Case Study

PLDT and Smart Communications fortify child protection with a custom-built solution

In brief

Customer

PLDT, Inc. and Smart Communications, Inc.

Product and Services

Broadband services and wireless communications

Industry

Telecom

Organization Size

18,000+ employees

Country

Philippines

Challenges

PLDT and its wireless unit, Smart Communications, are committed to providing a digitally connected experience safely and securely. Cybersecurity forms the backbone of this experience, and PLDT and Smart Communications embarked on creating a Child Protection Platform to create a safer online environment for children. As the first telco to embark on this ambitious project, PLDT wanted an innovative cybersecurity partner to custom-build an AI-based fully automated suitable solution.

Requirements

  • Comprehensive and scalable solution alongside 5G expansion to provide granular visibility, control, and automated security to tackle expanding attack surface due to growing interconnectivity, speed, and scale of 5G networks.
  • Fully automated custom-built cybersecurity solution to address requirements of Child Protection Platform without infringing on Philippine privacy laws, yet adhering to Philippine regulations to provide child protection. As members of the Internet Watch Foundation (IWF), PLDT and Smart Communications can take down content that contains CSAM. However, since the law in the Philippines does not allow internet service providers to actively sift through information that passes through their network, they needed a cybersecurity solution to overcome the increasing challenges of blocking traffic related to CSAM, as illicit files filter their way into legitimate domains.

Solution

PLDT and Smart Communications selected the Palo Alto Networks platform, comprising of Machine Learning Next-Generation Firewalls (ML-NGFWs) with Cloud-Delivered Security Services, including Threat Prevention, Advanced URL Filtering, WildFire, and Cortex XSOAR.
Introduction

PLDT Inc. (PLDT) is the Philippines’ largest and only integrated telecommunications company. It has three principal business segments: fixed line, wireless, and digital. Smart Communications, Inc. (Smart) is a wholly owned wireless communications and digital services subsidiary of PLDT.

As the Philippines’ leading wireless provider, Smart provides mobile communications services, high-speed internet connectivity, and access to digital services and content. It’s on a mission to deliver a world-class mobile experience to its customers nationwide through accelerated deployment of 5G.

ePLDT, Inc. (ePLDT) is the ICT arm of PLDT Enterprise, the leading enabler of digital transformation in the Philippines.

Within the first five minutes of conversation with Mr. Angel Redoble, the Group CISO of PLDT, Smart, and ePLDT, it becomes clear that securing their users and network infrastructure, especially keeping children safe online, is the primary goal. “Protecting children online is of paramount importance at PLDT and Smart. It’s in our DNA.” he asserts.

This goal resonates throughout the organisation. The Legal and Regulatory Affairs Group at PLDT is engaging with Congress to craft new laws pertaining to child protection. The Corporate Communications Group builds awareness amongst the community on the same topic, incorporating a cybersecurity perspective to ensure that children across the Philippines are protected from harm online.

Along with his Cybersecurity operations team, Angel set out to do what has never been done before: build an AI-based fully automated platform to block traffic related to Child Sexual Abuse Materials (CSAM), demonstrating their commitment to securing not just users and network infrastructure but also keeping children safe online. The goal was to build a Child Protection Platform to block CSAM traffic, especially at a content level, as illicit files have filtered their way into legitimate domains, without violating privacy laws.

CHALLENGE

An expanding attack surface, increased illicit activity, and unchartered territory

As the country’s largest fully integrated telco, PLDT and Smart are the only telco firms in the Philippines with the ability to block up to the content level instantly, keeping children safe, and preventing abusers from taking advantage of children online. The companies’ recent membership into the UK-based non-governmental organization, Internet Watch Foundation (IWF), has further reinforced their commitment to blocking child sex abuse materials across multiple domains.

Angel highlights how this platform is something that has been conceptualized for the first time: “This platform is built based on a concept. The primary challenge was to block all traffic related to CSAM, especially at the content level, as illicit files have filtered their way into legitimate domains.” However, the law does not allow internet service providers (ISPs) in the Philippines to actively sift through information that passes through their network. PLDT and Smart employ open source threat intelligence gathering, invest in available commercial threat intelligence, and depend on law enforcement agencies to share the links of child abuse materials posted on the internet.

