Upload File

capita - network visibility to manage firewall changes & reduce risk

  • Home
  • Technology
  • CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
9
Network Visibility to Manage Firewall Changes & Reduce Risk David Robinson, Security Consultant, Capita Customer Management Infosec London, June 2015

Upload: skybox-security

Post on 17-Aug-2015

137 views

Category:

Technology


0 download

Report

Tags:

TRANSCRIPT

Page 1: CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk

Network Visibility to Manage Firewall Changes & Reduce Risk

David Robinson, Security Consultant, Capita Customer ManagementInfosec London, June 2015

Page 2: CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk

• UK's largest customer management outsourcer

• 11,000 employees

• 16 centers in the UK and offshore centers in India and Poland

• Serving leading public and private enterprises: O2, Google, British Gas, BMW, and William Hill

• Part of Capita plc

About Capita Customer Management

2

David Robinson

• Security Consultant, Capita Customer Management

• 10+ years of security, risk, and compliance management

Page 3: CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk

Business Challenges

Large and complex firewall infrastructure

Ensuring efficient firewall rule base

Subject to PCI and internal compliance

Network team focused on connectivity, not compliance

Assessing risk of firewall changes

Verifying firewall changes with intent

Asked to manage these risks

Page 4: CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk

Understanding the Network Infrastructure

4

Log dataConfig data and routing tables PoliciesLayer 3

devices

Used Skybox Firewall Assurance to provide visibility and quickly model the network

Page 5: CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk

GOAL: Create an accurate, efficient rule base

5

Established a well-defined firewall rule review process

Enabled log collection to evaluate hit count

Removed disabled rules Disabled any rule with no hits Evaluated rules to ensure

they are fully utilized Repeated the process every

two weeks

Page 6: CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk

GOAL: Ensure compliance with internal and external policies

6

3 Important Factors

Consistent compliance with PCI standards

Adherence with CIS benchmarks for firewalls

Compliance with CAPITA’s own internal policies

Page 7: CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk

GOAL: Take control of firewall change process – this year’s focus

7

Firewalls monitored for changes and reconciled

Changes reviewed for intent vs. implementation

Sampled changes to ensure compliance

Improved process and cost savings Understood vulnerabilities potentially

exposed by changes

Page 8: CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk

• Efficient, repeatable firewall rule review process

• Insight into effectiveness of security management process

• Ensure compliance with PCI, CIS, and internal policies

• Improving process for change management, reducing risk and

saving cost

Results

“We now have a single view of our firewalls and the security posture they represent”

Page 9: CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk

Thank You


Maximising Firewall Performance - alcatron.net Live 2013 Melbourne/Cisco Live... · Maximising Firewall Performance BRKSEC-3021 . ... Firewall and VPN Firewall Multiservice ASA 5540

Controlling Access Through the Firewall · Firewall# show firewall The result is either “Firewall mode: Router” or “Firewall mode: Transparent”. If you need to configure

Firewall Change Management - de.security.westcon.comde.security.westcon.com/documents/40108/Firewall_Change_Manage… · Firewall Change Management ... Firewall management has become

Improving Logistics Process with an “ERP Firewall” and ... · Slide 1 ©2011 GXS, Inc. Improving Logistics Process with an “ERP Firewall” and Real-Time Visibility Rochelle

Firewall - piya.ee.engr.tu.ac.th · Firewall Pro & Cons Types of Firewalls Firewall Configuration Firewall Products Firewall Alternatives Firewall Pro & Cons Pros Keeping unwanted

DT Next Generation Firewall FortiGate 3000D Segmentation ... · Security Fabric § Enables Fortinet and Fabric-ready partners’ products to provide broader visibility, integrated

Firewall Feature Overview alto.pdf · 2015-02-02 · Palo Alto NetworksTM next-generation firewalls bring high performance, policy-based visibility and control over applications,

SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP

INTERNATIONAL CONFERENCE - Future Forces Forum · 2014-10-17  · ASA stateful firewall Threat focused – Industry--leading next-generation IPS (NGIPS) URL Filtering Unmatched visibility

Windows Firewall Exceptions - Docusnap€¦ · Windows Firewall Exceptions ... Editing a group policy object Windows Firewall Exceptions ... Network Connections Windows Firewall

