SEBRAE MT Secures Apps for Consultants Who Support 70K SMBs

Headquartered in Cuiabá, the capital of Mato Grosso, SEBRAE MT is the local unit of SEBRAE, an institution that promotes the SMB universe with 27 branches in Brazil. Mato Grosso includes biomes such as the Pantanal and the Araguaia River, besides being the gateway to the south of the Amazon Rain Forest. SEBRAE MT stands out for its sustainable agenda. In 2011, the institution created the SEBRAE Sustainability Center, internationally recognized as a reference center for best practices. In addition to accelerating SMBs in the region, this feature of SEBRAE MT helps the entity work proactively to ensure economic development happens in line with the best sustainability practices.

Toward this end, critical 24x7 applications come into play. These include: 

• The SEBRAE Sustainability Portal, which disseminates knowledge about the area and offers services such as an Energy Efficiency Radar to help SEBRAE MT’s client companies to identify their degree of adherence to practices that promote a circular and low-carbon economy. 
• The XPERTS platform—a marketplace that connects consultants from diverse business disciplines with clients facing management challenges. 
• The “Free Electronic Invoice Issuer,” a state Treasury Department system integrated at SEBRAE MT’s web portal that supports the issuance of invoices. 

SEBRAE MT’s role in sustainably promoting the state’s economy requires the institution’s ICT Security Team to preventively enforce actions against attacks and app performance degradations. The institution owns two data centers—one at the regional headquarters in Cuiabá, and another at the national headquarters in Brasília. In 2019, SEBRAE MT’s technology leaders issued an RFP to acquire app distribution and web application protection solutions. F5 BIG-IP Local Traffic Manager (LTM) and F5 BIG-IP Advanced WAF solutions were chosen.

With the onset of the COVID-19 pandemic, however, apps that were basically intramural had to be quickly migrated to the web to guarantee continuity of consultant services to SEBRAE MT’s client companies. It was also essential to start protecting the APIs that connect SEBRAE’s platforms with apps from other organizations. Between 2019 and 2022 alone, the consumption and publication of SEBRAE’s APIs grew by 85%. 

This led the institution to open a new RFP in early 2022, this time addressing defenses against malicious bots, as well as protection for DNS and APIs. The new RFP also included updating app distribution resources, as SEBRAE MT’s events started to happen massively over the Internet, causing access peaks. The new RFP also included threat campaign and IP intelligence solutions. The goal was to reduce manual denylist blocking actions carried out by SEBRAE MT’s professionals, thus optimizing the team’s performance.

Following the 2022 RFP, F5 was again chosen to provide app security and delivery solutions to SEBRAE MT. “In the 2019 RFP, the defining factor was the value for money offered by the F5 platform,” says Edvando Silva, Cybersecurity Manager at SEBRAE MT. “In 2022, due to the history of the relationship between SEBRAE MT and F5, we already knew the quality of their technology and it was possible to seek a solution that we trusted.”

The period starting in 2022 consolidated the self-service profile of web applications in which SEBRAE MT professionals interact directly, remotely, with business platforms. After 2020, the demands on SEBRAE MT’s digital infrastructure were increased by access peaks caused by the institution’s virtual events. In this context, it was strategic to expand the processing capacity of their F5 BIG-IP Local Traffic Manager (LTM) app delivery solution initially implemented in 2019.

Meanwhile, F5 BIG-IP DNS solved the IP addressing challenges of SEBRAE MT, working securely with the data processing distribution resources between the institution’s two data centers. SEBRAE MT’s ICT Security Team explored the integrated approach delivered by the BIG-IP platform, gaining visibility into network consumption and the number of accesses by each client company.

It was also essential for the institution to deepen its use of F5 BIG-IP Advanced WAF. The digitization of SEBRAE MT’s processes turned applications into live, continuously updated, and corrected platforms. The number of scripts and consumption of microservices increased. Each of these changes impacted BIG-IP Advanced WAF, which automatically updates itself within milliseconds to continue protecting those critical platforms. That protection includes continually scanning traffic to identify and block unwanted bots, software used by cybercriminals to break into systems and steal data. The F5 solution also identifies and verifies desirable bots generated by search engines like Google. Finally, BIG-IP Advanced WAF also protects APIs consumed and developed by SEBRAE MT. 

With the arrival of the latest F5 solutions, it became possible to fully automate functions that serve SEBRAE MT professionals and clients that access SEBRAE MT applications. 

“Performance improvement and application protection processes have been 100% automated,” says Silva.

This automation freed the ICT Security Team for more strategic tasks, including ongoing interaction with app development teams. 

“Reports generated by BIG-IP Advanced WAF with F5 Threat Campaigns and F5 IP Intelligence data, for example, are seen by that department’s managers as a strategic input for the development of secure applications,” says Silva.

SEBRAE MT uses the BIG-IP dashboard with BIG-IP Advanced WAF, BIG-IP LTM, and BIG-IP DNS to gain a clear view of everything going on within the app security and delivery infrastructure. Should SEBRAE MT’s ICT Security Team want to carry out in-depth investigations into a possible attack, the dashboard can be configured to get to the details, such as a forensic analysis of a detected incident. This flexibility of the F5 platform is in line with the institution’s cybersecurity management policy, which demands both a holistic look at the digital infrastructure—with delivery of the key service quality indicators—and a detailed view of specific issues that may require immediate correction.

SEBRAE MT’s ICT Security Team is making the most of F5’s threat intelligence to ensure API protection while supporting large recent growth in the number of APIs in use.

“Several of the applications developed by SEBRAE MT are being spread nationally, serving other SEBRAE branches all over the country,” explains Silva. “And vice versa: Some applications created by other branches of the institution are accessed by us. In this context, the consumption of APIs advances unceasingly. F5’s intelligence is an important part of the gears and policies we use to securely publish APIs.” 

BIG-IP DNS resources are used by SEBRAE MT as support for the institution’s Internet access. 

“When access to DNS Internet addressing services is lost, internal and external end users may be without access to applications. With the help of BIG-IP DNS, we have been delivering an average of 98% availability.” says Silva. The integration between the secure BIG-IP DNS platform and BIG-IP LTM, which solves the challenges of distributing processing loads between the two data centers, supports the quality of service offered to SEBRAE MT’s users.

Every Monday, Silva meets with the F5 service team and Arcade, the F5 business partner that serves the institution, to deepen its use of the F5 solution. 

“I know I have an advanced solution in my hands, and I use these meetings to investigate resources that we may not be exploring fully yet,” he explains. Some achievements are already happening as a result, such as the use of the solution’s bot defenses.

Silva adds, “My goal is to reach the maximum performance and protection.”