Multi-Vendor Visibility and Automated PCI Compliance for a North American Retail Giant

The Challenge

After years of relying on an incumbent NSPM solution, this organization’s security team reached a breaking point. Their existing tool had failed to keep pace with Palo Alto device upgrades, leaving a significant portion of their environment invisible and unmanaged. Attempts to use the platform for change automation, a primary reason for the original purchase, never succeeded. And when it came to firewall object normalization and rule-level usage data, the solution simply could not deliver, making meaningful policy cleanup impossible.

The company sought to:

• Replace a failing NSPM solution that could not normalize Palo Alto devices or surface object-level rule usage for cleanup.
• Gain complete, real-time visibility across a hybrid environment spanning Cisco ASA/Firepower, Palo Alto, Meraki, and AWS.
• Automate PCI compliance reporting that previously consumed weeks of skilled staff time.
• Implement end-to-end change automation, from request through decommissioning, integrated with their existing workflows.
• Reduce policy bloat by identifying and removing unused, shadowed, and overly permissive rules.

The Solution

With FireMon in place, the organization replaced blind spots with complete multi-vendor visibility and transformed manual, error-prone processes into automated, continuous workflows, all without requiring professional services to configure core compliance capabilities.

• Delivered real-time visibility and policy normalization across all Palo Alto, Cisco ASA/Firepower, Meraki, and AWS environments, including devices the previous solution could not reach
• Native Illumio integration extended microsegmentation visibility within FireMon’s policy framework, supporting the organization’s broader zero trust initiative.
• Surfaced rule-level object usage data, enabling the team to identify and remove unused, risky, and redundant rules, the cleanup capability their prior solution could never provide.
• Automated the full change lifecycle, with request, design, review, implementation, and decommissioning, and pre- and post-deployment compliance checks eliminating manual handoffs and backlog.
• Out-of-the-box PCI compliance reporting replaced a weeks-long manual audit process with on-demand reports produced in minutes.

Results

• Full visibility across the entire multi-vendor environment, including Palo Alto devices the previous solution could not support.
• PCI compliance reports produced in minutes, freeing skilled staff from weeks of manual audit preparation.
• End-to-end change automation eliminated rule backlogs, rework, and misconfiguration risk across hundreds of weekly change requests.
• Object-level rule usage data enabled systematic policy cleanup that had been unachievable with the previous NSPM solution.
• Foundation established for ServiceNow integration and Illumio microsegmentation expansion as the environment grows.