Founded in 1961, Saudi Post Corporation is the official postal service operator of Saudi Arabia, covering all cities and villages in the country. Based in Riyadh, the capital of Saudi Arabia, Saudi Post offers services for personal and business shipping, as well as government services including driver’s license and vehicle registration renewals. The organization’s network serves approximately 600 locations and more than 10,000 users.

Saudi Post began using Lancope’s StealthWatch® System in early 2012 to collect and analyze NetFlow from around 500 exporters for improved network and security operations. The system allows the organization to collect flow data locally across its distributed architecture, while viewing, analyzing and managing the data through a centralized console. In addition to collecting NetFlow, Saudi Post can also obtain visibility into areas of the network that do not inherently support flow data by using the StealthWatch FlowSensor, which combines behavioral analysis with deep packet inspection.

Lancope worked with IT solutions provider, Alternatives Technology Company, to implement StealthWatch at Saudi Post, marking the first ever implementation of StealthWatch in Saudi Arabia.

Streamlined Security Troubleshooting

The Saudi Post security team leverages StealthWatch to uncover worms and anomalous activities that put the organization at risk and waste valuable bandwidth, as well as to quickly pinpoint root cause and identify hosts affected by issues. These capabilities significantly streamline the troubleshooting and remediation process for the organization.

In particular, Saudi Post relies heavily on StealthWatch’s Worm Tracker feature, which graphically traces the origin of an infection and depicts the spread of a worm or virus throughout a network, providing instant visibility into the scope and impact of an outbreak without the need for signatures. With the Worm Tracker, StealthWatch customers can lock down worms within hours as opposed to weeks.

Additionally, the organization makes use of StealthWatch’s Concern Index™ feature, which automatically prioritizes the most pressing issues on the network for administrators so that they can be dealt with first. The Concern Index is a threshold-based point system for bad behavior on a host-by-host basis, automatically prioritizing unexpected network activity in terms of severity and risk in order to greatly accelerate administrators’ ability to isolate and resolve any network performance or security incident.

Saudi Post has also found StealthWatch’s Target Index to be particularly helpful. The Target Index reports on devices “touched” by a host with a high Concern Index. This type of comprehensive visibility enables administrators to rapidly remedy a situation before it wreaks havoc on the network.

In addition to tracking issues according to specific hosts, the StealthWatch IDentity™ appliance allows Saudi Post to identify the exact users responsible for and affected by network and security problems. StealthWatch IDentity enables network and security professionals to quickly drill all the way down to the user level to troubleshoot issues, holding users accountable for their actions.

Additionally, Saudi Post has configured StealthWatch to collect and analyze NetFlow from its Cisco® ASA firewall to obtain integrated internal and external network monitoring for greater visibility and protection. Extending behavioral analytics to the perimeter provides greater contextual awareness for making faster, more informed decisions.

Heightened Performance Levels

StealthWatch is also an extremely valuable tool for Saudi Post’s networking team. The group leverages StealthWatch for real-time traffic analysis to:

  1. Track bandwidth utilization by interfaces, departments and physical locations
  2. Uncover abusive network usage that could lead to productivity loss or capacity problems
  3. Quickly identify and remediate the root cause of performance issues
  4. Assist with capacity planning

Specifically, Saudi Post relies on Lancope to provide metrics for areas such as interface status, inbound/outbound traffic, top applications, round trip time (RTT) and server response time (SRT) to help keep the network up and running around the clock. Additionally, the networking team benefits from the use of StealthWatch’s Relational Flow Maps, which enable administrators to create real-time, customizable views of network traffic flowing between specific segments of the network. These graphical views allow administrators to easily construct maps of their network based on any criteria, such as location or function. By creating a connection between two groups of hosts, operators can quickly analyze the traffic traveling between them.

Saudi Post also appreciates the alarming and alerting functionality of StealthWatch, enabling the organization to easily stay on top of potential concerns. Specifically, the organization finds great value in the email alerting feature, which can send alerts to regional IT coordinators when a link is down for one of the sites that they own, without involving other regions. Saudi Post is also impressed with the reporting functionality of the StealthWatch Management Console (SMC), particularly the ability of the system to provide customized dashboards for different users/roles within the organization, from regional IT coordinators to administrators and managers.

“StealthWatch enables us to know what is happening across our entire network 24/7 to facilitate faster decision making and streamlined troubleshooting,” said Anwar M. Bakhashwain, IT Operations Director for Saudi Post. “The system helps keep our network up and running at all times, and provides the necessary insight and answers when troubleshooting is required. Additionally, StealthWatch easily integrates with complementary network and security technologies, enabling us to leverage previous investments and better protect our information assets and network resources.”