Cyberthreats are rapidly evolving, and it is critical for companies to employ next-generation firewalls (NGFWs) as part of their network security strategy.
See below for five case studies on how organizations across different industries are employing NGFW solutions to solve their network security challenges:
5 NGFW case studies
Finland-based VR Group is credited with sustainably managing and operating a high-speed train network since 1862. The public enterprise had a multitude of challenges to face: mediocre internet speed across trains, 5G integration, lower bandwidths than its European counterparts, and a lack of an off-site network management system.
“Our line of work creates unique challenges to maintaining Wi-Fi for customers and VPN for staff. Due to a couple of different aspects, we were seeing internet drop for customers and operators,” said Pasi Louko, senior network architect at VR Group.
VR Group worked with Forcepoint to install a next-generation firewall and create high-speed network architecture, enabling zero-touch deployment and remote access to the IT staff for each train. With the NGFW, VR could connect with all three mobile operators simultaneously, thus ensuring high bandwidth and reduced network drops.
“Our costs — both for the project and maintenance — are going down because we don’t need resources locally, we have centralized everything,” said Louko. “If we want a new service on a train, we define the policy and then give the hardware to the operator, who installs it. It’s that simple.
“We had the firewall in a train that was offline for two weeks sitting in −15 degrees Celsius temperature, and the NGFW started right up along with the train.”
Next-generation firewall provider: Forcepoint
- Secured network connectivity of high-speed trains and managing 200 megabytes per second (MBps) of data transfer
- Led to lower overhead and VPN costs
- Reduced downtimes and secured connections across 100+ router cabins
- Enhanced capacity reaching 22.8 gigabytes per second (GBps), up from 3GBps
- Provided company-wide encryption for internal operations
Brazil-based Pague Menos is the country’s second-largest pharmacy retail chain with 1,600 stores and 25,000+ employees. During the COVID-19 pandemic, Pague decided to go digital while opting for a hybrid strategy to fetch more customers and retain existing ones.
“Back in 2016, we had more than 900 stores. It was getting hard to depend on two internet service providers [ISPs], and if they did not have an operation in a specific city, we could not have it either,” said Afro Vasconcelos of Pague Menos.
These erratic service incidences coupled with multiprotocol label switching (MPLS) links, limited bandwidth, and frequent network drops led to Pague installing an NGFW for growing needs. Without a firewall, the Pague user services were limited to mostly credit card payments and an internet speed of 64K bits per second.
“As early as 2016, we envisioned a store with more applications, the ability to track sales with a dashboard, and online sales in the future. That network would not support this demand,” said Vasconcelos.
Fortinet’s Secure SD-WAN project and FortiGate Next-Generation Firewalls fortified Pague’s security at all physical locations. Its integration with Fortinet FortiAP ensured Wi-Fi access for all customers and Pague employees. Moreover, the FortiManager integration ensured unified and centralized administration of Pague’s entire network.
“Now, customers have access to the nearly 1,000 pharmaceutical offices, Clinic Farma for healthcare support, laboratory tests, vaccinations, or to join plans and benefits available through Agreements & Partnerships,” said Vasconcelos. “With an omnichannel structure, customers can buy the way they want and receive their products wherever they prefer. Buyers have facilities such as ‘Click & Collect,’ where consumers buy online and opt to pick up the items in a store; ‘Infinity Shelf,’ which delivers to customers’ homes, free of charge, any product they cannot find in the store; lockers; telesales.
“Our physical business has become increasingly digital. Our services depend on the proper performance of the network. Laboratory tests, for example, are all real-time. Our NGFW made this all possible.”
