The Challenge
This major national bank operated a sprawling, unmanaged firewall estate of more than 50 devices spanning Cisco, Fortinet, and Palo Alto, with no NSPM toolset in place, with a single device carried 1.5 million firewall rules. Simultaneously, the bank was preparing to launch a first-of-its-kind national digital banking platform, dramatically expanding its exposure and the urgency of getting network policy under control. Mounting regulatory pressure around PCI DSS and CIS benchmark compliance, combined with a lack of centralized change monitoring or rule analysis, left the bank operating blind across its entire network security infrastructure.
The company sought to:
- Gain full visibility across a multi-vendor firewall environment with no existing NSPM foundation
- Automate PCI DSS and CIS benchmark compliance reporting ahead of regulatory scrutiny
- Identify and reduce risk across 1.5 million unmanaged firewall rules
- Support simultaneous deployment across two banking programs — the core banking operation and the new digital bank
The Solution
FireMon provided a single platform to centralize visibility, enforce compliance, and drive policy cleanup across all 50+ firewalls, regardless of vendor. Policy Manager delivered real-time change monitoring across the Cisco infrastructure, automated compliance assessments mapped to PCI DSS and CIS benchmarks, and rule analysis workflows to identify redundant, shadowed, and overly permissive policies. A structured cleanup program was initiated as the first phase of work, enabling the bank to quantify and reduce risk before the digital bank launch.
- Full visibility and centralized management across 50+ firewalls and 1.5 million rules
- Automated, framework-mapped compliance reporting for PCI DSS and CIS benchmarks
- Real-time change monitoring and detection across Cisco network infrastructure
- Rule cleanup workflows to reduce attack surface prior to the digital banking program launch
- Scalable policy management across two concurrent, distinct banking deployments
FireMon gave us the visibility and control we needed across a firewall estate we had never been able to fully see before. The compliance reporting is exactly what our auditors need, and the cleanup work has changed the way we think about managing policy long-term.
FireMon gave us the visibility and control we needed across a firewall estate we had never been able to fully see before. The compliance reporting is exactly what our auditors need, and the cleanup work has changed the way we think about managing policy long-term.
Results
- Brought 1.5 million previously unmanaged firewall rules under centralized oversight for the first time
- Established automated, audit-ready compliance reporting mapped to PCI DSS and CIS benchmark frameworks
- Detected and flagged unauthorized rule changes in real time across the Cisco infrastructure
- Reduced attack surface through structured policy cleanup ahead of the national digital banking launch
Firewalls rules brought under control
Firewalls centralized across multi-vendor environment
Vendors consolidated across Cisco, Fortinet, and Palo Alto