PLDT and Smart were looking for a comprehensive fully automated solution to bring consistent security and visibility to their network. Angel elaborates on how many months were spent on conceptualizing and tabletop exercises. The team considered privacy laws, customer experience, and false positives so that they did not end up blocking access to sites that are deemed to be child sexual abuse when they are not.

“We needed a trusted cybersecurity technology company who would be at the center of our platform and provide consistent security and visibility across our network. Since it was imperative that the solution needed to be tailor-built to suit our needs, we were on the lookout for an innovative cybersecurity partner, which we found in Palo Alto Networks,” says Angel.

In Palo Alto Networks, PLDT and Smart also found a partner who could think outside the box and develop a suitable cybersecurity solution. Palo Alto Networks was equally invested in creating a safe online experience for children. What struck home was the fact that Palo Alto Networks was simultaneously invested in its own Cyber Safe Kids program, an initiative set to provide children with the education and hands-on experience they need to secure their digital future.

REQUIREMENTS
  • A comprehensive and scalable solution alongside 5G expansion to provide granular visibility, control, and automated security to tackle an expanding attack surface due to the growing interconnectivity, speed, and scale of 5G networks
  • An automated custom-built cybersecurity solution to address the requirements of Child Protection Platform, without infringing on Philippine privacy laws

As members of the IWF, PLDT and Smart can take down content that contains CSAM. However, since Philippine law does not allow ISPs to actively sift through information that passes through their network, they needed a cybersecurity solution to overcome the increasing challenges of blocking traffic related to CSAM, as illicit files filter their way into legitimate domains.

"We needed a trusted cybersecurity technology company who would be at the center of our platform and provide consistent security and visibility across our network. Since it was imperative that the solution needed to be tailor-built to suit our needs, we were on the lookout for an innovative cybersecurity partner, which we found in Palo Alto Networks."

– Angel Redoble

Group CISO, PLDT, Smart, and ePLDT

BENEFITS

Strict compliance to regulatory requirements

Since the Philippine law does not allow ISPs to actively sift through information that passes through their network, PLDT and Smart needed to ensure that the Palo Alto Networks platform, consisting of ML-NGFWs and Cloud-Delivered Security Services, including Threat Prevention, Advanced URL Filtering, WildFire and 5G-Native Security, can block traffic related to CSAM. Palo Alto Networks scrutinizes the content and converts URLs for redirection. Through matching the blocked URLs against the blocked listing policy, necessary steps are taken to alert PLDT and Smart that the user is trying to access CSAM.

Scalable and integrated solution for future challenges

Since the Child Protection Platform from PLDT and Smart extensively leverages automation and orchestration, it can be easily and proactively scaled and integrated to address future challenges as the organisations, and their requirements evolve.

More than one billion access attempts blocked in real time to date

Since November 2021, more than one billion access attempts to blacklisted URLs have been blocked in real time. The impact of this project is immense, given the objectives of this project.

CONCLUSION

As the conversation with Angel draws to an end, what becomes clear is how much he is impacted by the need to protect children online and to prevent access to CSAM on a day-to-day basis. Having children of his own, this project has personal significance to Angel, and he is personally invested in it.

PLDT and Smart have found a strong partner with Palo Alto Networks, both at a technology level and an ideological level. “The thing that stood out for us with Palo Alto Networks in addition to their superior Machine-Learning Next-Generation Firewalls (ML-NGFWs) was the fact that they share the same ideology of building a safe internet environment for children,” says Angel. He also specifies how the Palo Alto Networks team focuses on building a long-term partnership by trying to accommodate all requirements of the customer in terms of technology as well as pricing.

Being the CISO of a big conglomerate, Angel’s vision is constantly evolving. From securing the environment and the enterprise, Angel’s vision expanded to securing the vulnerable sector–PLDT’s home customers and Smart’s wireless subscribers. “Our end goal is to secure cyberspace in the Philippines in its entirety.”

The enhancement of PLDT and Smart’s Child Protection Platform is a prime example of how the synergies between PLDT, Smart, IWF, and Palo Alto Networks were unified.