Next-generation firewall provider: Fortinet LAN Edge, Secure SD-WAN, FortiADC, and FortiManager
- Digitization of Pague’s retail services to customer’s doorstep — 60 new services added
- Unrestricted internet access across Pague’s physical stores
- Secured VoLTE telephone assistance under Special Medication Service [AME]
- Real-time lab tests and data analysis
- Centralized threat-reporting and incident log management
- Hassle-free addition of another 400 stores across Brazil
Bausch Health has a reputation of catering to 15,000 employees, 150 sites, and 100+ clientele. Bausch had an aging firewall infrastructure, leading to low bandwidth and visibility across the 150 distributed work sites.
With Cisco’s NGFW, Bausch created a policy hierarchy across locations to weed out IPS, malware issues, and URL filtering. The process worked three ways: ensure security compliance across geographies, discover threats before they hit the Bausch systems, and remediate breaches that already happened. The NGFW came with increased visibility to not just malware or web applications but also covered voice over Internet Protocol (VoIP) phones, routers, operating systems (OSs), client devices, and network servers.
The Firepower management center automated impact assessment for Bausch while scaling multi-tenancy and creating a role-based, from access- and attribute-based management.
Next-generation firewall provider: Tesrex, Cisco Firepower, and Cisco Next-Generation Firewalls
- Enhanced throughput capability up to 80Gbps
- Centralized device management through the Cisco Firepower management console
- Better threat visibility and automated log checking after threat detection
- Real-time data analytics for better anomaly detection and decision-making
Colorado-based ENT is already applauded by Forbes for its credit efforts. With $5.7+ billion worth of assets, 30+ service centers, and more than 355,000 members, ENT is known for its customer-centric ENT Extras cash rewards mechanism and community-driven credit union.
ENT’s issues weren’t purely financial or compliance-based but lied in ensuring remote privacy to its clientele data and assets. While the union already had Check Point Firewalls for bank network security, internal traffic management was still a pain point for IT officials.
“We needed to replace an east-west monitoring solution that wasn’t giving us adequate visibility. Without the ability to see into east-west traffic, we can’t identify anomalies that would signal a possible attacker. We needed a better solution,” said Scott Perry, IT security architect at ENT Credit Union.
The Check Point NGFW ensured maximum uptime for ENT, with advanced threat detection software for zero-day attacks. Check Point also upgraded ENT’s hardware by optimizing them as per the data-center requirements. On top of that, the Check Point data center integration offered enough power for ENT to contain large traffic volumes and Secure Sockets Layer (SSL) encryption.
“The Check Point firewalls are acting as IDS sensors for our internal traffic. We don’t want to stop east-west traffic, but we want to watch everything and be alerted when anything suspicious occurs,” said Perry. “The ability to monitor internal traffic is vital for us to protect our members’ information. If a malicious actor comprises a single workstation and tries to move money or information, we’ll know it.”
Next-generation firewall provider: Check Point Quantum NGFW and Check Point R80
- Greater visibility into network traffic
- Accelerated threat detection and remediation
- Increased operational efficiency based on higher visibility into traffic and a firewall with a unified console
Globe Telecom is The Philippines’ largest mobile operator; and owing to its position in the domestic telco market, Globe needs to constantly upgrade its security infrastructure. Previously, Globe had a legacy firewall architecture with Layer 4 protection. Moreover, siloed security and mismanagement of vendors for its tech needs hampered Globe’s efficiency. The company was looking for a solution with a specialization in customer data and found Palo Alto.
Globe deployed the NGFW as a perimeter security software with special attention to cloud security — microsegmentation, Cloud Workload Protection, and Cloud Security Posture Management (CSPM). Palo Alto helped Globe to remove both operations and infrastructural complexities, along with offering Layer 7 firewalls and filtering. The virtual firewalls were pretty much automatable, thus helping Globe to free its IT staff from manual work logs.
The NGFW also ensured rapid integration with third-party vendors, endpoint security, and business agility through best industry practices.
Next-generation firewall provider: Palo Alto Networks
- Enhanced cloud security
- Hassle-free 5G rollout and expansion across The Philippines
- Successful management of fintech transactions of up to 1 trillion pesos and 1,000+ cloud accounts