Cyberthreats are rapidly evolving, and it is critical for companies to employ next-generation firewalls (NGFWs) as part of their network security strategy.
See below for five case studies on how organizations across different industries are employing NGFW solutions to solve their network security challenges:
5 NGFW case studies
Finland-based VR Group is credited with sustainably managing and operating a high-speed train network since 1862.
The public enterprise had a multitude of challenges to face: average internet speed across trains, 5G integration, lower bandwidths than their European counterparts, and a lack of an off-site network management system.
“Our line of work creates unique challenges to maintaining Wi-Fi for customers and VPN for staff,” says Pasi Louko, senior network architect, VR Group.
“Due to a couple of different aspects, we were seeing internet drop for customers and operators.”
VR Group worked with Forcepoint to install a next-generation firewall and create high-speed network architecture, enabling zero-touch deployment and remote access to the IT staff for each train. With the NGFW, VR could connect with all three mobile operators simultaneously, ensuring high bandwidth and reduced network drops.
“Our costs — both for the project and maintenance — are going down, because we don’t need resources locally — we have centralized everything,” Louko says.
“If we want a new service on a train, we define the policy and then give the hardware to the operator, who installs it. It’s that simple. We had the firewall in a train that was offline for two weeks sitting in -15 degrees Celsius temperature, and the NGFW started right up along with the train.”
Next-generation firewall provider: Forcepoint
- Secured network connectivity of high-speed trains and managing 200 megabytes per second (MBps) of data transfer
- Led to lower overhead and VPN costs
- Reduced downtimes and secured connections across 100+ router cabins
- Enhanced capacity, reaching 22.8 gigabytes per second (GBps), up from 3 GBps
- Provided company-wide encryption for internal operations
Brazil-based Pague Menos is one of the country’s largest pharmacy retail chains with 1,600 stores and over 25,000 employees.
During the pandemic, Pague decided to go digital and opt for a hybrid strategy to fetch more customers and retain existing ones.
“Back in 2016, we had more than 900 stores,” says Afro Vasconcelos of Pague Menos.
“It was getting hard to depend on two internet service providers, and if they did not have an operation in a specific city, we could not have it either.”
These erratic service incidences as well as multiprotocol label switching (MPLS) links, limited bandwidth, and frequent network drops led to Pague installing an NGFW for growing needs. Without a firewall, Pague user services were limited to mostly credit card payments and an internet speed of 64K bits per second.
“As early as 2016, we envisioned a store with more applications, the ability to track sales with a dashboard, and online sales in the future,” Vasconcelos says. “That network would not support this demand.”
Fortinet’s Secure SD-WAN and FortiGate Next-Generation Firewalls fortified Pague’s security at all physical locations. Their integration with Fortinet FortiAP ensured Wi-Fi access for all customers and Pague employees. Moreover, a FortiManager integration ensured unified and centralized administration of Pague’s entire network.
“Now, customers have access to the nearly 1,000 pharmaceutical offices, Clinic Farma for health care support, laboratory tests, vaccinations, or to join plans and benefits available through agreements and partnerships,” Vasconcelos says.
“With an omnichannel structure, customers can buy the way they want and receive their products wherever they prefer. Buyers have facilities: such as Click & Collect, where consumers buy online and opt to pick up the items in a store; Infinity Shelf, which delivers to customers’ homes, free of charge, any product they cannot find in the store; lockers; telesales.
“Our physical business has become increasingly digital. Our services depend on the proper performance of the network. Laboratory tests, for example, are all real-time. Our NGFW made this all possible.”
Next-generation firewall provider: Fortinet LAN Edge, Secure SD-WAN, FortiADC, and FortiManager
- Digitization of Pague’s retail services to customer’s doorstep — 60 new services added
- Unrestricted internet access across Pague’s physical stores
- Secured VoLTE telephone assistance under Special Medication Service
- Real-time lab tests and data analysis
- Centralized threat reporting and incident log management
- Hassle-free addition of another 400 stores across Brazil
Bausch Health is a medical manufacturer with over 15,000 employees across over 150 sites.
