CUSTOMER STORY

Robi Axiata Limited turns to F5 Advanced WAF to protect its subscribers

Robi Limited

BENEFITS

  • Improved security posture and secured apps
  • Enhanced uptime for customers 
  • Increased flexibility and agility for the development team

CHALLENGES

  • Need to provide a fast, reliable and safe application environment for customers
  • Enhance the security posture of digital applications and enable safe online payment transactions to promote online business.
  • Implementing OWASP Top 10 Protection and PCI-DSS compliance 

The second-largest mobile network operator in Bangladesh, Robi Axiata Limited (Robi), provides customers with a suite of lifestyle, entertainment, and payment apps. To ensure that customers can enjoy enhanced security and peace of mind when using these apps, Robi partnered with F5 to better scale its capabilities in the face of increased traffic and threats.

Business Challenges

Robi Axiata Limited (Robi) is the leading 4G service provider and second-largest mobile network operator in Bangladesh, with over 45 million subscribers. A trusted brand synonymous with cutting edge mobile network technology, Robi was the first operator to introduce GPRS, 3.5G, and 4.5G network services in the country. In fact, Robi enjoys the largest 4.5G network in Bangladesh, with nearly 11,000 sites providing superior coverage to the entire country. It is also the only mobile operator to have successfully conducted 5G trials, as well as launched Voice over LTE technology before any operator on its 4.5G network.

Through the introduction of innovative digital solutions, Robi has enabled underserved communities in rural and semi-urban areas to have access to reliable mobile financial services. Besides online e-commerce platform RobiShop, the mobile network operator has a smorgasbord of digital app solutions, from sports, gaming, and entertainment, to health, e-Commerce payment platforms and apps to purchase train tickets.

With such a gamut of solutions, Robi is the gateway to many critical transactions that customers have made a part of their daily lives. Robi is aware of the trust its customers have in the brand, and the need to ensure that they can enjoy Robi’s digital solutions in a protected environment. While Robi had measures in place to discover security vulnerabilities and the risk of penetration, these security measures focused on securing the network rather than the applications, resulting in zero visibility on potential application layer attacks for web-facing solutions. Furthermore, with malicious cyberattacks accelerating at an unprecedented rate and growing in sophistication, the operator also had to factor in the high-volume traffic with stealthy, application-targeted techniques. All these issues combined puts Robi in an untenable position of having to strain its internal resources regularly.

With over 60 business-critical applications across its platforms, Robi also needed to comply with the Payment Card Industry Data Security Standard (PCI DSS) and comprehensive protection against the OWASP top 10 threats. . In order to improve its platforms’ scalability and performance for several critical workloads, Robi appointed F5 to plug the security gaps in all its applications and payment gateways and improve its security posture to ensure a fast, seamless, reliable, and secure user experience for customers. In this way, Robi’s development team could focus their attention on creating more innovative application enhancements to improve the user experience.

"As a mobile network operator that serves over 45 million subscribers, the issue of trust is paramount. That means zero to minimal downtime, high reliability, and the best customer experience in the industry. With the increased risk of online threats, we needed a solution to keep up with the advanced capabilities of attackers. It was critical to take an active approach in securing our applications and provide our customers with peace of mind."

Solution

Robi found its answer in the F5 Advanced Web Application Firewall (WAF) and F5 Big-IP Local Traffic Manager (LTM). Together, both F5 solutions delivered more efficient security protection in a consolidated IT architecture. Not only was Robi able to save costs, but their Data Center Disaster Recovery (DC-DR) infrastructure was also more robust and resilient.

Thanks to a unique partnership between machine learning, threat intelligence, and deep application capabilities, F5 Advanced WAF empowers Robi’s websites and digital solutions with comprehensive and advanced protection and secures its Digital Universe against data breaches and vulnerability scans, application-layer Denial-of-Service (DoS) attacks, and OWASP top 10 threats. The solution protects the operator against automated attacks by creating a baseline of normal application traffic behavior, monitoring and blocking any anomalous traffic patterns or malicious bots, without any human intervention.

With F5 Advanced WAF, Robi is relieved of the intensive process of encrypting and decrypting traffic sent through Security Socket Layer (SSL), which can put a strain on server resources. SSL is offloaded to a separate, dedicated server and frees Robi’s system to handle other business-critical applications and platforms. In addition, potential threats can be better scanned and prevented.

F5 Advanced WAF also makes it easy for Robi to maintain regulatory compliance with PCI DSS through built-in protection, logging, reporting, and remote auditing. Without the need for multiple appliances, application changes, or rewrites, F5 Advanced WAF can cost-effectively list required security measures, independently determine if compliance is being met, and highlight necessary steps to guarantee compliance. This ensures that Robi enjoys an ‘always on’ payment compliance for all transactions that customers make on its websites and platforms.

Through the consistent monitoring of server health and security, F5 Advanced WAF enables Robi with the ability to accurately detect and mitigate malicious attacks before any damage is done to the website or the brand’s reputation. Robi now has almost greater web attack visibility, providing enhanced safety and high service quality to customers.

"We have been using F5 for critical traffic management for the past few years. We have found F5 to be one of the most stable platforms in our data center, allowing us to constantly meet our uptime service level agreements. F5 Advanced WAF is an extremely robust security platform that has helped us to improve our security posture, increase operational efficiencies and provide a positive customer experience."

Benefits

Through the adoption of sophisticated security and availability features such as F5 Advanced WAF and BIG-IP LTM, Robi has improved the security of its websites and applications, giving customers an ‘always on’ access to Robi’s solutions that are a part of their daily lives. 

Improved security posture and secured apps

F5 Advanced WAF’s machine learning, deep application expertise, and behavioral DoS detection and mitigation work together to secure Robi’s digital solutions and applications and improve its security posture to make customer transactions safe and secure.

Enhanced uptime for customers

With comprehensive security and protection from disruptive and malicious web attacks, customers are ensured of consistent 24/7 access to Robi’s digital solutions and applications.

Increased flexibility and agility for the development team

With improved ability to deliver applications rapidly and reliably, Robi’s development team can focus their attention on creating more innovative application enhancements to improve user experience and ensure that they have access to the applications they need, whenever they need them.