Global IT Consulting Company Improves Security and Increases Efficiency by Eliminating Error-prone Manual Firewall Management
MothersonSumi INfotech and Designs Limited (MIND) is a global provider of end-to-end IT solutions, serving organizations in 24 nations. MIND is certified for ISO 9001:2008, ISO/IEC 27001:2005 and CMM Level 5, and provides consultancy services and solutions for Application Development and Maintenance, IT Infrastructure Management Services, Product Development and Engineering Solutions and helps customers achieve their desired ISO level.
MIND’s complex network consists of many remote locations and is secured with more than 40 firewalls from multiple vendors, including Check Point, Fortinet and Juniper as well as Blue Coat proxies. With hundreds of unnecessary rules in each of the firewalls under management, MIND’s Network Support team members were spending too much time cleaning up the policy rule base.
“Cleaning up the policy rule base is a tedious, risky manually-intensive job,” said Santosh Sahoo, Assistant Project Manager at MIND. “Furthermore, we had to evaluate the risks based on best practices or our experience, which was time consuming. We also had to collect and organize this information into the proper reporting format for ISO 27001 requirements.”
Additionally, manually planning and implementing firewall changes was a time-consuming and complex process, as was keeping track of all of the changes and updating records for auditing and/or rollback purposes. With all of these challenges, plus increasing network complexity, MIND realized they needed a more efficient method for centrally monitoring and managing all of their security devices and policies.
MIND selected the AlgoSec Security Management solution to automate firewall operations across the entire multivendor estate and reduce the resource strain. “There were many reasons why we chose AlgoSec over alternative options. It met all of our requirements by supporting a wider range of devices, providing a dashboard with immediate visibility and more robust policy analysis,” said Harvansh Sagar, GM of IT Infrastructure.
Since implementing AlgoSec, the MIND team has significantly improved its firewall policy management change processes — from identifying any pre-existing rules in place, to risk assessment, to simulating the change. “AlgoSec has helped us make our our network more secure and has improved our ability to efficiency to manage more client devices with the same resources,” said Sagar. “We are now able to more efficiently analyze the firewall policies, spend less time on repetitive and error-prone manual tasks and perform a risk assessment before approving firewall changes. This automation saves time and man hours by at least five hours per change,” said Santosh.
“AlgoSec’s firewall policy analysis has also improved the performance of the firewalls with features like policy tuning, identifying un-used policies and reordering policies.” With AlgoSec, MIND has a complete understanding of what is occurring with the policy across all of their firewalls. “We have a virtual server dedicated to AlgoSec as our management server for all of the firewalls in our environment. It monitors our security policy 24×7 and provides us with real-time alerting for details like ‘who added/modified/removed the rule, what time the policy was pushed,’ etc. Now we have full visibility of what’s going on with these devices,” said Santosh.
Using AlgoSec, MIND has also been able to significantly reduce the time to perform audits and ensure compliance. “We can now run an audit report for ISO 27001 out-of-the-box and get a view of the network security policy status in just a click of button.”