case studies

How a regional banking corporation minimizes network exposure and risk by managing data instead of 57,000+ firewall rules

Our client is one of the largest banks in the ASEAN region, providing a full suite of products and services for both the retail and corporate markets, such as lending, deposit, brokering, investments, credit card, and remittances.

HM Solution Stack

Network Posture Management
Firewall Compliance Management
Firewall Posture Management

all with continuous asset management, context management, change management, and alert management

The Challenge

Network security is one of the most fundamental areas of cybersecurity for any business.  For our client with 35,000+ employees, 7,000+ network assets, and 50,000+ managed device assets, a strong network security posture is absolutely essential to operations.

Our client has more than 100 firewalls across 6 firewall management servers, and over 57,000 firewall rules. Operating network firewalls at this scale is a huge undertaking, because the rules, configurations, and usage of firewalls change all the time with business needs. With every development, test, and deployment comes changes in firewall rules and configurations.  

Over the years of organic growth, our client had collected thousands of redundant, shadowed, or misconfigured rules and policy violations — some unresolved for years, with no systematic way of prioritizing them and managing the changes and operations.

The Solution

The Human Managed platform continuously collects policy, rule, access data from the client’s firewall management servers, runs distributed pipelines of data analytics (structure, enrich, compute, etc.), to generate on-demand reports and notifications with contextualized and prioritized intel on firewall rule violations and recommendations of rule optimization.

From the same dataset, we also provide value added and related intel such as network level compliance against industry benchmarks and frameworks, at no additional cost to the client.

input

  • Data on policies, rules, and checks from network devices such as firewalls, routers, firewall controllers, and firewall managers
  • The client connected Skybox collector with the HM platform through API — zero new tools involved.

process

The Human Managed platform orchestrates 45 microservices to deliver data-driven, contextualized, and prioritized Network Security Posture Management service.

output

The client asked us for decisions and actions that would have the “biggest bang for the buck”. Intel on firewall rule violations and misconfigurations were not enough to move the needle — they wanted analysis-based directions on improving their overall network posture, and a visible way to track progress.

Insights:
network assets, firewall controls, firewall misconfigurations, network access

INTEL:
metrics and trends on overall network posture score and network compliance scores, changes to rules and configs, key performance indicators against client’s internal goals as well as external standards.

DECISION and ACTION:
Recommended steps to fix and remediate prioritized firewall rule violations.  

The Impact

20
contextualized decisions and actions from 44,000 alerts per day
100%
of business critical network resources monitored and continuously assessed for misconfigurations against always-current benchmarks, standards, and frameworks
6
months saved from deployment to operational processes
  • operational efficiency from data-driven prioritization of 44,000+ alerts per day to 20 contextualized decisions and actions to remove 40% of all firewall rule violations
  • 100% of business critical network resources monitored and continuously assessed for misconfigurations against always-current benchmarks, standards, and frameworks
  • data-driven and relational assessments of all firewall misconfigurations, enterprise-wide network posture and compliance

  • minimum savings of 3-4 hours per day of manual information consolidation, triage, prioritization of alerts, data analysis, and issue and incident management workflow
  • minimum savings of 1-2 hours per week of manual reporting (from operational to executive)
  • faster response to fix and resolve network misconfiguration and compliance issues
  • Minimum 6 months saved from deployment to operational processes (reduced time for procurement, workshop and meetings, project management, day to day operations including progress tracking)

  • improvement to overall data culture throughout the organization, as asset management, context management, change management, alert management continuously improves through data
  • improvement to overall data-driven knowledge base that is contextualized to the client’s unique profile and domain expertise, which can be applied to any other use cases in cyber, digital, and risk problems.

...and more!

Got data you want to understand?

Get your very own I.DE.A. platform today