Cyber Security
Safeguarding against the potential cyber threat landscape
The need for digitalisation has never been as crucial as it is today. With the increase in technology use, and the current global climate, businesses who primarily transacted offline have had to undergo a digital transformation at a rapid rate to remain competitive in the market, and to keep connected to their customer base. With this surge in digital migration, conventional methods of securing critical infrastructure and networks have also had to evolve in order to provide multi-layered protection across a business’ infrastructure, networks, devices and programs. Today, ensuring a business’ cyber defence technology is enhanced is imperative for safeguarding its data and integrity.
Globally, cybercrime and cyberattacks have become increasingly frequent and more sophisticated, often creating devastating results, with crippling ransomware attacks or data breaches exposing flawed security solutions and probing weaknesses within a business’ line of cybersecurity defence. It is therefore imperative to ensure that a business has a sound strategic security strategy that is not only effective but caters for a range of requirements.
Cisco, who has a strong array of security products and innovations, has long been known to provide advanced security solutions that meet business’ unique requirements. In partnership with systems integrator, Outcomex, who have valuable and extensive experience integrating Cisco platforms, customers are provided with robust and effective solutions which not only met their unique requirements, but also offer protect their business operations.
Globus family of brands (Globus) is one of the largest global tour provides, operating for over 90 years. With offices based in Sydney and Auckland, and general sales agents located across South East Asia and South Africa, they employ around 100 staff in a dynamic and challenging environment.
The family of brands include travel groups Globus, Cosmos, Monograms and Avalon Waterways. With over 480 itineraries in 77 countries, Globus offers unparalleled holiday experiences across six continents: Europe, North America, South America, Asia, Australia, New Zealand, and Africa.
What distinguishes Globus as a forerunner in the tourism and travel industry is that they provide authentic experiences through hassle-free planning and by using tour directors and local guides. They also personally handpick and test the hotels and inclusions to ensure their travel base have exceptional travel experiences, whether it is on a fully escorted tour, small cruise ship or independent city vacation.
Upon reviewing their own systems and infrastructure, Globus realised that in order to remain a key player within the travel and tourism industry, they would need to undergo a move towards digitalisation. Since they were primarily an office-based workforce, this move would entail a complete overhaul of all their systems, infrastructure, and networks, including devices, to migrate successfully into the digital technology space.
Globus would need a viable security solution that would enable their staff to work remotely securely, with little or no disruption to their business and ensure enhanced protection of their network, infrastructure, data, and devices.
Globus’ key objectives were to redesign their entire network, infrastructure, data centre and virtual platforms, while focusing on enhancing their security posture. Upon further review and re-evaluation of Globus’ IT environment, we identified security as a critical component to minimise risk and to ensure that they maintain business operations unhindered. We discovered they also needed a brand-new IT network, environment, and system upgrade. As their staff were primarily office based and working on desktops, they required an innovative solution which would not only give them the ability to move their staff onto laptops, but also allow their staff access to a secure network environment.
For Globus to complete a successful transition, they would need to address the security vulnerabilities that they had not considered before. By focusing on and improving the security posture of their integrated platforms, becoming proactive against malware, and providing improved protection for staff devices, network access, and threat monitoring, they will be better able to serve their staff, their customer base and ensure that business continuity remains. With this migration, email-based security threats and endpoint-security gaps were a major concern, especially considering the increase in, and sophistication of, cyberattacks globally.
To solve for Globus’ specific security requirements, Outcomex deployed an end-to-end security solution. This included edge security deployment via a pair of Cisco Next Generation Firewalls at their Prod and DR sites. Cisco Firepower NGFW (next-gen firewall) uniquely provides advanced threat protection before, during and after attacks. It detects, eliminates, and blocks any threats through gaining deeper visibility into the traffic utilising Globus’ network. This allows Globus to move away from their on-premise applications towards a more remote environment without having to worry about emerging cyberthreats and its impact on their business operations.
We also employed an end-to-end Cisco security solution by using Cisco AnyConnect VPN, Secure Endpoint and DNS Security, which included:
• Cisco FPR1120 Threat Defence, with subscriptions, Threat, Malware and URL
• Umbrella Insights
• Cisco Cloud Email Security Premium with Advanced Malware Protection (AMP)
• Advanced Malware protection
• Cisco AnyConnect Apex Licence
Through the implementation of the above, all of Globus’ registered devices have heightened protection and access to a robust and secure network. Staff now have the ability to access the network at any time from any location. This also provides added protection for all staff, client data and company information.
