Case Study

D Commerce Bank drives digital transformation with Zero Trust, AI-driven network security

In brief

Customer

D Commerce Bank

Industry

Financial Services

Country

Bulgaria

Organisation Size

45 branches across Bulgaria

Challenges

Safeguard the bank from sophisticated state-sponsored and other attackers attempting to target customer identities, assets, and account credentials.

Solution

Palo Alto Networks
Network Security Platform:
  • ML-Powered NextGeneration Firewalls
  • Advanced URL Filtering
  • Wildfire®
  • Advanced Threat Prevention
  • DNS Security
  • Cloud-Delivered Security Services

Results

  • Safeguards against all types of threats.
  • Delivers highly resilient, redundant infrastructure.
  • Encrypts 100% of traffic where previously only 80% was encrypted.
  • Reduces alerts by 50%, releasing security resources.
  • Accelerates transformative business change.

D Commerce Bank is transforming its security to meet the challenges of a modern banking environment – by placing a showcase Palo Alto Networks network security platform in the vanguard. Innovative features like active/active configuration and AIdriven automation ensure 24/7 compliant banking operations and security alerts have dropped by 50%, increasing operational efficiency.

Geopolitical uncertainty, the rapid digitalisation of banking services, and shifts in underlying IT systems make European banks a top target for security attacks. These cyberthreats can quickly choke everyday corporate and retail customer operations.

D Commerce Bank, a leading Bulgarian financial services organisation, has responded to these challenges with a highly resilient network security strategy using Palo Alto Networks ML-Powered Next-Generation Firewalls (NGFWs). Innovative active/active configuration delivers complete redundancy in support of 24/7 banking operations and compliance. The Bank is more agile now too: the volume of alerts has dropped by 50%, and the NGFWs are decrypting and inspecting 100% of network traffic with the Cloud-Delivered Security Services (CDSS), intercepting threat vectors to stop known, unknown, and zero-day threats, compared with 80% previously.

CHALLENGE

Safeguard against spiralling and sophisticated attacks

D Commerce Bank is a midsize Bulgarian bank offering a comprehensive portfolio of corporate and investment banking solutions to small and medium-sized enterprises (SMEs), together with consumer retail banking services.

The Bank is continually alerted to sophisticated attackers attempting to target identities, assets, and account credentials. And these attacks are intensifying. Stefan Tsonev, CISO at D Commerce Bank, explains: “In the last six months, we have experienced denial-of-service attacks and exploit attempts on almost a fortnightly basis. As a highly respected financial services provider, our number one goal is to safeguard highly sensitive information from every type of attack.”

One of the reasons for this spike in security threats could be related to the Bank’s geopolitical position. Located on the Balkan Peninsula, Bulgaria faces the ever-present threat of state-sponsored attacks, such as sophisticated botnets used to launch DDoS attacks and other zero-day exploits.

The previous firewalls were evolving to maintain the security of sensitive financial data. However, they lacked the enterprise flexibility and natively integrated protection to manage this ever-increasing threat landscape.

The key priority for D Commerce Bank is to maintain continuous operations. Any changes or updates to the firewall settings, policies, or configurations could have potentially disrupted banking operations. Ensuring minimal downtime during updates and changes was crucial for the Bank.

"We needed complete visibility and protection across the entire corporate network. Detailed identification and classification of devices is the foundation of a secure network."

– Stefan Tsonev

CISO, D Commerce Bank

SOLUTION

Breadth of security technologies, proven integration, and simplicity

single-pane-of-glass

Stefan and his team recently embarked on a network security transformation strategy. “We evaluated multiple vendors, but Palo Alto Networks stood out for its breadth of security technologies, proven integration, and simplicity. We were also impressed by their unprecedented investment in R&D. Our Gartner evaluation confirmed these beliefs.”

D Commerce Bank has standardised on a resilient network security strategy based on ML-Powered NGFWs. Two NGFWs are deployed - one in the primary and data centre and one in the secondary data centre, to address data protection, data security, cyber hygiene, third-party risk, and operational resilience.

They operate in an active/active high availability configuration using Route-Based Redundancy. In the unlikely event of a link or firewall failing, traffic is instantly redirected to the functioning firewall. “We are the first active/active customer in Bulgaria, and this HA cluster is ideally suited to our high-performance, scalable network. It helps create defence in depth, meets our 24/7 banking commitment, and ensures we adhere to financial compliance obligations.”

The Bank is also using CDSS, including Advanced URL Filtering, WildFire, and DNS Security. “WildFire provides malware sandboxing and fully integrates with our firewalls to stop evasive and unknown malware and send data to the cloud for analysis. One of the reasons we didn’t choose any of the other firewalls we reviewed was because their sandboxes didn’t integrate with our data centre infrastructure,” says Stefan.

Training has also been provided by Palo Alto Networks. He comments, “Palo Alto Networks Education Services were highly professional. We could learn at our own pace, covering all elements of the technology from fundamentals to specialised role-based learning.”

RESULTS

50% reduction in security alerts

Palo Alto Networks is effectively addressing current cyberthreats, safeguarding customer data, facilitating regulatory compliance, and ensuring operational effectiveness.

The platform offers multiple benefits, including that it:

  • Safeguards against all types of threats: Comprehensive Zero Trust is enabled throughout D Commerce’s entire digital ecosystem, with decryption and continual verification of every interaction.
  • Delivers highly resilient, redundant infrastructure: Active/active configuration protects infrastructure via a failover capability, ready to take over in the event any firewall fails.
  • Drives efficiency: The Bank can quickly and easily decrypt and inspect web traffic with no impact on performance. According to Stefan, “The competitors’ firewalls that we reviewed were only able to decrypt 80% of traffic, whereas Palo Alto Networks inspects 100%.” This increased visibility allows it to prevent more threats within this previously encrypted traffic.
  • Simplifies operations with the power of AI: Stefan comments, “Since we went live, we have experienced a 50% drop in alerts. Our team has double the time now to concentrate on strategic security tasks.”
  • Accelerates change at the Bank: Palo Alto Networks extensive ecosystem of experts and certified partners brings industry-leading insight to address D Commerce Bank’s challenges and optimise its cybersecurity investment.
  • Ensures compliance with stringent financial regulations: D Commerce Bank can demonstrate scrupulous adherence to rules governing compliance, data privacy, and data loss prevention.

"I genuinely believe that Palo Alto Networks offers the best network security platform on the market. It has the flexibility, resilience, and intelligent automation to support our cybersecurity transformation strategy and ensure continuous operations."

– Stefan Tsonev

CISO, D Commerce Bank