New Readers

 Home News and World Report Buyers Guide Global Excellence Technology Case Studies Editorial Awards About Info Security
IBM MSD Standardizes on Tufin SecureTrack to gain full control, management and auditability of firewall, router and switch policy changes

Background: IBM Managed Service Delivery (MSD) is IBM’s Pay-as-you-go infrastructure and application management services for SAP, Oracle, PeopleSoft, Siebel, PTC Windchill and Lotus. A comprehensive portfolio of software, services, hardware and industry-specific solutions, IBM MSD is simplifying the management of enterprise applications through a fully configurable set of usage-priced application hosting services. Leveraging IBM MSD’s hosted offerings, organizations can reduce project and infrastructure costs by up to 50%.

Challenges: The IBM Managed Service Delivery (MSD) network team consists of 12 people that manage more than 80 Check Point firewalls as well 90 Juniper firewall and about 500 Cisco routers and switches across 20 data centers nationwide. For any business, firewall rule changes are a frequent event - patching or upgrading an application, customers adding or cancelling user access to applications, adding, taking away or servicing devices in the environment – these are all events that warrant a change or adjustment to a firewall rule. In an On-Demand business, changes are even more frequent. A single rule change, if not created and implemented correctly, could result in one of IBM MSD’s customers either having too permissive or restrictive access – neither being an acceptable scenario.With more than 100 firewalls to manage, documenting, planning and implementing those changes had become too complex an endeavor to handle manually, so the network team wanted to automate the process and in doing so, create a standardized, repeatable, and scalable process for managing those changes. The network team’s goals for automating the firewall monitoring and change management process were to: •Reduce Outages and downtime caused by and undocumented firewall changes•Ensure all changes were documented and approved •Generate On-demand change reports •Visibility into administrator accountability, •Link changes to user requests and approvals•Automate the quarterly change comparison process, that when done manually, takes several man -days to complete •Store historical revisions in central repositoryIBM MSD’s audit requirements do not just apply to firewalls. Ultimately, whatever solution they chose would need to have the capacity to would monitor changes for all MSD networking gear.

Best Deployment Scenarios and Case Studies

Solution provided by Tufin Technologies: Before they started actively looking at automation solution, IBM MSD’s network team collaborated on key criteria and came up with the following requirements:•The ability to check and report that best network security practices and audit requirements are being met.•The ability to automatically classify rule-related vulnerabilities: High, Medium or Low •The ability to test our devices against baseline Secure Configuration.•The ability to immediately fix any vulnerabilities or errors in configurations •Improve Mean Time to Recovery (MTR) for issues caused by human error•The ability to extend the benefits of policy and change management to other devicesAfter a rigorous technology evaluation and selection process, the team chose Tufin’s SecureTrack because it was the only solution they evaluated that was able to meet their business requirements. The fact that Tufin was able to meet them “out of the box” was an added bonus.Installation was a breeze: the operations team instantly integrated the Tufin T-Series appliances with the Tufin Security suite into the network environment without specialized training or the need to allocate additional time or resources to manage it. In fact, the product took literally 30 minutes to install. Within hours, SecureTrack was supplying IBM MSD with the information required to create and maintain a clear, accountable audit trail of which administrator made what change, when they made it and from where. Almost immediately, SecureTrack introduced significant operational efficiencies by dramatically reducing the time required to monitor, manage, and audit policy changes across IBM MSD’s network.An unexpected but very welcome benefit was SecureTrack’s value as a troubleshooting tool. Using SecureTrack. IBM MSD was able to reduce the time required to identify the source of manual configuration errors from hours to minutes. Partnering with Tufin for Security Lifecycle Management has enabled IBM MSD to more efficiently deliver its customers.

Summary: The main objective Of IBM MSD’s Security Lifecycle Management initiative was to gain full control, management and auditability of firewall, router and switch policy changes. Standardizing on Tufin SecureTrack enabled IBM MSD to deliver its customer better service faster by introducing the following improvements into their network environment:•By automating firewall policy and change management processes, significantly fewer mistakes occur. When they do, SecureTrack quickly identifies “needle-in-a-haystack” firewall issues, reducing the Mean Time to Repair for any firewall related issue by roughly 85-90%. •Tighter and more secure rule bases, combined with the ability to improved network security, have reduced firewall related incidents by 30-40%•Implementing SecureTrack has reduced the frequency of a firewall related downtime or outages by 40-50%. •SecureTrack has dramatically reduced the time and cost of firewall audits and overall, reduced the time and cost of firewall management by approximately 60%. In addition, Tufin SecureTrack has provided IBM MSD with these additional benefits that, while harder to quantify in terms of time and cost savings, have resulted in much more efficient, secure and complaint operations:•Automated and standardized change management – using a common interface, any admin can see who submitted what change from where, as well as who approved it and when it went into effect.•The ability to enforce IT governance and corporate best practices•Optimized infrastructure performance - using SecureTrack’s optimization features, IBM MSD reduced the size of each firewall rule base, easing the processing burden and extending the life of each device.From a growth and planning perspective, Tufin SecureTrack helps IBM MSD to more easily and securely support spikes in demand. Finally, the ability to easily duplicate and verify the integrity of secure configurations has increased IBM MSD’s ability to quickly and efficiently roll out new applications.

Tufin Technologies
5 Shoham Street
Ramat Gan 52521 Israel

Bookmark and Share  

Follow us on twitter   Join us on LinkedIn   Photos on flickr   Watch us on YouTube   Become our fan on Facebook   Google   

Volunteer To Be A Judge
Apply today to be a preliminary-round judge for the 2011 awards. If you qualify, you'll be assigned categories based on your experience and industry. Apply now to be a Judge>>
More Best Deployment Scenarios...
Current threat scenarios, best deployment scenarios and case studies Learn more>>