Bausch had an aging firewall infrastructure, leading to low bandwidth and visibility across the 150 distributed work sites.
With Cisco’s NGFW, Bausch created a policy hierarchy across locations with an intrusion prevention system (IPS), anti-malware, and URL filtering.
The process worked three ways: ensure security compliance across geographies, discover threats before they hit the Bausch systems, and remediate breaches that already happened.
The NGFW came with increased visibility to not just malware or web applications, but also covered voice over Internet Protocol (VoIP) phones, routers, operating systems (OSs), client devices, and network servers.
The Firepower management center automated impact assessment for Bausch while scaling multi-tenancy and creating role-based management based on both access and attributes.
Next-generation firewall provider: Tesrex, Cisco Firepower, and Cisco Next-Generation Firewalls
- Enhanced throughput capability up to 80 Gbps
- Centralized device management through the Cisco Firepower management console
- Better threat visibility and automated log checking after threat detection
- Real-time data analytics for better anomaly detection and decision making
Colorado-based ENT Credit Union has over $5.7 billion in assets, 30 service centers, and 355,000 members. The organization is known for their customer-centric ENT Extras cash rewards mechanism.
ENT’s issues weren’t purely financial or compliance-based but lied in ensuring remote privacy to their customer data and assets. While the credit union already had Check Point Firewalls for bank network security, internal traffic management was still a pain point for IT staff.
“We needed to replace an east-west monitoring solution that wasn’t giving us adequate visibility,” says Scott Perry, IT security architect, ENT Credit Union.
“Without the ability to see into east-west traffic, we can’t identify anomalies that would signal a possible attacker. We needed a better solution.”
The Check Point NGFW ensured maximum uptime for ENT, with advanced threat detection software for zero-day attacks. Check Point upgraded ENT’s hardware by optimizing them per data center requirements. The Check Point data center integration also supported large ENT traffic volumes and Secure Sockets Layer (SSL) encryption.
“The Check Point firewalls are acting as IDS sensors for our internal traffic,” Perry says.
“We don’t want to stop east-west traffic, but we want to watch everything and be alerted when anything suspicious occurs. The ability to monitor internal traffic is vital for us to protect our members’ information. If a malicious actor comprises a single workstation and tries to move money or information, we’ll know it.”
Next-generation firewall provider: Check Point Quantum NGFW and Check Point R80
- Greater visibility into network traffic
- Accelerated threat detection and remediation
- Increased operational efficiency based on higher visibility into traffic
- A firewall with a unified console
Globe Telecom is one of the Philippines’ largest mobile operators and needs to constantly upgrade its security infrastructure.
Previously, Globe had a legacy firewall architecture with Layer 4 protection. Siloed security and mismanagement of vendors for their tech needs also hampered Globe’s efficiency. The company was looking for a solution with a specialization in customer data.
Globe deployed the Palo Alto Networks’ NGFW as a perimeter security software with special attention to cloud security — microsegmentation, Cloud Workload Protection, and Cloud Security Posture Management (CSPM).
Palo Alto helped Globe remove both operations and infrastructure complexities, along with offering Layer 7 firewalls and filtering. The virtual firewalls were mostly automated, helping Globe to free IT staff from manual work logs.
The NGFW also ensured rapid integration with third-party vendors, endpoint security, and business agility through best industry practices.
Next-generation firewall provider: Palo Alto Networks
- Enhanced cloud security
- Hassle-free 5G rollout and expansion across the Philippines
- Successful management of fintech transactions of up to 1 trillion pesos and over 1,000 cloud accounts
These case studies show examples of next-generation firewalls being used in various industries: rail; retail; medical; banking; and telecommunications.
Clients selected a range of providers in the NGFW market for the implementations: Forcepoint; Fortinet; Cisco; Check Point; and Palo Alto Networks.
Together, the organizations’ NGFW solutions improved numerous aspects of their networks:
- Network connectivity
- Network downtime
- Network capacity
- Network throughput
- Network threat visibility and reporting
- Network traffic insights
- Cloud security
- Digital transformation of client services and internal operations