The Axpo Group is rapidly adding new customers and as a result, security operations must be very flexible and responsive. In order to set up and provision new services quickly while maintaining security, Axpo Informatik decided to virtualize key parts of its firewall and server infrastructure. This change enabled Axpo to significantly reduce the time it took to set up a firewall for a new customer. Axpo Informatik needed a management solution that could handle virtual as well.as physical firewall architecture Axpo Infromatik’s firewall infrastructure is based on a redundant Crossbeam X40 Cluster running Check Point VPN-1 Power VSX. Their firewall management includes a central Check Point Provider-1 server with a dedicated log server that enables them to support 10 customers with 29 physical and virtual firewall systems. Critical systems are configured as hot standby clusters. The network connections to and from the Crossbeam system are based on VLAN and Multilink Trunk technologies.
Maintaining and operating 29 firewalls with numerous objects and rule bases involved a great deal of repetitive, manual work. Whenever a change was made, the operators had to determine which customers and rule bases were affected, and then had to update each object in each rule base manually. Many customers were using the same infrastructure, so the complexity and risk were compounded. With three firewall administrators, it was very difficult to keep track of each configuration change and analyze its security impact. It had become nearly impossible to keep the rule base and object databases consistent and secure.
"We are spending much less time manually updating each of our firewalls and can focus our attention on our customers. SecureTrack automation has made our team more efficient."
Bühler Werner, Team Manager, Axpo Informatik
While the existing management platform provided centralization, Axpo Informatik still required a unified, top-down view of the security policy. Axpo needed a solution that would enable the team to serve customers promptly while ensuring that every change was coordinated and app.
Axpo Informatik selected Tufin SecureTrack to provide a comprehensive view of firewall policies across all customers and objects. SecureTrack’s unified graphical interface made it easier for firewall administrators to visualize the firewall policy, understand changes and take action.
SecureTrack’s firewall change management addressed Axpo Informatik’s need to maintain accountability and consistency with comprehensive real-time tracking and reporting of changes. By comparing every change to defined corporate standards, SecureTrack enabled Axpo Informatik to identify violations and potential security breaches before any damage could occur.
Since the rule bases were so complex and difficult to maintain, Axpo Informatik started using SecureTrack’s rule base cleanup and optimization features to locate and remove unused rules and objects. This enabled the firewall team to eliminate possible security holes while significantly improving performance and hardware resource utilization. SecureTrack’s innovative policy analysis capability enabled Axpo Informatik to understand the logic of the rule base and simplify complex firewall security policies. Since Axpo Group is a public company, SecureTrack’s auditing and compliance features are an added bonus, providing full accountability, a complete audit trail, and compliance with important international regulatory standards.
SecureTrack was installed and supported by Clounet, a leading Swiss system integrator. “Installing SecureTrack was very simple. Within a couple of hours the product was already fully operational. Since then, Axpo Informatik installed an upgrade on their own and we have both been very pleased with Tufin’s support,” said Christen Martin, Partner at Clounet. “Axpo evaluated other solutions and selected SecureTrack for its combination of real-time capabilities and ease of use.”
"After several months of use, SecureTrack has made a measurable impact on Axpo’s firewall operations and has helped us to reduce service interruptions and network downtime. Now we know exactly what changes are being made by whom and SecureTrack enables us to analyze our rule bases across different firewalls at any time."
David Spale, Security Officer, Axpo Informatik
- Improved network security
- Increased network and service uptime
- Lower operating expenses
- Enforcement of corporate security guidelines
- Risk management
- Business continuity
- IT governance and regulatory
- Improved firewall performance
- Proactive security enforcement