Choosing the right firewall solutions is an essential part of optimal corporate network security.
However, achieving this network security goal is not always straightforward. This requires looking at the needs of the entire network and the threats it faces or is likely to encounter in the future.
Often the solution is to partner with a network service provider that has specialized firewall solutions.
See below for five case studies of how organizations across different industries are using firewall solutions:
1. Malta Information Technology Agency
The Malta Information Technology Agency (MITA) is the central agency that provides all IT services for the Maltese government.
Their responsibility requires achieving a huge networking feat, since the infrastructure includes 600 government offices. Policymakers realized they needed to improve their cybersecurity posture, especially as government offices and resident information are increasingly common targets of attacks.
One of the goals was to reduce the operational work associated with the organization’s network services team by enabling centralized firewall management. The executives chose Fortinet as their service provider, through local Fortinet partner ICT, and implemented several firewall-related solutions.
FortiGate 1500D and 1000D firewalls, configured for high availability, were installed in both MITA data centers. Next, executives chose FortiGate 300D, 90D, 300E, and 60E firewalls for the approximately 600 locations with high-speed or fiber internet.
The organization deployed central management tools FortiAnalyzer and FortiManager to find and deal with threats faster and check the status of any firewalls within the network. A FortiGuard threat intelligence solution also enables firewalls to deal with new and zero-day cybersecurity intrusions.
“To ensure adequate protection, we must be at the forefront of cybersecurityand Fortinet solutions give us the advanced features we need,” said Raymon Mangion, network services manager, MITA.
Robert Galea, head of infrastructure services at MITA, also recognizes how well these firewall upgrades fit into organizational ideals.
“The advanced functionality of FortiGate firewalls helps us protect the services the Maltese government relies on and the data the citizens of Malta entrust to us,” says Galea.
Firewall products: Fortinet FortiGate Next Generation Firewall (NGFW), FortiGuard, FortiManager, and FortiAnalyzer
- Improves government security posture on a national network
- Simplifies network management and troubleshooting
- Provides better visibility and control with centralized tools
Nihondentsu is a Japan-based information and communication technology (ICT) consulting firm with over five decades of experience assisting clients with their digital transformation projects.
The nature of the work demands that Nihondentsu evolve to modernize the technology solutions they use internally. Problems arose with an outdated virtual private network (VPN) solution the company was using to give people working in its 18 offices access to the data they needed.
“The situation was difficult. We recognized the urgency need to replace VPN routersbut we had to look at the problem from several angles,” says Hiroshi Ainaka, Head of Network Group Technical Department at Nihondentsu.
“The challenge was not just to improve access response, but to ensure that security was strong, post-deployment management and operation would be easy, and cost-performance was appropriate. “
The company selected the 700-series next-generation firewalls and an accompanying appliance from Check Point to solve this problem and achieve other organizational goals. The benefits were evident after installation.
Firewalls have improved the responsiveness of Internet connectivity and networking, due to the faster access responses associated with VPN locations and servers at corporate headquarters. Firewalls also enhance network security with comprehensive visibility and enhanced monitoring, making it easier to check for known and unknown threats.
Check Point solutions provide enterprise-wide protection against cyberattacks that work with one-click activation. In addition, the accompanying 700 series appliance offers customized and automated reports.
“We managed to set up a secure, smooth and stress-free network environment,” says Ainaka. “But we’re also aware that major threats lurk in places you wouldn’t expect.
“Security diagnostic reports provide an automated, detailed account of the types of attacks that occurred, when they were carried out, and how they were prevented. It gives me great peace of mind. The reports testify to the strong defense put in place against these attacks.
Industry: ICT consulting
Firewall products: Check Point 700 Series Next Generation Firewall, Check Point 700 Series Appliance
- Provides the scalability needed to grow a business
- Improves threat prevention and overall cybersecurity across the organization
- Simplifies security management by improving visibility
3. SIX Group First
Companies handling financial data are exposed to an increased risk of cyberattacks. Decision makers at SIX Group First understand this well when they operate the Swiss financial market infrastructure, which includes around 150 member banks, and process securities trading, clearing and settlement, financial information and payment transactions.
