Paschoalotto Financial Services
Paschoalotto Financial Services is a leading supplier of call-center and tele-billing services to the Brazilian financial industry. Their expertise in the field of credit recovery and personnel management makes them a key piece in the financial industry value chain. Paschoalotto has become a key partner to many financial services companies by providing excellent service to the end customer, as well as by offering new services and expanding the capacity of existing services quickly to meet growing demand.
Delivering Scalable Security in a High-Growth, Highly Regulated Environment
Faced with increasing demand from customers, Alan Cosin, Paschoalotto’s Chief Information Officer, knew the company’s aging security infrastructure needed an upgrade. But finding a vendor that could meet their strict requirements was not straightforward. First of all, any solution had to meet the strictest security requirements, including the ability to block the latest cybersecurity threats, as well as demonstrate a system architecture designed to stop new, emerging threats that regularly endanger the network. Paschoalotto also needed to meet the same government privacy regulations as its clients, in particular the General Law on Protection of Personal Data (GLPPD).
The next requirement was instant scalability. As Cosin explained, “While our main security concern was delivering a robust environment, we needed a solution that was flexible, one that could scale very quickly and not impact the growth of the company.”
The final challenge the team faced was to find a single, integrated solution. Paschoalotto’s previous solution consisted of multiple vendors, which had led to occasional problems. The new solution needed to support two data centers serving seven different locations, as well as protect the company’s private cloud, all under the umbrella of a single, integrated management system. The security team required a single-vendor solution with a wide array of integrated capabilities, including demonstrated interoperability with their VMware-based private cloud infrastructure.
“We wanted centralized management of a single solution,” Cosin explained. “We needed visibility into the entire environment, with a view that would give us a clear picture of the entire company’s security, track our progress, and produce clear reports that we could show to our board of directors.”
Check Point the Clear Winner in Highly Contested Trial
To find a solution that could meet their current and future needs, the security team invited a number of the leading security companies to compete in a rigorous Proof of Concept (POC). After completing the POCs, one solution stood out above the rest in meeting Paschoalotto’s requirements: Check Point.
“The 16K Firewalls, along with the Maestro Hyperscale Orchestrator, CloudGuard IaaS and R80 Security Management, provided a single solution that stood far above the competition,” said Cosin.
Maestro Hyperscale Orchestrator the Cornerstone of a Secure, Distributed Infrastructure
With a highly complex infrastructure to protect, the security team concluded that a distributed architecture provided the most secure, flexible approach. With Maestro Hyperscale Orchestrator coordinating their multiple firewalls, they can now deliver near-instantaneous flexibility and scalability across their network’s multiple nodes.
Check Point offers the only Hyperscale Network Security Solution with the ability to scale existing gateways of any size on-demand, supporting over 50 times their original throughput, within minutes. Based on Check Point’s HyperSync technology, Maestro’s N+1 clustering not only protects an organization’s existing investment but enables cloud-level resiliency and high-availability in an on-premises security solution. Maestro manages all of an organization’s Quantum Security GatewaysTM as a single, unified system, minimizing management overhead. Scaling out is as simple as adding more cluster nodes.
“Check Point’s Maestro Hyperscale Orchestrator lets us add capacity on the fly, allowing us to optimize our network, protect our investment, and provide our customers with the scalability they require,” Cosin emphasized.
Check Point 16000 Next Generation Firewall: High-Speed Protection Against All Attacks
The 16000 Next Generation Firewalls provide the foundation of the company’s security architecture. In addition to the Check Point Intrusion Protection System, the team installed Data Loss Prevention (DLP), Mobile Access Application Control, URL Filtering, Content and Identity Awareness, Anti-Bot, and Anti-Virus Protection. The security team also installed 5200 Firewalls to secure the dedicated network connections to each site and the private cloud. This design established a ring of security that protected both the company’s and its clients’ data from virtually any attack.
