at a glance

CHALLENGE
Prevent cyberattacks from compromising vital media assets and disrupting workflows critical to the company’s revenue streams.

SOLUTION
Palo Alto Networks Next-Generation Security Platform hosted in Domain Group’s private cloud to provide granular visibility and intelligent control over private network and internet traffic from endpoints to the data center.

SUBSCRIPTION
Threat Prevention, URL Filtering (PAN-DB), GlobalProtect, WildFire, Traps, Aperture, AutoFocus, Panorama

APPLIANCES
VM-200 (4)

SERVICES
Consulting Services, Education Services

RESULTS

  • Assured network security in the cloud without sacrificing control
  • Gained greater visibility of network traffic at the endpoint, edge and cloud level
  • Simplified policy creation and management across a virtualized security environment
  • Tripled company size without adding network and security staff
  • Freed IT staff to focus on value-added projects for the business

Background
As one of Australia's biggest property media companies, Domain Group is a prime target for cyberattacks. However, the agile, fast-moving company did not want to be slowed down by a complex physical security infrastructure. Therefore, to protect its vital media assets and network, the company deployed Palo Alto Networks® Next-Generation Security Platform in its private cloud.

As a result, Domain Group has complete visibility and control of network traffic at the endpoint and edge, as well as in the cloud. Palo Alto Networks Next-Generation Security Platform enables Domain to proactively guard against cyberthreats without slowing down end-user productivity. Moreover, Domain maintains continuous prevention against known and unknown threats with minimal staff overhead, thanks to a comprehensive threat intelligence dashboard. This allows IT and security staff to focus on adding value to the business with assurance that the company's revenue streams are protected.

Summary

Publishing Deadlines Don't Wait

Domain Group is a fast-moving, agile enterprise. It's not weighed down by a physical data center. In fact, nearly every aspect of the company runs in a cloud environment, including its network.

Domain's cloud-based network provides site-to-site networking as well as ingress and egress to the internet, all fully secured with Palo Alto Networks Next-Generation Security Platform. The Palo Alto Networks platform comprises the Next- Generation Firewall, Threat Intelligence Cloud and Advanced Endpoint Protection. It delivers application, user and content visibility and control, as well as protection against known and unknown cyberthreats. The Threat Intelligence Cloud provides central intelligence capabilities and automates the delivery of preventive measures against cyberattacks.

To secure Domain's network, two Palo Alto Networks VM-200 virtualized next-generation firewalls were deployed in its Melbourne data center, and a second pair of VM-200 firewalls in Sydney for high availability and disaster recovery. Domain uses the full suite of Palo Alto Networks subscriptions, including Threat Prevention, URL Filtering with PAN-DB, GlobalProtect™ network security for endpoints, WildFire® cloud-based threat analysis, Traps™ advanced endpoint protection, Aperture™ SaaS security, and AutoFocus™ contextual threat intelligence service. The company also uses Panorama™ network security management to centrally manage its hosted network security infrastructure, with support provided through Palo Alto Networks Premium Partner Support services.

Filling a Security Hole for Google Apps

Domain has seen the benefits of Palo Alto Networks Next-Generation Security Platform from one end of its enterprise to the other. That starts right at the business application level.

"The best thing about WildFire is that it's integrated at every level of the Palo Alto Networks platform," Thomas asserts. "Anything suspicious that isn't automatically blocked by Traps, GlobalProtect, or our next-generation firewalls, gets uploaded to WildFire and checked. As a cloud service, WildFire pulls data from all around the world that we can leverage at the edge, desktop and cloud level to stay ahead of exploits we may not even know about. There's no comparison to a traditional onsite database or signature-based solution."

Also key is having AutoFocus as a single dashboard to monitor and respond to threats regardless of where they sit in Domain's environment.

Huggett recalls one particular incident in which the Palo Alto Networks Unit 42 threat intelligence and research team picked up a new Mac exploit. "The Unit 42 folks posted the threat on the AutoFocus dashboard. That gave us immediate awareness of the attack so we could coordinate with our Mac support team to make sure we were properly patched and not vulnerable."

Simplified Administration Frees Up IT for Value-Added Projects

Domain Group has a small IT staff that doubles as a security team to keep the organization lean and efficient. Huggett suggests that wouldn't be possible without the intelligence and automation of the Palo Alto Networks security platform.

