Failed Firewall Audit
Deploying next generation security
Business challenge
The client’s staff had limited security experience, resulting in audit failures for two consecutive years. Problems included no separation of duty for firewall access, no intrusion prevention system (IPS) or threat prevention measures in place, and a legacy firewall with no logging or reporting.
Solution
Six Degrees Consulting reviewed the existing Cisco firewall policy and built an equivalent solution within the SDC technology lab to test.
We selected Next Generation Firewall (NGFW) solutions available via our partnership with Check Point: SandBlast™ and Next Generation SmartEvent. We staged the new Check Point equipment and placed it in parallel operation to allow the client’s team to familiarize itself with the new tools and test functionality before deploying.
The new, IPS-enabled firewalls were set up and deployed with policy equivalent to the original. Six Degrees Consulting configured initial alerting and reporting. Once this was in place, SDC helped the client deploy anti-bot, anti-virus, and Threat Emulation with reporting and alerting. Then SDC developed URL and application control policies to replace Websense.
As a result of SDC’s work, the client passed the next audit. The changes not only addressed the security gaps but also allowed the client to move from multiple vendors to one vendor. This reduced training required for staff and lowered costs.
Solutions, services, and products applied
Network security: Check Point
SDC: enterprise security, policy optimization, firewall upgrade and migration, threat emulation and extraction, security optimization, custom training, test-lab development consulting services