© A

xial 2019 | ww

w.axial.co.uk

Sky UK Case Study

Major UK media company unifies security policy management for entire network.

Primarily known as the largest pay-TV provider in the UK, this Telecomms/media company also provides broadband Internet, fixed line and mobile ‘phone services to more than 11 million domestic and business customers

© A

xial 2019 | ww

w.axial.co.uk

02

The Challenge:

Maintaining the security of the company’s network and of its subscribers is paramount but, with over 300 physical and virtual firewalls and 800 routers, this has become a near impossible task to achieve manually for a number of reasons such as:

• Lack of visibility into security device interconnections• The sheer volume of change requests – typically 70% of daily

workload• Inconsistent security policy across the estate due to the dynamic

nature of the business

Further difficulties such as inconsistent communications between business units mean that changes can take days or even weeks to understand clearly before implementation. As a consequence of such delays, PCI compliance could be compromised – potentially leading to legislative action.

It very quickly became clear that a rationalisation of security policy coupled with a sophisticated change management system was the way forward. Furthermore, any solution had to demonstrate significant reductions in man hours required to implement changes through automation.

The Solution:

Axial proposed a product suite consisting of AlgoSec Firewall Analyzer to optimize the firewalls and AlgoSec Fire Flow to automate and track the change process.

Out of the box, Firewall Analyzer provided numerous valuable functions such as a fully interactive network topology map and visibility of unused, duplicate, overlapping or expired security rules.

The ability to consolidate and reorder those rules and provide pre-populated, audit-ready compliance reports – automatically – ticked a number of other boxes for the company. Continuous monitoring of devices against configuration baselines minimized any risk of exploit.

In addition, Firewall Analyzer simplified the process of defining and enforcing network segmentation by confirming the existing network security policies did not violate the network segmentation strategy or block critical business services.

The second part of the solution – Fire Flow – built on the functions of Firewall Analyzer by providing an automated workflow from planning to resolution – a true zero-touch security policy change management system. The workflow is fully automated and provides a complete audit trail of any approval steps required, when they were approved and by whom.

Automatic discovery of all devices and rules which are impacted by a change request allowed Fire Flow to determine if the change was really necessary and thereby reduce complexity. This function in itself significantly reduced the time to analyze and implement a change request compared to the manual process previously in place.

The Benefits:

The deployment of both Firewall Analyzer and Fire Flow provided a number of benefits to the company but some of them were not immediately obvious. For example, during the Proof of Concept stage,

it was discovered that some core firewalls were configured with around 60,000 rules but less than 10% of them were actually doing anything. By removing the unnecessary rules, the performance of these firewalls was dramatically improved thus extending their serviceable life and removing the need to upgrade them.

All of the challenges the company had were dealt with successfully. The visibility aspect, especially the toplogy map, meant the company could easily see and understand how devices were connected and how the security rules worked across the estate in near real-time. This was particularly useful to obtain a consolidated view of the physical, virtual and Cloud parts of the security network.

Probably the most significant benefit came by automating the change management workflow. A direct comparison was made between Fire Flow and the traditional manual method of implementing a change. The results were startling – a reduction from 11 hours to 1 hour start to finish – a more than 90% reduction in man-hours required.

Finally, the solution was able to consolidate all the security rules across the entire hybrid estate thus ensuring a consistent, error-free system that easily copes with new service roll-outs on-demand.

Why Axial?

Through Axial’s long standing relationship with company, they were able to demonstrate a deep understanding of the business requirements, current situation and desired outcomes.

The gap analysis provided led to a very specific technology choice and Axial’s strong relationship with the recommended Vendor ensured that the success criteria for the Proof of Concept were clearly defined and understood.

The expertise demonstrated in deployment and configuration of the overall solution validated the choice of both Axial and AlgoSec to deliver against the company’s requirements.

© A

xial 2019 | ww

w.axial.co.uk

03