Network Visibility to Manage Firewall Changes & Reduce Risk
David Robinson, Security Consultant, Capita Customer ManagementInfosec London, June 2015
• UK's largest customer management outsourcer
• 11,000 employees
• 16 centers in the UK and offshore centers in India and Poland
• Serving leading public and private enterprises: O2, Google, British Gas, BMW, and William Hill
• Part of Capita plc
About Capita Customer Management
2
David Robinson
• Security Consultant, Capita Customer Management
• 10+ years of security, risk, and compliance management
Business Challenges
Large and complex firewall infrastructure
Ensuring efficient firewall rule base
Subject to PCI and internal compliance
Network team focused on connectivity, not compliance
Assessing risk of firewall changes
Verifying firewall changes with intent
Asked to manage these risks
Understanding the Network Infrastructure
4
Log dataConfig data and routing tables PoliciesLayer 3
devices
Used Skybox Firewall Assurance to provide visibility and quickly model the network
GOAL: Create an accurate, efficient rule base
5
Established a well-defined firewall rule review process
Enabled log collection to evaluate hit count
Removed disabled rules Disabled any rule with no hits Evaluated rules to ensure
they are fully utilized Repeated the process every
two weeks
GOAL: Ensure compliance with internal and external policies
6
3 Important Factors
Consistent compliance with PCI standards
Adherence with CIS benchmarks for firewalls
Compliance with CAPITA’s own internal policies
GOAL: Take control of firewall change process – this year’s focus
7
Firewalls monitored for changes and reconciled
Changes reviewed for intent vs. implementation
Sampled changes to ensure compliance
Improved process and cost savings Understood vulnerabilities potentially
exposed by changes
• Efficient, repeatable firewall rule review process
• Insight into effectiveness of security management process
• Ensure compliance with PCI, CIS, and internal policies
• Improving process for change management, reducing risk and
saving cost
Results
“We now have a single view of our firewalls and the security posture they represent”