Banque Saudi Fransi improves IT security

Banque Saudi Fransi (BSF), a Saudi Arabian joint stock company established by Royal Decree, is a full service commercial bank serving the local and international banking needs of its clients. BSF provides comprehensive financial services and products in the Kingdom of Saudi Arabia (KSA) and other markets. Its high performance and wide customer base is reflected in its strong financial position.

The bank is affiliated with France’s Calyon, the corporate and investment banking arm of the Crédit Agricole group, which is rated among the world’s top ten banks by total equity. BSF today has a banking network of 85 branches across the KSA and employs 2500 professional bankers.

As a major bank in the Arab world, BSF has established an advanced enterprise network and infrastructure to cope with its corporate business needs. The bank also uses its state-of-the-art corporate network and IT infrastructure to compete with other banking institutes in Saudi Arabia. BSF uses a variety of international banking applications and has also developed a wide range of custom applications to satisfy its business’ needs. Moreover, says Shadi Ali AlMosajen, the head of e-Security and SOC at BSF’s head office, the top management at BSF emphasize on internet and mobile banking and a gamut of self service applications to serve its clients — both B2B and B2C, 24×7.

The challenge

In such a scenario, the BSF wanted to protect its IT infrastructure and corporate network from blended and malicious threats. “When it comes to information security, BSF recognises that they were not merely protecting customers’ data. We are also protecting their lives and livelihoods,” adds AlMosajen. According to him, most security threats and evolving exploits came from applications such as online banking systems, e-mail and proxy gateways.

“As a financial institution, we are holding people’s life savings, investments, and other accounts,” says AlMosajen. “Our job is to safeguard our customers’ privacy and capital from criminals who want both. Security, therefore, is paramount here. We want to maintain our reputation for providing exceptional service to our customers.”

This commitment from BSF includes investing in strong IT and security solutions to protect customer information. “The main reason for replacing our existing Intrusion Detection System (IDS) was its weakness and failure to provide necessary protection,” says AlMosajen. “Not to mention its false alarms, which usually annoyed the IT and security team because of its inaccurate security and threat reporting. The IT and security team has struggled with so many difficulties in administering and dealing with the old IDS components while getting audit requirements ready.”

The solution

The BSF security and SOC team, headed by AlMosajen, conducted three ‘proof of concept’ tests using solutions available from the top IPS providers listed on the current Gartner Magic Quadrant. They rigorously tested all the products with its test criteria and requirements. After enduring its grueling tests, TippingPoint’s IPS emerged as the winner. The main reasons being HP TippingPoint’s thorough R&D, security architecture, and continuous technical support.

With help from FVC, HP TippingPoint’s value added distributor in the Middle East and North Africa region, and PCS Saudi Arabia, FVC’s solution provider in the Kingdom, BSF received a world-class IPS that included assistance with deploying the new security technology, as well as round-the-clock technical support.

BSF has always led its peer banks in implementing and adopting the latest security solutions and needed an eye and an additional layer to control and protect internal systems and networks pertaining to internal threats. “We feel that the newly deployed TippingPoint* security solution on the bank’s IT infrastructure will guide us to a potential initiative on the internal side to enhance incident response and escalation for internal systems in the event of virus/worm outbreaks. The system will also increase BSF’s SOC capabilities to command and handle different aspects of internal security threats. In addition, we can achieve an end to end in-depth security capability, which is useful for the functioning of an institution such as ours,” adds AlMosajen.

AlMosajen adds that “most of the available IPS technologies on the market were vulnerability based, and hence they missed the security threat knowledge.” This meant that BSF as a client needed to develop the required policy or signature to protect its environment all the time. This was time consuming and increased overheads. HP TippingPoint’s team of experts takes care of this security measure and its related development. TippingPoint’s IPS has the lowest rate of false positives, which in turn adds more credibility when sending threat flags to BSF’s SOC team.


With the advanced security capabilities of the new TippingPoint IPS and the expert support provided by PCS Saudi Arabia, BSF can today provide stronger protection for its customers than ever before.

During the implementation phase, AlMosajen confesses that he was worried about putting the TippingPoint IPS in the “in-line mode” as the bank dealt with critical banking applications. “However the implementation of the IPS from TippingPoint was effortless. Plenty of benefits have resulted from this implementation. We can now fulfill audit requirements in a quicker manner, have to bother with lower overheads for the SOC team, real protection from latest threats, intuitive interface, strong and customizable reporting facility and easy integration with the BSF SOC,” says AlMosajen.

TippingPoint’s IPS solution builds on conventional intrusion detection system (IDS) technologies by not only recognising malicious attacks, but taking steps to actively block them.

“Our previous IPS solution would only inspect for a few dozen known vulnerabilities,” says AlMosajen. “The new system provides more expansive protection. It allows us to monitor threat information in real time in our SOC. At a glance, we can see what is happening on our network, including information about real-time attacks and a graph highlighting our current risk factors. Furthermore, TippingPoint’s IPS is unique with its stable operations and threat orientation.”