The Basque Center on Cognition, Brain and Language is an international multidisciplinary research center for the study of cognition, brain and language established jointly by Ikerbasque, Innobasque,
UPV-EHU and the Government of Gipuzkoa.
The center is located in Donostia-San Sebastián, Basque Country and was first created in 2008, when operations began to build the necessary research environment, including administrative and technical support and staff recruitment, with the aim of starting actual research in September 2009.
Some of the areas studied at BCBL include the processes involved in normal language acquisition in children and in the learning of a second language in adults, as well as disorders in language learning, language disorders, age-related effects on language and neuronal degeneration and the use of language in different social contexts. This process of working directly with people requires information to be processed in a completely confidential way, which leads BCBL to be extremely careful about data input and output. BCBL has two high-availability firewalls and a private intranet that is securely accessed by more than 200 users, including the VPN connections currently configured.
TOTAL CONTROL OVER DATA OUTPUT
With an IT infrastructure receiving a higher volume of confidential information than they were used to, BCBL was looking for a high level of data protection through application and user control. This full control over data output from experimental records would allow them to customize access profiles among its intranets and the Internet.
On the other hand, one of the center’s main aims is to create a work environment that is as relaxed as possible, and this includes permission for researchers to use social networks—a channel, on the other hand, which is used to recruiting participants for the experiments. However, the use of these types of tools also increases the risk of cyber-attacks and it is therefore very important to have a security solution that provides peace of mind.
“Our goal was to add a next-generation firewall solution to provide user and application control,” says José Corral, IT Manager at BCBL. “We didn’t renew our prior solution because the firewall support failed and, in addition, it didn’t offer these capabilities.”
BCBL, due to the company’s set-up, drafted a requirements document to renovate its security solution. It learned about the Palo Alto Networks solution through its partner, ITS Security, and it quickly became interested in its product. According to Corral, Palo Alto Networks next-generation firewalls were “by far, the most mature solution in application and user control,” in addition to highlighting that “Palo Alto Networks made a great effort to win this project, investing a lot of energy from the beginning.”
THE IMPLEMENTATION PROCESS
With security requirements defined, BCBL implemented a pair of PA-3050 devices in an HA configuration, which lasted three days and was divided into several stages.
Implementation was carried out by ITS Security, who sent a team comprised of two highly qualified technical specialists to undertake the design, configuration and implementation of the solution in high availability with the two PA-3050 machines.
After conducting an analysis of the existing services and resources at BCBL, and once the planning and installation of the new machines and network infrastructure had been implemented, the process of migration and validation from the old system to the new Palo Alto Networks platform took place, to subsequently proceed to a load test and balancing. Afterwards, the start of production took place, as well as user and administration training for the new technology.
Both PA-3050 machines had been implemented with “Threat Prevention” and “URL filtering” licenses, BCBL was already using all available capabilities: IPS, antivirus, modern malware, URL filtering, and integration with Active Directory, among others. Moreover, they have achieved greater network visibility, allowing them, among other things, to find traffic that they suspected existed before but were unable to demonstrate. Moreover, thanks to Palo Alto Networks “Wildfire” and its cloud-based analyzing services, it is possible to effectively combat botnets and zero-day malware. As a last remark, it is interesting to note that the number of firewall rules to be defined decreased thanks to the layer 7 functionality and some of the firewalls could be customized for stricter control.
“What I noticed most was the professionalism of the ITS Security team, the outcome was very successful, and they met their delivery dates. Their staff is really professional and dedicated to their job; we were fortunate to work with them.”
RESULTS THAT MEET EXPECTATIONS
The solution, implemented for Internet access, in WIFI areas, VLANs, remote sites, server networks, backup server networks, etc., is “working really well and we are very satisfied with it,” says José Corral.
The IT manager at BCBL calculates time savings of 20 percent in computer management since everything is located on a single box. Time that, as Corral highlights, may be dedicated to working on new applications or services offered by the IT department.
“For anyone who needs to control access to their applications and identify users, I think it is a truly compatible solution. It is a clearly superior product, as is Palo Alto Networks technology. The result fully met our initial expectations.”
On the other hand, its website’s security has also been improved, and since the solution was implemented it has always been up and running—an essential condition since it is through the website that participants register for experiments and check the status of projects. “Since we installed Palo Alto Networks we’ve had no security issues, we are very confident. Previously there was a bug in the system and someone managed to slip in another product’s advertisement.”
With regards to resolving incidents, the staff at BCBL say that there have only been two instances, and both times ITS Security resolved them in practically no time. “Their customer service is very good, the support page is great, with a great deal of documentation, we are very satisfied.”
The BCBL Case Study in Spanish.