As one of Australia's biggest property media companies, Domain Group is a prime target for cyberattacks. However, the agile, fast-moving company did not want to be slowed down by a complex physical security infrastructure. Therefore, to protect its vital media assets and network, the company deployed Palo Alto Networks® Next-Generation Security Platform in its private cloud.
As a result, Domain Group has complete visibility and control of network traffic at the endpoint and edge, as well as in the cloud. Palo Alto Networks Next-Generation Security Platform enables Domain to proactively guard against cyberthreats without slowing down end-user productivity. Moreover, Domain maintains continuous prevention against known and unknown threats with minimal staff overhead, thanks to a comprehensive threat intelligence dashboard. This allows IT and security staff to focus on adding value to the business with assurance that the company's revenue streams are protected.
Publishing Deadlines Don't Wait
Domain Group is a fast-moving, agile enterprise. It's not weighed down by a physical data center. In fact, nearly every aspect of the company runs in a cloud environment, including its network.
Domain's cloud-based network provides site-to-site networking as well as ingress and egress to the internet, all fully secured with Palo Alto Networks Next-Generation Security Platform. The Palo Alto Networks platform comprises the Next- Generation Firewall, Threat Intelligence Cloud and Advanced Endpoint Protection. It delivers application, user and content visibility and control, as well as protection against known and unknown cyberthreats. The Threat Intelligence Cloud provides central intelligence capabilities and automates the delivery of preventive measures against cyberattacks.
To secure Domain's network, two Palo Alto Networks VM-200 virtualized next-generation firewalls were deployed in its Melbourne data center, and a second pair of VM-200 firewalls in Sydney for high availability and disaster recovery. Domain uses the full suite of Palo Alto Networks subscriptions, including Threat Prevention, URL Filtering with PAN-DB, GlobalProtect™ network security for endpoints, WildFire® cloud-based threat analysis, Traps™ advanced endpoint protection, Aperture™ SaaS security, and AutoFocus™ contextual threat intelligence service. The company also uses Panorama™ network security management to centrally manage its hosted network security infrastructure, with support provided through Palo Alto Networks Premium Partner Support services.
Filling a Security Hole for Google Apps
Domain has seen the benefits of Palo Alto Networks Next-Generation Security Platform from one end of its enterprise to the other. That starts right at the business application level.
"The best thing about WildFire is that it's integrated at every level of the Palo Alto Networks platform," Thomas asserts. "Anything suspicious that isn't automatically blocked by Traps, GlobalProtect, or our next-generation firewalls, gets uploaded to WildFire and checked. As a cloud service, WildFire pulls data from all around the world that we can leverage at the edge, desktop and cloud level to stay ahead of exploits we may not even know about. There's no comparison to a traditional onsite database or signature-based solution."
Also key is having AutoFocus as a single dashboard to monitor and respond to threats regardless of where they sit in Domain's environment.
Huggett recalls one particular incident in which the Palo Alto Networks Unit 42 threat intelligence and research team picked up a new Mac exploit. "The Unit 42 folks posted the threat on the AutoFocus dashboard. That gave us immediate awareness of the attack so we could coordinate with our Mac support team to make sure we were properly patched and not vulnerable."
Simplified Administration Frees Up IT for Value-Added Projects
Domain Group has a small IT staff that doubles as a security team to keep the organization lean and efficient. Huggett suggests that wouldn't be possible without the intelligence and automation of the Palo Alto Networks security platform.
"For a lot of companies, firewall monitoring and maintenance can be a full-time job," he says. "Being a small team, we need to let the software do most of the work and just check in on the dashboards from time to time. By going with the Palo Alto Networks security platform, we've been able to support a company that's nearly tripled in size without adding any headcount for networking and security."
Thomas adds, "Security is one of the most important areas of our job, but we don't want it to be the thing that takes up the most time. The Palo Alto Networks platform helps IT spend more time working on projects to help the business grow and increase revenue instead of just managing our security infrastructure. We can stay on top of security without spending all day doing it. That's a real testament to the power of the platform approach."
While Domain is just beginning to use Panorama for central administration of the Palo Alto Networks platform, Dixon is already using it for policy management and to set up additional firewalls.
"The advantage Panorama will ultimately have for us will be to manage firewalls in disparate data centers from one dashboard," he predicts. "It assures us of consistency in deploying firewall configurations and managing policies across our enterprise. And the potential for scale with Panorama is huge. If we decided to deploy firewalls for every site in the company, the additional overhead to manage that would be zero."
Thomas notes, "It all comes down to having our finger on the pulse of the network at any moment of the day. It's a lot easier to get a quick snapshot of your security environment from a centralized dashboard than going to a half dozen places every day, hoping the data you get is right. The way Panorama handles it is brilliant."
Keeping Security Simple Without Sacrificing Control
Domain Group has Premium Partner Support to handle any technical issues with the Palo Alto Networks platform, but the company hasn't needed to call on any help to date. However, based on his experience working with the Palo Alto Networks account manager for Domain Group, Huggett expects prompt, expert support.
"Any time we have a question or want advice, our account manager has connected us with an engineer who can answer our question, usually within an hour," he reports. "Our experience with other vendors is that same scenario could take a whole day after getting bounced from one person to another. Knowing that if we have a problem, Palo Alto Networks will be there to solve it for us straightaway makes such a difference. It comes back to helping us remain productive and protecting our revenues."
Thomas remarks, "The reason we went down this path with Palo Alto Networks was to make network security as simple as possible, but still have as much control and detail as possible even in the cloud. We feel we've achieved that."
He concludes, "We go to industry lunches and hear people talking about problems like people clicking on malicious links that bring down their networks, and we just look at each other. That doesn't happen to us because we have complete control and visibility into what's happening on our network any moment of the day with the Palo Alto Networks Next-Generation Security Platform."