"For a lot of companies, firewall monitoring and maintenance can be a full-time job," he says. "Being a small team, we need to let the software do most of the work and just check in on the dashboards from time to time. By going with the Palo Alto Networks security platform, we've been able to support a company that's nearly tripled in size without adding any headcount for networking and security."

Thomas adds, "Security is one of the most important areas of our job, but we don't want it to be the thing that takes up the most time. The Palo Alto Networks platform helps IT spend more time working on projects to help the business grow and increase revenue instead of just managing our security infrastructure. We can stay on top of security without spending all day doing it. That's a real testament to the power of the platform approach."

While Domain is just beginning to use Panorama for central administration of the Palo Alto Networks platform, Dixon is already using it for policy management and to set up additional firewalls.

"The advantage Panorama will ultimately have for us will be to manage firewalls in disparate data centers from one dashboard," he predicts. "It assures us of consistency in deploying firewall configurations and managing policies across our enterprise. And the potential for scale with Panorama is huge. If we decided to deploy firewalls for every site in the company, the additional overhead to manage that would be zero."

Thomas notes, "It all comes down to having our finger on the pulse of the network at any moment of the day. It's a lot easier to get a quick snapshot of your security environment from a centralized dashboard than going to a half dozen places every day, hoping the data you get is right. The way Panorama handles it is brilliant."

Keeping Security Simple Without Sacrificing Control

Domain Group has Premium Partner Support to handle any technical issues with the Palo Alto Networks platform, but the company hasn't needed to call on any help to date. However, based on his experience working with the Palo Alto Networks account manager for Domain Group, Huggett expects prompt, expert support.

"Any time we have a question or want advice, our account manager has connected us with an engineer who can answer our question, usually within an hour," he reports. "Our experience with other vendors is that same scenario could take a whole day after getting bounced from one person to another. Knowing that if we have a problem, Palo Alto Networks will be there to solve it for us straightaway makes such a difference. It comes back to helping us remain productive and protecting our revenues."

Thomas remarks, "The reason we went down this path with Palo Alto Networks was to make network security as simple as possible, but still have as much control and detail as possible even in the cloud. We feel we've achieved that."

He concludes, "We go to industry lunches and hear people talking about problems like people clicking on malicious links that bring down their networks, and we just look at each other. That doesn't happen to us because we have complete control and visibility into what's happening on our network any moment of the day with the Palo Alto Networks Next-Generation Security Platform."


White Paper

How to Pick a Winner in EDR

The endpoint security marketplace is crowded with vendors claiming to have superior capabilities. Cutting through all the marketing and sales pitches to understand how these products perform isn’t easy. Luckily, The MITRE Corporation conducted an independent test of the detection and investigation capabilities of leading endpoint detection and response (EDR) products against real-world attack sequences. We’ll break down MITRE’s methodology, the results, and what it all means for your organization as you assess your current and future endpoint security toolkit.

  • 152

White Paper

Maximize the ROI of Detection and Response

Download this white paper to learn how to maximize the ROI and cut the cost of detection and response.

  • 114

Datasheet

Traps: Advanced Endpoint Protection

Palo Alto Networks Advanced Endpoint Protection provides comprehensive exploit and malware prevention that can prevent attacks before malware can be successful.

  • 15388

Datasheet

Traps: Advanced Endpoint Protection

Palo Alto Networks Advanced Endpoint Protection represents a complete paradigm shift from identification to pure prevention. Providing comprehensive exploit and malware prevention that is not designed to identify; instead, it prevents an attack before the malware can be successful.

  • 15422

Datasheet

Traps Technical Overview

Palo Alto Networks® Traps™ advanced endpoint protection stops threats on the endpoint and coordinates enforcement with cloud and network security to prevent successful cyberattacks. Traps minimizes endpoint infections by blocking malware, exploits and ransomware. Integration with your security platform delivers additional threat analysis, shared intelligence and automated containment.

  • 253

White Paper

Simplify Zero Trust Implementation Using A Five-Step Methodology

Building Zero Trust networks is actually simpler than building legacy networks. This 5-step methodology makes deploying Zero Trust networks manageable, cost effective and non-disruptive.

  • 54