Search
  • banner pc

    All-in-One Devices + Unified Management: Huawei Safeguards the Data Security of Mexico's CAPUFE

Caminos y Puentes Federales de Ingresos y Servicios Conexos (Federal Roads and Bridges and Related Services, CAPUFE) is a federal government agency of Mexico that operates and maintains federally owned roads and bridges.

CAPUFE has 13 branches, all of which need to communicate with the headquarters securely.

Customer Challenges

Cyber attacks on the Internet are a constant menace. In recent years, cyber attacks such as ransomware are increasingly rampant. It's a huge challenge for CAPUFE to defend against such attacks on its one main campus and 13 branch networks. No security devices are deployed on the live network to protect data security. Moreover, the agency does not have network-wide security planning and design capabilities. Over 1000 policies are changed every day, and they lack a large O&M team. It is difficult to achieve unified O&M, and threats and attack events cannot be handled promptly. In addition, the headquarters and branches require dedicated network and security devices, yet device deployment is difficult and costly.

Solution

Phase 1: Identify Potential Security Risks Through Network Evaluation and Consultation

During a network evaluation and consultation with CAPUFE, we provided suggestions on network construction and future evolution. However, we found that security protection was not implemented at branches due to high O&M costs. Although service data is stored in the data center at the headquarters, branches need to access the data center, and some data is cached on devices at branches, which further increases risks. Therefore, from the perspective of network security, Huawei advised the customer to harden the security of branch networks. Since the customer and Huawei had a long-term close cooperation in network construction, the customer agreed to work with Huawei security personnel to design the security hardening solution for the entire network.

Phase 2: Design the Most Cost-effective Security Solution Based on the Customer's Actual Services

Before designing the security hardening solution, we communicated with the customer multiple times to correctly understand the services and topology on the live network. Then, we designed a solution based on the principles of unified O&M and all-in-one protection for branches, balancing security capabilities, costs, and O&M. In the solution, the SecoManager is deployed at the headquarters to centrally manage firewalls at branches, receives security and service logs from all branches, and comprehensively analyzes the information to quickly locate service security threats. In addition, the SecoManager supports threat report customization for O&M reporting and archiving.

Phase 3: Exclusively Win the Bid with Most Competitive Pricing

After we were in agreement with the customer on the security hardening solution, the project entered the formal bidding phase. Eventually, Huawei won the project thanks to the excellent security protection capabilities of the HiSecEngine USG series firewalls, unified management capabilities of the SecoManager (especially the log analysis capability), and the competitive overall price. This was the first security project of this scale in the transportation industry in Latin America.

All-in-One Devices + Unified Management: Huawei Safeguards the Data Security of Mexico's CAPUFE

Customer Benefits

After Huawei HiSecEngine USG firewalls were deployed, security device management and O&M were unified, improving efficiency by 50% and achieving secure interconnection between the headquarters and 13 branches. According to the data protection reports, Huawei firewalls blocked more than 500 threat events every day, ensuring network security and reliability. More importantly, Huawei HiSecEngine USG firewalls integrate multiple functions, simplifying deployment and reducing costs by 30%, far exceeding the expectations of CAPUFE.

TOP