SIX Group First operates the infrastructure as a backbone of the Swiss financial center catering to an ever-increasing global client base. Businesses today are much more reliant on applications and business services than they were 20 years ago, when firewalls were invented. Enterprises like SIX have hundreds of applications with distributed architectures and changing network requirements. In today’s business climate, security breaches, delays and disruptions are unacceptable.
The majority of SIX’s firewall changes are application related. SIX was using a Microsoft Access database to keep track of each application’s network connectivity requirements. Whenever a network change needed to be made to a business application, the application owner would export the relevant connection logic from the database to a file, update it, and send it to the network team. The network team would then need to identify the required changes manually and implement them. Finally, the application owner would update the Access database. The entire process was quite cumbersome.
“When Tufin showed us SecureApp our requirements were almost identical, and we immediately moved forward. We are delighted with the product and think highly of Tufin’s ongoing development of innovative solutions.”
Christoph Littwin Head, Telecommunications, SIX
SIX faced a major challenge when it came to managing the company’s application connectivity within the network: developing a resource efficient way to document application connectivity and manage firewall change processes while ensuring that SIX’s security policy would never be compromised.
From an efficiency perspective, SIX’s firewall change processes were quite complicated and required many resources, both in terms of personnel an time. Tasks such as deploying, migrating and decommissioning servers were taking far too long and were prone to error.
In addition, SIX’s firewall team was continuously being challenged by the ever-increasing risk of attacks and needed an advanced tool to detect and mitigate the risks. The challenge was to safeguard and ensure an impermeable implementation of SIX’s security policy, while recognizing and allowing for the fact that applications are at the core of the organization. The company understood that even a simple application-based rule change such as the opening of potentially unnecessary ports could expose the company to a serious security breach.
SIX sought a solution that would optimize its firewall policy management process. The ideal solution would need to manage application-related firewall changes from a business process perspective, instead of requiring firewall teams to hunt for connectivity data spread across the entire infrastructure. SIX began to search for solutions on the market and even considered developing its own tool before hearing about Tufin SecureApp.
SecureApp was designed to enable IT organizations to effectively manage the network connectivity and security requirements of their applications. A completely new approach to managing application connectivity, SecureApp allows security professionals to easily define, update, monitor and remove applications – without analyzing long lists of access rules on multiple firewalls and routers.
Tufin and SIX held a workshop to examine the needs and the proposed solution. Together, SIX and Tufin created a requirements document, which evolved and grew as Tufin supplied additional versions of the product, culminating in the official release.
“Our firewall team was continuously being challenged by the ever-increasing” risk of attacks and they needed advanced tools to detect and mitigate the risks,” said Christoph Littwin, Head, Telecommunications, SIX. “While we had to ensure that our security policy was implemented without compromise, applications were, and still are, the lifeblood of our organization. SecureApp works well for us because not only does it flag any unnecessary network access requests for applications, it actively creates a cleaner and more reliable firewall policy. And because this data is continuously updated and “customized” automatically, we are very confident that our process is optimized and that potential threats have been reduced to a minimum.”
SecureApp has streamlined the process by which SIX deploys, updates and decommissions applications, as well as diagnoses connectivity problems.