Bringing Application-Layer Security to the Private Cloud
The next step for Paschoalotto was to increase the security of their private cloud. As experienced users of VMware NSX, the security team initially felt they didn’t need any additional security protection beyond Layer 4, a feature already provided by VMware NSX. However, during the POC, the Check Point team ran a comparison using two models in parallel (one with CloudGuard IaaS; one without) while under attack by various types of malware. CloudGuard IaaS for NSX, which protects all network layers, including the application layer (Layer 7), stopped application-based attacks that passed undetected without CloudGuard installed. This data convinced Paschoalotto that the application-based protection provided by CloudGuard gave them an invaluable extra level of security for their clients.
According to Carlos Leite, Coordinator for Network and Security: “We were extremely impressed seeing an advanced cloud security attack with and without Check Point because Check Point stopped it. The Check Point and VMware products are also very well-integrated. They work together seamlessly, unifying the cloud and the hardware-based systems, passing along the correct data, and giving us a complete picture of our network.”
R80 Unified Security Management: The Entire Network on a Single Pane of Glass
The selection of Check Point R80 Unified Security Management system became the final critical piece the team needed to meet the security challenges it faced. R80 Security Management provides superior access control with policy organized into layers and sublayers to better manage an organization’s entire Check Point security infrastructure. For Paschoalotto, the team particularly valued the R80’s ability to provide an entire overview of their security network from a single point, as well as the powerful reporting options built into the system. With R80, the Paschoalotto IT group finally had the tools they needed to monitor their network and to respond proactively to potential issues.
“R80 gives us a single pane of glass to look through instead of needing to look in multiple locations,” said Cosin. “It also gives us much more information than our previous system, giving us detailed and thorough reports that we can show our Board of Directors.”
With R80 Security Management system overseeing Maestro Orchestrator and managing every node in their fast-growing network, the Paschoalotto security team felt they had purchased a security system that met today’s needs and would continue to do so into the future.
Security CheckUP Proved Key in Proving Check Point’s Ability to Block Attacks
Two of the critical factors in demonstrating Check Point’s ability to stop the latest cybersecurity attacks came from Paschoalotto seeing the product work with live traffic before making their purchasing decision. The Check Point team conducted a Security CheckUP of Paschoalotto’s existing security system by installing Check Point 16000 Turbos and running them in monitor-only mode with live data coming into Paschoalotto. Over the course of the month-long trial, the Check Point firewalls identified and tracked numerous types of attacks that had bypassed the existing Paschoalotto security system, providing clear evidence that Check Point could stop virtually any attack a malefactor could direct at the company. Similarly, using DemoPoint for CloudGuard IaaS gave Paschoalotto a risk-free way to see that their private cloud could be attacked at the application layer and therefore needed the additional protection CloudGuard IaaS could provide.
“Our number one priority is always to protect our clients’ and their customers’ data,” Cosin explained. “Check Point’s reputation, along with their demonstrated ability to stop all attacks during the POCs, was a key factor in our purchasing decision.”
Maestro Orchestrator: Flexibility, Scalability, Reliability
Before installing the Maestro Hyperscale Orchestrator, increasing capacity meant adding new hardware. It was a time-consuming and costly exercise that impacted the level of responsiveness Paschoalotto could provide its clients. Maestro gives the security team the ability to manage firewall capacity remotely, responding immediately to customer demand.
Cosin gave an example of one client who needed a new 1500-person call center up and running, “almost overnight.” He went on the explain, “If this happens once every now and then, we could handle the demand manually. But if it happens with 4-5 clients at the same time? We needed to be able to handle a much higher level of scalability and flexibility. Maestro allowed us to remodel our entire security infrastructure so that we can deliver an appropriately secure service almost instantly, which is what our customers require.”
Additional Insight, Better Management with R80 Unified Security Software
Network management is sometimes viewed as an afterthought when purchasing comprehensive IT solutions. But to Paschoalotto, the capabilities of the Check Point R80 Management System were central to their decision to partner with Check Point. In a high-growth industry, the ability to manage an extremely complex security network can make the difference between satisfying or losing a customer.
“Centralized management gives us the ability to demonstrate the value of security to the company,” concluded Cosin. “By centralizing everything on a single platform, we can avoid human failures; we avoid potential vulnerabilities; we can effectively guarantee a higher level of maturity when it comes to security. Not only does Check Point give us five times the amount of information than our previous system did, but the quality of the information and the reporting helps train everyone so that security becomes part of our vision as a company.”