SIX Group First dealt with several firewall challenges. One was that changes to firewalls had to be done manually, which was time-consuming.
The organization’s employees wanted to improve firewall management without compromising security policies. After researching various solutions, including considering developing an in-house solution, the decision makers chose Tufin SecureApp.
“Our firewall team was continually challenged by the ever-increasing risk of attacks, and needed advanced tools to detect and mitigate the risk,” says Christoph Littwin, Head of Telecommunications, SIX Group First.
“While we needed to ensure that our security policy was implemented without compromise, applications were, and still are, the lifeblood of our organization.
“SecureApp works well for us because not only does it flag all unnecessary network access requests for apps, but it actively creates a cleaner, more reliable firewall policy. And because that data is continually updated and personalized automatically, we are confident that our process is optimized and potential threats have been kept to a minimum.
Industry: Financial services
Firewall products: Tufin SecureApp
- Increases operational efficiency and streamlines processes
- Improves network security
- Improve compliance
4. Vorarlberg University of Applied Sciences
Vorarlberg University of Applied Sciences is an Austrian university that has created a digital factory on its campus. The factory took care of the manufacturing of the fidget spinners and followed the best practices to secure the installation. The real-world example helped students prepare for fabrication work.
The organization deployed multiple Barracuda CloudGen firewalls to enhance factory security, which enabled a networking strategy in which the digital factory remained separate from the university’s main infrastructure.
Additionally, a CloudGen Firewall F600 ensured that only authorized parties could access digital assets within the plant. They did this by connecting through VPNs. Additionally, the network approach involved segmenting two assembly robots with a CloudGen Firewall F183R, due to their potentially increased vulnerability to cyberattacks.
Members of the organization also determined that by installing a CloudGen firewall in Layer 2 bridge mode, they could secure production facilities without adjusting the network topology.
“Our factory is managed by cloud-based control systems, which we are constantly improving with our partners. This securing of our systems at the highest technical level is a must-have,” says DI Robert Merz, Director of the Digital Factory Research Center, Vorarlberg University of Applied Sciences.
“With Barracuda Networks, we have found a partner that allows us to operate our factory out of the cloud without any worries and with low maintenance costs.”
Industry: Education and manufacturing
Firewall products: Barracuda CloudGen Firewall, Barracuda Secure Connector, Barracuda Secure Access Controller and Barracuda Firewall Control Center
- Achieving complete isolation of a digital factory from the rest of the university
- Improved security, so that only authorized parties can access the factory
KUKA offers its customers a one-stop-shop for everything related to automation, from robots to networking solutions.
However, the company needed to tighten its network security, due to the increasing number of application-layer attacks that restricted functionality and access to its corporate website. Before finding an appropriate technology solution, the company’s IT team manually detected and mitigated all these threats, which took a lot of time and work.
Every outage at KUKA has impacted the business, according to Alexander Bronnhuber, IT services manager for digital marketing, application lifecycle management and production IT, KUKA.
“Every hour that our website is down, we losing a considerable amount of leads that do not go to our CRM system. While it doesn’t impact production, it hurts our marketing and customer experience,” says Bronnhuber.
There has also been a significant impact on cybersecurity proactivity.
“With Cloudflare, we actually see more attacks, because Cloudflare picks up low-level attacks that we missed before,” says Christian Fürst, project architect, KUKA.
Bronnhuber agrees by quantifying the approximate number of hours saved per week that people at the company can devote to other things.
“We work in three-week sprints, and we would sometimes spend a week of time per sprint mitigating attacks. Now, maybe twice a month, we see an attack that requires someone to manually block an IP address in the Cloudflare dashboard,” says Bronnhuber.
Industry: Automated Technology
Firewall product: Cloudflare Web Application Firewall (WAF)
- Saved more than a dozen hours per week, thanks to improved incident response times
- Gain visibility into never-before-seen attacks by enabling automated data collection and threat detection