One of the world’s largest financial services firms embarked on a massive IT automation initiative several years ago. The organization has trillions of dollars and hundreds of thousands of employees spread across countries around the world. In order to improve staff productivity and reduce costs, it wanted to streamline infrastructure management by automating processes wherever possible.
At the same time, the bank was upgrading its security architecture. After a rigorous proof of concept, it selected FortiGate next-generation firewalls (NGFWs) to protect its many data centers. Decision-makers liked the depth of integration with Red Hat Ansible, a tool the institution had deployed to automate software provisioning and configuration. They also appreciated Fortinet’s ability to scale efficiently to support the bank’s centralized network, which is one of the largest of its kind in the world. Additional reasons for choosing the FortiGate NGFWs were their exceptional performance and manageability.
The bank began deploying FortiGate NGFWs in data centers across three geographic regions: Europe, the Middle East, and Africa (EMEA); Asia-Pacific (APAC); and North America. Its pre-purchase financial analysis indicated that the project will provide a return on investment (ROI) of $100 million in cost savings and productivity gains over five years.
The rollout is still in its early days, but the bank will soon have hundreds of FortiGate NGFWs protecting systems around the world. The benefits are already accruing, primarily from improved security manageability. The technology making this possible is the Fortinet Fabric Management Center, a combination of the FortiManager network management solution and the FortiAnalyzer analytics and log management solution.
Drastically Improved Efficiency for Firewall Management
In each geographic region where the bank operates, staff manage FortiGate NGFWs through a high-availability (HA) cluster of FortiManager appliances, as well as high-availability FortiAnalyzer devices. More than 100 engineers work with FortiManager on a regular basis to manage every facet of the security infrastructure lifecycle, from design and implementation to operations and auditing of the FortiGate estate.
The new security infrastructure represents a significant upgrade over the solution it is replacing. The bank’s legacy firewalls enable centralized management, but it is highly inefficient. Changes often take days to propagate throughout the firm’s data centers, so it is impossible to ensure they complete within specified maintenance windows. Even small updates may encroach on production hours, degrading performance or requiring downtime.
FortiManager, by contrast, enables more efficient management of the NGFWs. An update that takes 48 hours to distribute with the legacy management solution requires less than an hour with FortiManager.
Automation Enables No-Touch Firewall Deployment
In pursuit of its companywide IT objectives, the financial institution is fully leveraging the Fortinet solutions’ automation capabilities. FortiManager uses the Fortinet robust representational state transfer (REST) application programming interface (API) to automate every aspect of firewall management. For example, when the bank needs to roll out a new FortiGate NGFW, local staff connect the appropriate cables. From there, the Fabric Management Center solutions take over, and installation requires no further human touch.
The Fortinet REST API enables a newly connected firewall to communicate with the region’s FortiManager cluster. FortiManager automatically runs scripts that configure settings and distribute policies to the new firewall, depending on the geographic region and type of device. FortiManager connects the NGFW into the bank’s various reporting systems, including FortiAnalyzer. Moving forward, FortiManager provides automated management, including all routine firmware updates and maintenance.
The elimination of manual intervention in system rollouts reduces configuration and deployment mistakes. It also saves a significant amount of staff time whenever a new NGFW is deployed and reduces the length of time required to provision new resources, which minimizes the bank’s time to market. Finally, the automated provisioning is saving the institution from paying local service providers to stage hardware in different parts of the world, resulting in accelerated deployment of new resources.
Streamlined Integration of Analytics Across the Institution
As a major global financial institution, the bank faces a vast array of regulatory compliance requirements. It monitors security events across dozens of applications companywide using a solution it developed in-house. The solution meets the bank’s needs and incorporates data from all its legacy firewalls. When the firm deployed FortiAnalyzer, therefore, integration with this in-house solution was key.
Fortinet engineers connected FortiAnalyzer with the pre-existing in-house solution. Now, log data from the FortiGate NGFWs is incorporated into the institution’s single-console oversight of all its security solutions.
$100 Million Cost Savings—and Beyond
The financial institution clears all the required hurdles to protect customers and comply with regulations around the world. The ease of use and deep automation capabilities of the Fortinet Fabric Management Center solutions enable it to do so while streamlining deployment and management of firewalls for centralized staff. As FortiGate NGFWs replace more of the bank’s legacy firewalls, the efficiency of the Fortinet security infrastructure will bring even greater benefits.