Swisscom’s security management came to the realization that they were not in full control of their firewall operations when in 2007 an external annual audit resulted in several high risk findings. This prompted an immediate search for a solution that would address the following: Reduce the time required to plan and implement policy changes Allow administrators to pinpoint the exact change that caused a network incident Guarantee the correct implementation of all rule base changes throughout Swisscom’s over 150 firewalls.
Swisscom’s security management came to the realization that they were not in full control of their firewall operations when in 2007 an external annual audit resulted in several high risk findings. This prompted an immediate search for a solution that would address the following: Reduce the time required to plan and implement policy changes Allow administrators to pinpoint the exact change that caused a network incident Guarantee the correct implementation of all rule base changes throughout Swisscom’s over 150 firewalls
The Technical Connectivity team had no choice but to manually review and analyze firewall policies in order to decide where to place new rules or objects and had no easy way to check whether a proposed rule already existed or not. As a result, the design of each policy change was very labor intensive and time consuming. In addition, once the implementation team made the required change there was no automatic process in place to ensure that the change was correctly configured. Multiply that by the vast number of changes performed throughout Swisscom’s massive security operations and it is clear that Swisscom was facing a serious challenge.
”We already had tight processes in place, but the automation SecureTrack introduced provided us with an overall snapshot of the state of our firewalls that enables us to operate in a much more agile, proactive, and strategic manner. We accomplish more in less time, with full confidence that we are operating in a secure, compliant fashion.”
Michel Müller
Senior Network Security Engineer,Swisscom
The Operations team had no tool that would allow them to isolate rules that match a specific traffic pattern – source, destination and service. At any given time, they could filter the rule base only by one of these criteria and then had to manually correlate the information. In addition, if a problem or incident occurred they could not accurately pinpoint which change had caused it. Once the rule base had been changed there was no looking back and there was also no way to predict the effect future changes may have on the network. This made for a very arduous maintenance and incident handling process.
As a key service provider for both the public and the private sectors, Swisscom was subject to rigorous annual auditing processes. As part of the effort to ensure overall network integrity Swisscom instated a Security Board that reviewed and monitored all changes performed and served as a second level of verification and authorization. One of the duties of the Board was to monitor all changes performed by new employees in their first three months. Once again, without an automated tool this was a near impossible task.