Say(Hello(to(your(Frienemy(–The(Firewall(fasterdata.es.net/assets/fasterdata/Firewall-tcptrace.pdf• Firewall(will(normally(notimpacttraffic(leaving(the ... – “Inbound”(Through(Firewall(•

Security Firewall Firewall design principle. Firewall Characteristics. Types of Firewalls. Firewall Components & Configurations

Adjustment of per capita income distribution by per capita

firewall, antivírus, Fortinet e Trend Micro - FortiGate 3600E Series … · 2020-01-30 · The Security Fabric delivers broad visibility, integrated AI-driven breach prevention,

Windows 7 Firewall. Windows 7 Firewall Topics What is a firewall? What is a firewall? Firewall types Firewall types How a firewall works How a firewall

Cisco Public Cisco Firepower Next-Generation Firewall · 2019-03-12 · Cisco Public Cisco Firepower Next-Generation Firewall Prevent breaches, get deep visibility to detect and stop

Joint Sensor: Security Test and Evaluation Embedded in a ... · symmetrical framework of visibility and interception. Even though access to the data collected ... such as firewall

Next Gen Firewall and UTM Buyers Guide - Insight · Next Gen Firewall and UTM Buyers Guide ... stateful firewall, network ... Provides visibility into encrypted web traffic to protect

Thunder CFW High-Performance Versatile FirewallThunder CFW offers Gi LAN services consolidation to combine L4–L7 functions, including CGNAT, stateful firewall, and application visibility

SmartSecure Hosted VM Firewall Service€¦ · With NFV deployment, it’s imperative to have full visibility into resource utilization for every deployed VNF: bandwidth, CPU, MyAryaka

SSL Visibility with Protection - etouches · Market Share 1Q 2016* ... Offering a complete range of enterprise-class features ... Network Firewall, IPSEC, SSL-TLS VPN • C&A

Where firewalls fit in the corporate landscape. Firewall topics Why firewall? What is a firewall? What is the perfect firewall? What types of firewall

untangle firewall configuration for firewall security

Sophos XG Firewall · Sophos XG Firewall The world’s best visibility, protection, and response. Sophos XG Firewall brings a fresh new approach to the way you manage your firewall,

Next Generation Firewall FortiGate Internal Segmentation ... · Next Generation Firewall Internal Segmentation Firewall Data Center Firewall and IPS Carrier-Class Firewall The FortiGate

Using pfSense as a Firewall - growthpixel.com · Using pfSense as a Firewall @tetranoodle Describe a firewall and its functions Configure pfSense as a firewall Setup and manage firewall

Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall SIEM ATD VA Endpoint Patch EMM ... • Visibility • Compliance • Network/Access

Barracuda Web Application Firewall Security and ... · Traditional firewalls offer application control but not visibility. A Web Application Firewall (WAF) secures applications against

PowerPoint Presentation · PACKETVIPER PACKETVIPER PayPal' Google 01.1 Cisco FIREWALL MAIL IMAP PayPar Google CISCO Increased visibility to attackers, threats, alerts and logging

Filtering in Firewall By Fantastic 5. Agenda What is Firewall? Types Of Firewall Pros and Cons Of Different Firewalls What Firewall can do? What Firewall

Sophos XG Firewall - Davichi Computer ServicesSophos XG Firewall The world’s best visibility, protection, and response. Sophos XG Firewall brings a fresh new approach to the way

FIREWALL WAN HAIL FIREWALL INTERNET …FIREWALL WAN HAIL FIREWALL INTERNET SERVERS PROXY WEB ROUTER CLIENT pcs

What is a Firewall? Firewall, VPN, Firewall, VPN, IDS ...abc/teaching/bbs677/slides/...Firewall, VPN, Firewall, VPN, IDS/IPSIDS/IPS Ahmet Burak Can Hacettepe University [email protected]

McAfee Firewall Enterprise v8.3.2 and McAfee Firewall ... Firewall... · McAfee Firewall Enterprise v8.3.2 and McAfee Firewall Enterprise Control Center v5.3.2 Security Target 17

Citrix NetScaler— A foundation for next-generation ... · Citrix NetScaler White Paper 3 citrix.com NetScaler Application Firewall Traditional network firewalls lack the visibility