The Challenge

Telenor case study

Large service providers and enterprise data centers often have multiple firewalls from a variety of vendors. In addition to this complexity, as firewall rule bases grow, they tend to become very complicated and difficult to manage. As a result, it can take a great deal of time and expertise to accurately implement new network access requests, a problem that Telenor was facing.

"Telenor has security solutions from many different vendors, but we were lacking a common system to ensure consistency and security across all platforms,” says Carl Magnus Kalstad, Head of Datacenter Network at Telenor Norway. “Before the Tufin solution, we had purchased and installed another tool, but it never lived up to our expectations. We experienced a lack of flexibility and a huge maintenance bill that left us looking for something new.”

"Introducing new services has become more complicated as you work with multiple users, networks and data centers. Data packages are often transmitted through multiple rule sets which are usually not ordered to optimize performance. This problem is solve with Tufin solutions, which provide top-down visibility and control over all of our devices."
Carl Magnus Kalstad Head of Datacenter Network at Telenor Norway

Telenor turned to Tufin SecureTrack and SecureChange to help resolve their firewall management problems. Tufin’s Security Policy Orchestration solution enables organizations to manage security policies across all network devices, including traditional and next-generation firewalls, routers, switches and load balancers, and to help companies take comprehensive control of their firewalls. Tufin’s SecureTrack and SecureChange solutions are particularly suited to companies with multiple firewalls and large and complex rule sets.

Precision and Automation

“We have two critical needs,” explains Kalstad. “The first one is to keep track of our firewall rules and to ensure that rules no longer in use are removed so that security is not compromised. We frequently get requests for new rules that give users access to applications; the challenge is remembering to remove outdated rules. After several years, we wind up with a lot of rules that we don’t need or use.”

The second need is to better manage change. Telenor has many large networks, and it takes extensive in-depth knowledge to configure these firewalls. “Because of our large, complex networks, we have seen cases where firewall rules were not created precisely in accordance with the requirement of the original request. With SecureTrack and SecureChange this problem has been solved.”

SecureTrack analyzes the network topology to identify the firewalls involved and how they need to be changed, enabling Kalstad’s IT department to focus their resources on other important tasks. The department is also implementing SecureChange to fully automate their security change processes. For Telenor, utilizing the Tufin solution to minimize manual work while maximizing automation and accuracy was a clear objective.

Finally, the Tufin solutions were selected for their ability to identify and streamline necessary firewall modifications. “The more time we spend on firewall changes, the longer it takes before a project is implemented. If the purpose of a project is to provide new services, we need to reduce the amount of time that expensive consultants sit and wait in order to get access to applications,” says Kalstad.

Optimization and Cleanup

As the size and complexity of firewall rule bases continue to grow due to the increasing requirement for online services, so do the needs for advanced rule base analysis capabilities offered by SecureTrack. Previously, there was no solution in place for analyzing the current rule base and suggesting the optimal change prior to implementation. In addition, many firewall policies included legacy rules that duplicated or conflicted with each other. When Telenor IT managers removed a firewall rule, it was difficult for them to predict which systems would be affected. SecureTrack enables Telenor to clean up unused rules and to optimize the order of rules for improved performance. SecureChange then analyzes the network to determine which firewalls need to be changed, and goes so far as to suggest the optimal change to the firewall policies.

"We chose Tufin because of the technology and because” the solution does exactly what we need it to do. At the same time, I would also like to take this opportunity to praise the team. The follow-up and service we get from Tufin has been much better than what we normally get from other large suppliers, and Tufin has been there for us around the clock."
Carl Magnus Kalstad Head of Datacenter Network at Telenor Norway

Customer Benefits

  • Dramatic reduction in routine manual work.
  • Change requests are implemented accurately
  • Security policies are clean optimized and efficient
  • Accelerated service delivery
  • Reduced operating expenses
  • Improved IT processes