at a glance

CHALLENGE:
Performance limitations of legacy firewall slowed user access to critical video information and limited application and user visibility.

SOLUTION:
Replace legacy firewall with Palo Alto Networks PA-5000 Series next-generation firewall for protection while enabling
Internet high traffic demands and fast access to large video files.

RESULTS:
Increased user and application visibility; and control; Safely enabled applications; Heightened security; Ability to run IPS easily and transparently without affecting network performance.


Palo Alto Networks provides STW Group with greater network visibility and control, faster access to large downloads and more secure internet access

Background

STW Communications Group Limited is Australasia’s largest marketing content and communications services group, comprising more than 75 operating companies and 2,500 staff which focus on advertising, design, digital, public and government relations and specialist communications. STW Group works with local and global brands to devise strategies and campaigns that make an impact and has over 14 offices across Australia.

Business and context

With around 1,400 computer users across New South Wales and Victoria, many of whom have roles relying heavily on video and image content, STW Group’s employees require regular and continual access to tools such as YouTube and other video applications. This comes paired with the need for a reliable, high-speed Internet link to enable fast downloads of high-definition files on an ongoing basis.

STW Group prides itself on being a standout in its industry, with computing power and security that no competitor can match – a selling point its teams use when speaking with existing and prospective clients.

The problem

With more than 25 companies under one umbrella, STW Group’s IT department recently converged the disparate, legacy IT systems of all these businesses into one central IT environment.

“Our technology refresh was about providing consistency, availability and reliability to our users – all with complete transparency, so the only thing they noticed was better, faster access to information,” said Tom Ceglarek, Chief Information Officer for STW Group.

“As part of our technology refresh, we were planning to upgrade our Internet link from 50Mb to 300Mb, to ensure our system could handle the increasing amount of high definition video and large image files that are being transferred and downloaded across our network daily,” said Ceglarek. “The problem was that our legacy firewall was experiencing limitations with our old, lower-bandwidth link, so there was no way it was going to handle moving to a link that was six times the capacity.

In addition to finding a solution that could accommodate greater bandwidth, Ceglarek and team was also finding that the legacy firewall’s Intrusion Prevention System (IPS) capabilities were lacking.

“Whenever we switched it (IPS) on, there was a very noticeable impact on the network and it slowed key applications to a point where it was having a negative effect on the business,” said Ceglarek. “For example, when the IPS module was enabled on the legacy firewall, access to YouTube deteriorated so significantly that it damaged productivity. This meant we had to leave it turned off, which not only limited our visibility into user and application usage, but exposed our network to potential threats – a particularly real scenario in an environment with a high proportion of video uploads and downloads.”

The decision

Ceglarek and his team evaluated a range of high-end firewall solutions before deciding on the Palo Alto Networks PA-5020 next-generation firewall for STW Group.

The Palo Alto Networks PA-5000 Series next-generation firewalls provide granular visibility of threats and better control of Internet applications, with capabilities to isolate and protect data through security policies that are based on the user or group identity from within Active Directory. The user and group identity is then tied directly to a specific application, and the application can then be inspected for threats and unauthorized data transfer.

This level of granular control is unmatched by any firewall solution on the market. Palo Alto Networks next-generation firewalls are unique in their ability to identify and filter network traffic by user, instead of just by computer IP address. The PA-5000 Series enables businesses to accurately identify and control applications by user, scan content to stop threats, and prevent data leakage – all with a single network device.

“Palo Alto Networks solution was proxy-based and offered us content filtering functionality that we’ve tried to use in the past on our older system, unsuccessfully,” said Ceglarek. “On our Mac and Windows mixed-platform environment, the legacy solution rarely captured relevant information. What we love about the Palo Alto Networks next-generation firewall is the fact it integrates with our directory system and transparently gathers the intelligence we need, without users having to face downtime or move away from their computers.”

STW Group chose to team with local technology integrator, VMtech, to implement the Palo Alto Networks PA-5020.

Benefits

The business benefits to STW Group after working with VMtech to install the Palo Alto Networks next-generation firewall are clear and cover several areas of the business.

“The two key benefits we gained immediately after we plugged-in the new firewall were application and user visibility,” said Ceglarek. “We are now able to gain clear business intelligence and insights that we can use for planning and development of new systems and strategies thanks to the deep visibility the PA-5020 provides. This level of detail helps us in our reporting requirements back to the business and aids in building business cases for new tools, additional budget or alternative technologies.

“With our throughput moving from 50Mb to 300Mb, high-performance threat prevention is also a clear benefit, helping us to maintain strong security procedures and policies,” he continued. “The ease of policy creation and detailed logging functionality integrated with the Palo Alto Networks next-generation firewall have been a great help in locking down the policies required for our business.

“The PA-5020 next-generation firewall is simply a more fully featured platform than anything else available. The critical security functionality of identifying potentially exploitable network weaknesses and vulnerabilities is a huge factor for us, operating in such a highly competitive industry.

In addition, the ability to set application policy based on user has also proven beneficial to the STW Group.

”Palo Alto Networks solution offered us content filtering functionality that we’ve unsuccessfully tried to use in the past on our older proxy-based system. On our Mac and Windows mixed-platform environment, the legacy solution rarely captured relevant information. What we love about the Palo Alto Networks next-generation firewall is the fact it integrates with our directory system and transparently gathers the intelligence we need, without users having to face downtime or move away from their computers,” said Ceglarek.

Conclusion

STW Group’s next step with the PA-5020 is to use its reporting functionality to provide monthly business intelligence to the company’s leaders, to better illustrate how the Internet and network is being utilized.

“Working with VMtech to implement the Palo Alto Networks PA-5020 next-generation firewall has been a huge positive for our business,” concluded Ceglarek. “The solution has been very easy to implement and it has definitely fulfilled our needs. We know we can gain relevant, reliable information on the business and use that to greater benefit in the longer term – all while secure in the knowledge that we’re are continually protected.”


Datasheet

PA-3000 Series Specsheet

Key features, performance capacities and specifications of the Palo Alto Networks PA-3000 Series.

  • 4817

Datasheet

PA-5200 Series Specsheet

Palo Alto Networks® PA-5200 Series of next-generation firewall appliances comprises the PA-5260, the PA-5250 and the PA-5220, which target high-speed data center, internet gateway and service provider deployments. The PA-5200 Series delivers up to 72 Gbps of throughput using dedicated processing and memory for the key functional areas of networking, security, threat prevention and management.

  • 4584

Datasheet

Firewall Feature Overview Datasheet

This datasheet provides a comprehensive overview of the critical PAN-OS features that power all next-generation firewalls from Palo Alto Networks.

  • 6876

Datasheet

Product Summary Specsheet

Key features, performance capacities and specifications for all Palo Alto Networks firewalls.

  • 521

Customer Case Study

University of Adelaide

The University of Adelaide is one of Australia’s Group of Eight research-intensive universities and is consistently ranked among the top one percent of universities in the world. Established in 1874, the University of Adelaide is Australia’s third oldest university and an iconic Adelaide institution.

  • 272

Datasheet

PA-220 Specsheet

Palo Alto Networks PA-220 brings next-generation firewall capabilities to distributed enterprise branch offices, retail locations and midsized businesses.

  • 3952