In each geographic region where the bank operates, staff manage FortiGate NGFWs through a high-availability (HA) cluster of FortiManager appliances, as well as high-availability FortiAnalyzer devices. More than 100 engineers work with FortiManager on a regular basis to manage every facet of the security infrastructure lifecycle, from design and implementation to operations and auditing of the FortiGate estate.
The new security infrastructure represents a significant upgrade over the solution it is replacing. The bank’s legacy firewalls enable centralized management, but it is highly inefficient. Changes often take days to propagate throughout the firm’s data centers, so it is impossible to ensure they complete within specified maintenance windows.
Even small updates may encroach on production hours, degrading performance or requiring downtime. FortiManager, by contrast, enables more efficient management of the NGFWs. An update that takes 48 hours to distribute with the legacy management solution requires less than an hour with FortiManager.
Automation enables no-touch firewall deployment
In pursuit of its companywide IT objectives, the financial institution is fully leveraging the Fortinet solutions’ automation capabilities. FortiManager uses the Fortinet robust representational state transfer (REST) application programming interface (API) to automate every aspect of firewall management.
For example, when the bank needs to roll out a new FortiGate NGFW, local staff connect the appropriate cables. From there, the Fabric Management Center solutions take over, and installation requires no further human touch. The Fortinet REST API enables a newly connected firewall to communicate with the region’s FortiManager cluster. FortiManager automatically runs scripts that configure settings and distribute policies to the new firewall, depending on the geographic region and type of device.
FortiManager connects the NGFW into the bank’s various reporting systems, including FortiAnalyzer. Moving forward, FortiManager provides automated management, including all routine firmware updates and maintenance.
The elimination of manual intervention in system rollouts reduces configuration and deployment mistakes. It also saves a significant amount of staff time whenever a new NGFW is deployed and reduces the length of time required to provision new resources, which minimizes the bank’s time to market.
Finally, the automated provisioning is saving the institution from paying local service providers to stage hardware in different parts of the world, resulting in accelerated deployment of new resources.
Streamlined integration of analytics across the institution
As a major global financial institution, the bank faces a vast array of regulatory compliance requirements. It monitors security events across dozens of applications companywide using a solution it developed in-house. The solution meets the bank’s needs and incorporates data from all its legacy firewalls. When the firm deployed FortiAnalyzer, therefore, integration with this in-house solution was key. Fortinet engineers connected FortiAnalyzer with the pre-existing in-house solution. Now, log data from the FortiGate NGFWs is incorporated into the institution’s single-console oversight of all its security solutions.
$100 million cost savings—and beyond
The financial institution clears all the required hurdles to protect customers and comply with regulations around the world. The ease of use and deep automation capabilities of the Fortinet Fabric Management Center solutions enable it to do so while streamlining deployment and management of firewalls for centralized staff.
As FortiGate NGFWs replace more of the bank’s legacy firewalls, the efficiency of the Fortinet security infrastructure will bring even greater benefits. The bank is well on its way to achieving its projected $100 million cost savings.