In order to provide comprehensive security for its hosting services, Swisscom operates more than 150 firewalls containing over a thousand rules each. To effectively manage this extensive firewall estate, well defined processes have been put into place. Firewall operations are managed by four teams each handling a different stage of the management lifecycle. The Technical Connectivity Team leader receives access requirements from various project leaders and designs the required policy changes. These are reviewed and approved by the Security Board that hands off the changes to the Implementation Team to set up access. The Operations Team then monitors the firewalls and handles all incidents.
Swisscom’s security management came to the realization that they were not in full control of their firewall operations when in 2007 an external annual audit resulted in several high risk findings. This prompted an immediate search for a solution that would address the following: Reduce the time required to plan and implement policy changes Allow administrators to pinpoint the exact change that caused a network incident Guarantee the correct implementation of all rule base changes throughout Swisscom’s over 150 firewalls
Technical Connectivity and Implementation teams - the need to efficiently design and implement firewall policy changes
The Technical Connectivity team had no choice but to manually review and analyze firewall policies in order to decide where to place new rules or objects and had no easy way to check whether a proposed rule already existed or not. As a result, the design of each policy change was very labor intensive and time consuming. In addition, once the implementation team made the required change there was no automatic process in place to ensure that the change was correctly configured. Multiply that by the vast number of changes performed throughout Swisscom’s massive security operations and it is clear that Swisscom was facing a serious challenge.
”We already had tight processes in place, but the automation SecureTrack introduced provided us with an overall snapshot of the state of our firewalls that enables us to operate in a much more agile, proactive, and strategic manner. We accomplish more in less time, with full confidence that we are operating in a secure, compliant fashion.”
Senior Network Security Engineer,Swisscom
Operations team - the need to streamline incident handling
The Operations team had no tool that would allow them to isolate rules that match a specific traffic pattern - source, destination and service. At any given time, they could filter the rule base only by one of these criteria and then had to manually correlate the information. In addition, if a problem or incident occurred they could not accurately pinpoint which change had caused it. Once the rule base had been changed there was no looking back and there was also no way to predict the effect future changes may have on the network. This made for a very arduous maintenance and incident handling process.
The Security Board - the need to ensure overall network security
As a key service provider for both the public and the private sectors, Swisscom was subject to rigorous annual auditing processes. As part of the effort to ensure overall network integrity Swisscom instated a Security Board that reviewed and monitored all changes performed and served as a second level of verification and authorization. One of the duties of the Board was to monitor all changes performed by new employees in their first three months. Once again, without an automated tool this was a near impossible task.
- Automated firewall auditing and management operations
- Allowed real-time monitoring of all changes
- Reduced time required to plan and implement security changes
- Ensured compliance with regulatory requirements
- Improved overall network security