deliver everything—IPS, application control, threat emulation and extraction, identity awareness, and more. We can see our applications across the organization. We can see VPNs and how they are secured. We can even see compliance with our governance frameworks.”
CloudGuard Network Security protects BPS assets and workloads to, from, and across the organization’s Azure and AWS public clouds, as well as in its VMware ESXi virtual environment. Industry-leading advanced threat protection and single-pane-of-glass management make it easy for the BPC team to ensure they have the same comprehensive security protection in the cloud as on premises.
“We needed to manage and monitor user identities as they accessed our cloud from outside the network,” said Mr. Mathumo. “With our Azure cloud, AWS cloud, and VMware ESXi environments connected to CloudGuard, we can see everything. CloudGuard makes it easy to monitor and manage our cloud security posture.”
Protecting Users and Devices
The BPC team manages more than 1,300 endpoints. They deployed Check Point Harmony Endpoint to prevent the most advanced threats from affecting users and devices. Harmony Endpoint automates 90% of attack detection, investigation, and remediation tasks. It identifies ransomware behaviors and safely restores ransomware-encrypted files automatically. Zero-phishing technology identifies and blocks the use of phishing sites in real time. BPC is also protected from malware, file-less attacks, and credential theft.
“Check Point Harmony Endpoint is one of the most brilliant solutions we’ve seen,” said Mr. Mathumo. “With endpoints under management, we can ensure they are compliant with our policies. We can dictate which devices and software versions can connect to our network to minimize the risk of threats entering through endpoints.”
Check Point Harmony Mobile also is applied to all mobile devices. It delivers the same granular visibility in managing device security and isolating any device that might be compromised. Check Point Email & Collaboration extends visibility and protection into BPC’s Office 365 and Microsoft environments. It blocks advanced phishing, malware, and ransomware attacks before they reach the inbox, and it prevents sensitive business data from leaving the organization.
“Check Point Infinity SOC also has been great for us,” said Mr. Mathumo. “Now, our SOC team can see any vulnerability across our network, clouds, endpoints, mobile, and OT environments. Infinity SOC allows them to quickly expose, investigate, and shut down attacks.”
The new security infrastructure has dramatically improved BPC’s security posture. Prior, the BPC team was dealing with thousands of malware and phishing attempts. With Check Point automatically handling prevention, as well as detection, investigation, and remediation, threats have dropped to almost zero.
“Central management has greatly simplified everything,” said Mr. Mathumo. “We can manage all of our gateways deployed in multiple places in one pane of glass. We can manage all policies in one place. Check Point enables us to ensure consistent protection everywhere.”
Securing the Business
Maintaining IT compliance with NIST and ISO 27001 benchmarks is an ongoing objective, but ensuring high security standards for all parts of the business is just as critical. Harmony Email & Collaboration and CloudGuard defend the company’s Microsoft cloud-based solutions. Integration with enterprise platforms has been a huge benefit as well.
“We’ve integrated Check Point with our SAP ERP environment,” said Mr. Mathumo. “Now we can ensure that our devices and users are secure—especially in the finance area—and we can see the posture at a glance. This has been one of the biggest benefits of our Check Point solutions.”
Earning Management’s Confidence
Check Point reporting capabilities have enabled the BPC IT team to document vulnerabilities, threat activity, and compliance gains. They know what’s going on and can confidently report status to upper management to demonstrate that the company is operating securely.
“With Check Point, we’re able to quantify our security,” said Mr. Mathumo. “Our management team is very enthusiastic because they can actually see the control we have. We can show where a vulnerability might exist or report that we’re 100% compliant. Reporting visibility is invaluable for executive decision-making and planning.”
Check Point Professional Services helped BPC map its security architectural requirements and identify the most optimal solutions for today and tomorrow. The Check Point team transferred knowledge and best practices to the BPC team and continues to provide monthly updates and assistance.
“I would give Check Point Professional Services and support a 10 out of 10,” said Mr. Mathumo. “Whenever we need assistance—24×7—we call and they respond immediately. Check Point delivers a secure environment and has done well for us. We would definitely recommend them.”