To cater for any possible future email-based security threats, we deployed Cisco Email Security, which enables users to communicate securely and helps combat Business Email Compromise (BEC), ransomware, advanced malware, phishing, spam, and data loss with a multi-layered approach to security. Cisco Email Security includes advanced threat protection capabilities to detect, block, and remediate threats faster, prevent data loss, and secure important information in transit with end-to-end encryption, thus securing sensitive company information/data. This means that Globus staff can now work remotely without having to worry about receiving a phishing email, containing malicious links or attachments. This reduces the chance of staff devices being infected with malicious viruses or spyware and ensures that the network remains stable and secure.
Since malware threats are becoming harder to detect and more evasive, Cisco AMP for Endpoints was also implemented. AMP provides comprehensive protection by preventing breaches, blocking malware at the point of entry and continuously monitoring and analysing file and process activity to rapidly detect, contain and remediate threats that evade front-line defences. Threats are now uncovered faster, and security effectiveness has been improved. With AMP, Globus can work swiftly and efficiently as they now have better visibility into the traffic accessing their network.
To enhance endpoint security, Cisco Firepower Management Centre (FMC) and Cisco Umbrella were employed. Cisco FMC is particularly ideal for this project as Globus had to manage a large number of devices and give them access to the network. To increase the cybersecurity posture of Globus’ remote workforce and their branch locations, we utilised Cisco Umbrella. This provides dependable DNS monitoring of all external devices, and provides staff with reliable, secure, and fast connection, while simultaneously blocking online threats, from malicious malware, phishing, and ransomware.
The firewalls were complemented by Cisco SD-WAN across the tour group’s head office and branch locations located in ANZ. SD-WAN gives staff the ability to securely connect to core business applications across all their office locations any time, from anywhere. By using Cisco SD WAN, Globus additionally benefited from improved network speed and efficiency. Staff are now able to respond more rapidly to changing business requirements, including having the ability to access cloud business applications in real-time. This, in turn, improves user experience and the response rate to the customer, thus improving customer experience.
We implemented a refresh of Globus’ Cisco Unified Contact Centre Express (UCCX)/Call Manager, migrating the software to its new platform, which ensures business continuity and allows Globus staff to access a secure and easy-to-deploy customer interaction management solution. It also allows for an increase in software capability, providing high availability functionality, which means they are now able to handle high volumes of calls while reducing the risk of loss of business operations.
During our design and implementation of Globus’ network and infrastructure upgrades, we added a failover mechanism with SIP trunks. This reduces the risk of agents losing access to the CRM and not being able to receive and make phone calls, which protects the business’s bottom line. This was particularly beneficial to the tour group as the volume of calls they received for cancellation increased exponentially during the COVID-19 pandemic due to travellers cancelling tours.
Additionally, we enabled data centre stability and modernisation by implementing an updated production infrastructure, which is located at a new data centre, Equinix SY4, and a Disaster Recovery infrastructure, which is hosted on-premise at the existing server room at Globus’ head office. We also implemented Commvault’s Complete Backup and Recovery giving the tour group simple-to-use data protection, as well as intuitive reporting and intelligent automation/diagnostics.
Lastly, we offered Managed Services to Globus, which will give them access to unlimited break/fix support. Through this service, the travel group will have the ability to proactively manage the network and infrastructure redesign. As a result, Globus will benefit from a high performing and secure platform that is simple to operate and enables reliable services for business-critical applications.
Outcomex provided Globus with the modernisation of their network, infrastructure, data centre, security and virtual platforms upgrade and redesign. This timely solution allowed staff to work remotely prior to the start of COVID-19, and has ensured that operational services remain unhindered, across their three locations in NSW and New Zealand. Globus now has a network that is stable, responsive, efficient, and secure.
Globus is now able to connect approved users to their network, o gain visibility into every user and device accessing their network, and grant permissions based on staff roles and requirements. Outcomex’s role was significant, assisting the tour group in achieving a secure remote workforce. This multi-layered security solution, and network upgrade, was particularly beneficial and timely, as it enabled Globus to continue with their business operations uninterrupted through the COVID-19 pandemic.
Post project delivery, Globus has maintained their position as a forerunner in the travel and tourism industry with the digitalisation. As a result of their heightened security posture, Globus can now transact on their robust, secure network environment without cybersecurity issues or concerns.
Given the success of the project, Globus has re-engaged with Outcomex to deliver Cisco Identity Services Engine (ISE), Meraki video cameras and access points, which will be completed at the end of 2021.
Cameron Harding
Solutions Architect – Outcomex
Karl Merckel
Head of IT ANZ – Globus