Manufacturing Company Migrates From Legacy Cisco ASA Firewalls to a Fortinet Distributed Enterprise Firewall Solution

Cyber Defense for a Distributed Enterprise

Written By // Todd Bey

Manufacturing
1,000
Chicago, IL

A publicly traded manufacturing company faced a high-risk cybersecurity issue. They were running legacy Cisco ASA firewalls in 2017 across 11 sites including their headquarters in Chicago. These firewalls had limited security features, limited visibility into user activity and had no means of centralized reporting or monitoring system health and security events. The organization had a de-centralized IT governance model, and there were no standards for the firewalls across each site. The local IT teams were focused on “keeping the lights on” and had limited time to review or update the cybersecurity aspects of the ASA firewalls.

The company needed a next-gen firewall solution that was purpose-built for a distributed enterprise. The solution needed to include the latest cybersecurity features to protect against modern threats. Since hiring or training internal staff for this specialized skill set did not fit into the company’s IT support model or strategy, the solution also needed to include a managed firewall service via a third-party provider.

SWC’s security managed services provide 24×7 security monitoring

A distributed enterprise model is inherently more difficult to secure compared to a centralized model where all employees are located under a single headquarters site.

When it comes to centralized large headquarters sites, it’s possible to secure them with traditional methods using one powerful firewall, and the need for features such as software-defined WAN (SD-WAN) or a security fabric is less critical. For this manufacturing company, where the workforce was distributed, a different approach was needed.

Uncovering the Gaps with In-Depth Security Assessment

Rather than leaving the fate of their business to chance, the company engaged with SWC to conduct an in-depth security assessment to uncover risks and help them make more informed investments in protecting their data.

As an outcome of a security assessment, SWC found the customer needed SD-WAN features in addition to security and the FortiGate firewalls they were set to deliver. Each site had an MPLS and basic Internet connection. By deploying the use of SD-WAN, each site could have greater resilience and highly-available connection back to the HQ datacenter and the cloud.

Best Performance per Dollar

Fortinet solved the distributed enterprise problem gracefully. Each individual firewall provided the best performance per dollar compared to any firewall on the market due to its proprietary ASIC (hardware chip) technology. The small branch office model could support essentially all of the security features of a larger model. This allowed the company to deploy lower-end models to remote sites, significantly reducing the hardware cost for each site. This also allowed the manufacturing company to focus its budget on licensing and implementing the latest security features.

Use Fortinet Security Fabrics to Protect the Enterprise

The manufacturing company also needed a solution to help prevent and block zero-day malware. This is malware that is typically new in the wild and less than 24-hours old.

In addition to the FortiGate firewalls, SWC deployed the FortiSandbox solution as part of the Fortinet Security Fabric. The FortiGate firewalls forwards all unknown files to this solution. The FortiSandbox can then execute files in an isolated environment that mimics client systems such as Windows 10. It looks for signs of suspicious or malicious activity.

For example, if a file tries to “phone home” to a known botnet, it is marked as High Risk or Malicious. The signature of this file is then reported back to all Fortinet firewalls. If the file enters the network again on any firewall, it is immediately blocked by the anti-virus (AV) component in real time.

Maintain Compliance

Since the company is publicly-traded, they are bound by SOX compliance. As such, they needed a solution to retain all types of firewall system and security logs for up to 1 year. FortiAnalyzer is a logging solution that can centralize all logs into a single system. The built-in database and reporting system made it feasible for the company to highlight-risk events, find a “needle in a haystack,” or easily fulfill audit requests.

SWC’s Managed Threat Defense

The customer also needed monthly reports that summarized all information based on risk. To do this, SWC took logging and reporting capabilities of the FortiAnalyzer to the next level as part of the full managed firewall security managed service, also known as “Managed Threat Defense.”

In addition to responding to system and security events 24×7 with a dedicated NOC team, the Managed Threat Defense services also included monthly reporting and risk analysis. SWC did not simply use the canned reports since they can be a challenge when it comes to assessing risk to the organization.

From there, SWC gathered the most important information and report on known risks and trends that could lead to high or critical risks to the organization. By leveraging the features of the Fortinet solution as well as SWC’s reporting, the company had much greater visibility into the security risks on their network.

They immediately started to see surprising and previously unknown security risks, such as the use of BitTorrent software and unencrypted FTP. Malware on infected personal mobile devices and contractor laptops on their internal trusted networks were also found. All malicious activity was blocked from Day 1.

Solid Governance Ensures a Secure Solution

The solution provided a uniform platform that finally allowed for rollout IT governance and standards. This was a major gap found in the security assessment.

After deployment, the company worked with SWC to further define standards for firewall rules, security profile configurations and admin logins using Active Directory accounts. This reduced the guesswork for the local site IT teams when it came to firewall administration and management.

Have you made, or are starting to make, the transition to a modern next-gen firewall platform? Contact SWC to discuss your unique needs and establish a security roadmap and strategy that addresses your cybersecurity needs.

Questions? Get in Touch

Just Released! 2018 Tech Insights ReportDownload
+