Skybox Firewall Assurance, Skybox Network Assurance and Skybox Vulnerability Control for US Bank

CUSTOMER PROFILE Ranked as one of the best banks in America by Forbes magazine, our high–tech commercial banking customer had a large, complex and distributed IT environment supporting more than 1,600 employees and 34 locations worldwide. CHALLENGES

• Risk analysis around the latest technology, including virtualization and next–generation firewalls

• Continuous compliance with financial industry regulatory standards

• Manual processes draining limited IT resources

RESULTS

• One-week deployment for quick insight to IT architecture, risk and controls

• Continuous compliance and on-demand, substantive reports

• Prioritized risk management

• Automated daily reporting on best practices

By embracing innovation, the bank had established a leadership position in the industry. “Over the past five years, innovation has really been the biggest challenge that we’ve observed in the financial industry,” said the bank’s director of IT security. “We have to be able to control and access the data as well as assign attributions.” When the IT security team deployed Palo Alto Network’s (PAN) next-generation firewalls, the risk management solution in place couldn’t keep up. The IT security team lacked network visibility and could not provide an accurate picture of their network assets or risk exposure. With limited IT resources, the bank needed to find a security management solution that could automate routine tasks. The bank also sought robust compliance support, including best practices checks, network and vulnerability analysis and complete support for PAN security. SCOPE AND SELECTION CRITERIA The bank was looking for a solution that could keep up with the complexities of virtualization and next-generation firewalls. It also needed support to maintain continuous compliance. And, where IT staff were bogged down with administering routine tasks, it was critical to implement automation to free up scarce IT resources. After a proof-of-concept (POC) trial with Skybox™ Security, the bank quickly implemented Skybox Firewall Assurance, Skybox Network Assurance and Skybox Vulnerability Control to meet these needs. DEPLOYMENT During the POC trial, the bank conducted a thorough review of the Skybox Security Suite, including next-generation firewall integration analysis. Once the organization selected Skybox to provide security analytics for their network, implementation was quick and easy. The bank simply rolled over the POC to production, and implemented the three selected modules within a week. Maintaining Continuous Compliance Compliance was a primary focus during the customer’s selection process. Skybox’s robust compliance reporting along with the ability to compare the current network configurations against an approved baseline was a major differentiator. “In the financial sector, maintaining compliance is mandatory,” said the director. “There are many regulations that we have to follow, and Skybox enables us to deliver on-demand reports to our auditors that prove that we’re compliant. The solution also allows auditors to validate results against our baselines, and baseline comparisons are critical to showing that our networks are secure.” Increasing Network Visibility and Control In addition to compliance reporting, the customer also chose Skybox for effective risk reporting capabilities. Even if the information is accurate, huge amounts of risk data is unmanageable. Skybox helped the bank identify a shortlist of actionable information to address the most critical risks. Using Skybox, the security team set up best practice checks for their existing platforms and reporting to ensure that all changes met best practice requirements. With automation, they could easily run daily reports—even with limited resources—so information is always up-to-date and the network stays secure. Network teams also used Skybox to analyze data flows when troubleshooting. The customer turned to Skybox and its reporting capabilities to keep security management processes on track. “We like to product trend reports to show where we’ve been, where we’re going and where we expect to be in the near future,” said the director. “Skybox really helps us deliver these reports.” Modernizing Technology and Security Processes When next-generation firewalls introduced even more complexities to an already large and complicated firewall estate, the customer’s existing solution and other vendors couldn’t rise to the challenge. The sophistication of Skybox’s analytics-based platform and in-depth risk analysis gave them the ability to modernize their network troubleshooting and risk reduction processes.
“Next-generation firewalls introduce a new complexity into our environment. Many competitors that we worked with just cannot keep up with innovation. Skybox, on the other hand, really worked with us, understood our environment, and tackled innovation and virtualization head-on.” ABOUT THE SOLUTION The customer deployed three modules of the Skybox Security Suite—Firewall Assurance, Network Assurance and Vulnerability Control. Firewall Assurance was able to bring all firewalls into a single view and continuously monitor policy compliance, optimize firewall rulesets and finds attack vectors that other solutions missed. With Network Assurance, the customer illuminated complex security zones and policy compliance violations, giving them the insight they needed to  reduce attack vectors and network disruptions. The addition of Vulnerability Control allowed them to improve risk management, employing security analytics to quickly identify exposures and prioritize risk as well as remediation in the context of their network. RESULTS After just one week, the commercial bank had a level of network visibility and control that they never had before. With meaningful compliance reports and validated security intelligence, they were better able to support audits and reduce their attack surface. Skybox gave them a comprehensive and accurate view of their network and its risks.