Compliance, Visibility & Vendor Consolidation

The Challenge

The rapid growth in the company’s user base during the COVID-19 Pandemic exposed security issues that drew regulatory attention by the US Federal Trade Commission (FTC). That resulted in a settlement with orders to comply with security guidelines. They were required to establish an information security program within 60 days, then 180 days after that had to perform a complete third-party security assessment.

The company sought to:

• Identify and document firewall policy rules across their Palo Alto, AWS, and Azure environments
• Standardize and automatically deploy a single-set of approved firewall rules across all enforcement points
• Automate their manual and time-consuming compliance reporting processes
• Assess compliance violations of proposed policy rule changes before they were deployed

The Solution

The company purchased and implemented the entire FireMon portfolio to meet their current project needs and support their future plans to better manage network security policies spanning their complex hybrid-cloud environment. FireMon’s visibility, controls, and change automation fulfilled every technical requirement and delivered the assessments and reporting necessary to meet their compliance needs.

• Unified their entire on-premises and cloud environment into a single management console
• Customizable compliance assessments and automated reporting
• Standardization, optimization, and automatic deployment of policy rule changes
• Automated rule certification workflows and pre-change violation assessment

Results

• 100% compliance with the FTC mandate in less than 60 days
• Complete visibility into risk and compliance across on-premises data centers and cloud
• Compliance reports that took a week now only take a couple of days
• Vendor cost reduction by leveraging Risk Analyzer insights to eliminate a risk analysis point solution