Overview
Our client sought to update from layer-3 firewalls to layer-7 next-generation firewalls (NGFWs) for greater control over network traffic and improved security.
The global telecoms company selected Performanta with the migration for our experience with NGFWs and our low-disruption, business-first approach.
Performanta and the client’s stakeholders developed a migration strategy with relevant policies and traffic rules, covering crucial requirements such as ongoing access for staff.
We deployed the NGFWs over a three month period, phasing the stages with frequent tests and room for future improvements. Alongside the deployment, Performanta helped upskill and prepare the client’s teams for a full handover.
Our client gained visibility and control over network traffic, including application traffic, a 35 percent increase in effective policy enforcement, and almost 30 percent reduction in time spent on firewall management tasks.
Executive Summary
Firewalls manage network traffic, keeping the bad actors outside and organisations safe. But the world’s rapid digitisation is leaving traditional firewalls behind. IT professionals divide how computers communicate over a network into seven layers, as defined by the Open Systems Interconnection (OSI) model. Traditional firewalls stop at layer three, but next-generation firewalls (NGFWs) cover all seven layers.
Performanta’s global telecommunications client recognised this shift exposed them to security threats. After exploring the market, they selected Performanta to help them migrate to layer-7 firewalls based on our experience with NGFWs and our low- disruption, business-first approach.
Working alongside the client’s security and networking teams, Performanta developed a strategy based on their business needs (such as ongoing access to network resources), policies and traffic rules. We implemented the NGFWs over three months, using a carefully phased approach with frequent tests and leaving room for future improvements. We also skilled our client’s teams to manage and maintain the NGFWs, ensuring a smooth handover.
NGFW migrations are notorious for their complexity and pitfalls. We used Performanta’s rigorous tried-and-tested methodologies, planning a strategy to incorporate and migrate established traffic rules and security policies, integrating with existing network components, and minimising downtime that would impact our client’s workforce. We also helped establish new policies and rules that use the features of the NGFWs.
Within a quarter, our client migrated to NGFWs, giving them much better visibility and control over network traffic, including application traffic, and realising a 35 percent increase in effective policy enforcement and almost 30 percent reduction in time spent on firewall management tasks. They moved away from the blunter controls of the layer-3 era with little disruption and now enjoy state-of-the-art and secure network traffic control.
The Challenge
This multinational enterprise relied on numerous layer-3 firewalls but realised that those solutions had become outdated. The increased sophistication of cyber threats and the changing nature of workplaces required an upgrade to next-generation firewalls (NGFWs). Whereas traditional firewalls bluntly block what administrators specify, NGFWs deliver more advanced and intelligent filtering rules that can delve into areas such as application traffic.
Yet such a migration is no small task. There are substantial differences between older layer-3 firewalls and layer-7 NGFWs, and the nature of enterprise environments makes such a change pretty complex. It requires integration with existing network infrastructure components such as routers, switches, and VPN gateways; the deployment team had to plan carefully to avoid compatibility issues and ensure smooth communication. Getting this wrong would have compromised the client’s security posture and productivity, especially if the migration caused downtime of network services.
The Solution
After exploring the market’s best options, our client selected Performanta to design and deploy the NGFWs. Over three months, we implemented the NGFWs in a phased approach, along with thorough testing, minimised disruption and room for improvements after every transition. The project proceeded smoothly because we started with a detailed understanding of the network infrastructure, security requirements, and desired NGFW features.
Close collaboration between our client’s network team and Performanta ensured a well-designed architecture and rule sets. We conducted rigorous planning, testing and validation of the NGFW configuration and rulesets in a controlled environment, minimising risks and ensuring smooth cutovers. Our team gave particular attention to translating security policies and traffic rules, and resolving compatibility issues with existing network components.
The Results
Our client realised a 35 percent increase in effective policy enforcement and almost 30 percent reduction in time spent on firewall management tasks thanks to simplified management capabilities. Performanta successfully migrated our client from layer-3 firewalls to layer-7 NGFWs in just three months. We worked alongside their security and networking teams, concluding with a handover. They now have an enhanced ability to detect and prevent network threats. The NGFWs provided greater visibility into network traffic, enabling better control over application-level filtering and security policies.
Performanta completed the project in just a few months without causing major disruptions or creating new risks or performance problems. Layer-7 firewalls are notoriously complicated in a legacy migration. But by following a well-planned migration approach and working closely with the client’s teams, we delivered a seamless transition.
Talk to our experts
About Performanta
Performanta was founded in 2010 and has over 150 staff worldwide, including former CIOs/CISOs from large enterprises. It has a global footprint with a team of 80 analysts working in two SOCs, helping to secure customers across 50 countries, from offices in the United Kingdom, Australia, Germany, South Africa and the USA. Performanta offers a consultative approach to people, process and technology, focusing on security projects in line with adversarial, accidental and environmental business risk. With a holistic cybersecurity view, we understand the modus operandi of the perpetrator and accordingly build an intelligent defence mechanism to make customer environments less susceptible to attacks.