David Amnizade, Director Northern Europe, Tufin Technologies
Introduction
Your boss steps into your office and announces: “I’ve got good news and bad news… The good news is that we’ve just acquired our largest competitor. The bad news is that we now need to manage all of their firewalls.” An increasing number of security managers are faced with the challenge of absorbing and integrating an external organization’s IT staff, their existing firewall infrastructure, and whatever data, rules and policies they had in place prior to the merger or acquisition. In some cases, security architects are asked to quickly audit an organization’s existing firewall estate, and find the potential risks contained in it as part of a due-diligence process. Once the due diligence is done and the deal is signed, IT organizations usually face a very tight schedule for the integration of the combined infrastructure.
Breaking it down
What’s the big deal merging two IT security departments from different organizations? For starters, the infrastructure may be completely different, starting with the firewall vendor. Unlike other markets, no single vendor dominates the firewall market – with main players including Check Point, Juniper, Cisco, and Fortinet, and several additional smaller vendors in the mix as well. Working with a single vendor certainly makes life easier; however, the reality is that larger organizations do not. When managing multiple vendors, it’s critical to have some way of centrally reporting, auditing and logging for all of the firewalls in order to enforce corporate-wide policies, and make sure that a tight ship is being run.
In the interest of order and easy management, some companies select a single-vendor approach and decide, over time, to replace any other firewall vendor by their vendor of choice. This approach eventually results in tight central management, but requires a long interim period of multi-vendor management, as well as the additional costs of firewall migration.
The second major challenge is integration — in addition to being a large, time consuming project, it’s a potential “can of worms” in the form of existing change processes and firewall rules. If a unique set of security policies and criteria have been developed, security/firewall administrators will need to analyze the newly inherited firewall configurations, clean up all of the holes and misconfigurations that are found, and align processes with the current standard.
Merging Firewall Estates – Step by Step Approach
Whether the merger has already taken place or is still in the due diligence phase, there are a series of steps that one can follow to ease this transition and make it as effective and smooth as possible.
1. Collect baseline audit reports that assess the health of the acquired firewalls. A good automated report will check if firewalls conform to industry best practices including recommended basic security settings and correct software versions. This is especially important if the acquired infrastructure is from a different firewall vendor than the one currently being used. An automated firewall management solution will be able to check best-practice settings for every vendor and even convert and apply settings to the new infrastructure.
2. Streamline and cleanup the acquired rule bases. To do this well, run automated Rule Usage Reports for several weeks to collect data and identify unused rules and objects – this will give a good indication on rules and objects that are no longer needed from a business perspective, and are candidates for removal (discuss this with the existing firewall team to ensure that special rules that are only used once a year aren’t deleted.)
3. Perform comprehensive risk analysis. Once there is some familiarity with the new rule bases, actively check the policy for compliance with critical elements of corporate security policy. For example – what connections are allowed from DMZ’s into internal networks? Are there any unauthenticated connections allowed from the outside? How are sensitive databases protected?
4. Maintain compliance in real time. As the firewall team makes configuration changes on a daily basis, stay on top of the changes and ensure ongoing compliance with security policies. Import the security alerts that are defined for the existing infrastructure to include the new firewalls.
5. Implement ongoing change tracking and monitoring. Extend the current tracking and reporting system to include the new firewalls and monitor them as an integral part of the security infrastructure.
Conclusion
Mergers and acquisitions usually involve business decisions that you have no control over, yet the amount of IT-related work that results from them is immense. If you’re managing firewalls for an organization that is about to merge with or acquire another company, you’re probably facing a very busy and intense period that will last anywhere from several months, to over a year. You can manage the process and simplify the transition by applying a consistent approach, and by using automated tools that will save you a lot of time and effort.
Tufin Technologies is exhibiting at Infosecurity Europe 2009, the No. 1 industry event in Europe held on 28th – 30th April in its new venue Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk
Courtesy: Infosecurity PR
<>