Client story Financial Services Firm Improves IT Security and Compliance
By Insight Editor / 16 Aug 2019 / Topics: Networking Cybersecurity
Facts at a glance
Client industry:
Financial
Size of company:
5,000-employee enterprise
Challenge:
The client needed to meet FDIC network access control compliance standards and replace its sunsetting firewall to ensure security and meet business demands.
Solution:
- Cisco Identity Services Engine (ISE)
- Cisco AnyConnect Secure Mobility Client
- Palo Alto Networks firewall
- Network access switches
- Firewall migration & post-deployment optimization
Results:
- Secured 20,000+ endpoints
- Saved $1.4 million in hardware costs
- Minimized risk
- Advanced network visibility and access control
Solution area:
Insight’s Cloud + Data Center Transformation solutions help clients improve data center availability, performance and efficiency.
A banking and wealth management services provider listed as one of America’s 100 largest banks by Forbes needed help updating its network management and security solutions. A refresh had to align with FDIC network access control and asset visibility requirements across many bank and trust locations in the U.S.
In addition to the network updates, the bank’s Juniper SRX Firewall neared its end-of-support date. A replacement would have to meet the institution’s high infrastructure security demands so it could pass regular audits.
Previous delays with the bank’s network and security updates resulted in a shortened implementation timeline. In addition, the new solution needed to authenticate, authorize and profile wired access network endpoints relied on by more than 5,000 employees daily.
The new solution needed to authenticate, authorize and profile wired access network endpoints relied on by more than 5,000 employees daily.
Finding advanced and proactive IT security
The financial firm chose Insight to help complete its network and security initiatives. Our Cloud + Data Center Transformation team worked through several challenges with the client, including:
- The accelerated execution timeline
- Provisioning certificates to the client’s endpoints for network authentication
- The need to refresh network access devices to support the access control solution
We first sought stakeholder approval of the network refresh plans by creating a proof of concept that showed various use cases in a non-production environment.
After seeing the solutions in action, the client approved deployment of eight Cisco Identity Services Engine nodes, Cisco AnyConnect Secure Mobility Client for 10,000 workstations and 200 network access switches with access control configuration.
With the network solution design chosen, we started collaborating with key stakeholders and decision-makers on an in-depth discovery process for the firewall.
We worked with the chief information officer, network vice president, managers, architects, strategists and analysts to define the business drivers and compliance requirements that would guide the decision of the firewall replacement.
Once the client made its selection, our team went to work deploying a new Palo Alto Networks firewall. We prepped, staged, configured, tested, deployed, migrated and conducted post-launch firewall optimization to achieve peak performance — and had the solution fully operational ahead of schedule.
Cost savings and optimized network
After careful planning, testing and implementation, the bank now has an FDIC-compliant network and upgraded firewall at a much lower cost.
The bank’s advanced firewall technology saved $1.4 million through data center consolidation, including a reduced firewall policy, fewer physical devices and a five-year growth forecast for firewall throughput.
The bank’s advanced firewall technology saved $1.4 million through data center consolidation.
The client is benefiting from firewall technology that’s easier to administer, as well as an improved proactive security stance based on the latest best practices. This enhances the firm’s ability to identify, protect, detect, respond and recover when faced with cyberthreats.
The organization’s refreshed network has improved visibility while enabling full control of all endpoints connected to the network. This includes preventing unauthorized devices, such as rogue network devices and removable media, from accessing the network.
The solution also automatically blocks attempted access from unpatched employee and third-party devices, as well as from unregistered devices. The advanced firewall enables easy and secure onboarding of new endpoints and identification of all users logging in to corporate assets.
In total, more than 20,000 endpoints consisting of workstations, Internet of Things (IoT) sensors and headless devices have been secured, and the client is in compliance with FDIC network security requirements.
