AlgoSec Case Study: T-Mobile

Customer Testimonials | AlgoSec Case Study: T-Mobile Subscribe

Peter Erceg, Head of IT Security at T-Mobile, talks about how AlgoSec helped T-Mobile optimize their firewall policy, reduce efforts for PCI compliance and automate network security policy changes.

View transcript

the challenges of managing firewalls and network policies come down to a number of areas I think first is actually understanding the risk and your legacy firewall rule set so actually understanding what those rule sets allow what what what policies are actually said and therefore where your real risk was in the environment and I think it also as a challenge around compliance so one of the first things your ex's will always seem to look at is go through your firewall rule says because they understand that and I'll start pulling out rule sets which are obviously weak in your environment so really giving a hand on those and understanding them before you're found to be non-compliant as an important part the legacy firewall the vendors providing management software to help you manage the operating system of the firewalls they really don't help you address some of the other issues that we face which is long change control for example so what's actually changed on the firewall around the rule sets I'm around compliant so areas like PCI DSS and helping you ensure compliance for your firewalls and of course your own internal security policies now they don't help you manage the complexity of the rule sets so really what risks you're running as an organization so we went out to market looking for vendors to help us address the concerns around a firewall so we're really looking for for a few key points first one was obviously a vendor they had a solution and a product that can help us manage our firewalls and understand the risks involved within them and when a vendor that had a cost-effective product and invented that really want to become a partner so really wanted to help help us better manage our firewall solutions but really also listen to what our issues and concerns were and perhaps tailor their products to to meet that in the future you chose our basic because one from the first meeting it was obvious that they wanted to be a partner rather than just sell a product off the shelf during the technical analysis that we did the products tacked up very well against his competitors and our technical team was very pleased with the results and an analysis that came out of that it was very cost effective when we looked at the numbers actually what we found was mitigating issues around your firewall rule sets is very resource-intensive if you don't have the right tool so the ROI pretty quickly and ultimately you know we just had the right feel about outer sac and you know we were chosen from there when we deploy the assets with the products we had a project which basically ran for six months to ensure that we went through all the rule sets with them occur within the firewalls and understand how they works and Alvis that was just a key part of that after six months were at a point where all our firewall rules were understood they were analyzed properly documented and in the proper state that we need them from the company anywhere own maintenance mode and the maintenance mode then we use another one of our ger six product which is the Firefly which helps us for change control so therefore we were sure that when we signed off the change so there actually was was implemented and that helped maintain that level of understanding within the rule sets and if we didn't have a product like that there was a danger within six to twelve months that when we're back doing the analysis again and what we also found was when it came to compliance time so whether they be internal auditors or whether that be a PCI that we had that we could use the tool to basically prove compliance in a very short period of time which means that the the unit so I took a lot less of our resources than it normally would another area where our basic suite of products helps us is when the outsourcing environment one of the questions often asked an outsourcer is so how do you ensure that you're meeting a change control that you're meeting our policies and while the response might be well here's a report I've written or here some analysis that I've done but where the product helps it becomes an impartial or non biased party in this where it actually proves to us that the outsourcer is following our policies and meeting the compliance and it helps significantly when you're talking about your KPIs or your SOAs and also when it comes down to your auditing and compliance the overall experience the opposite for us has been a positive one we've met and sometimes exceeded the objectives of the project and algis because a company out soon you recommend to anyone looking at managing their network security policies

Videos

Customer Testimonials | AlgoSec Case Study: T-Mobile Subscribe

Related videos

AlgoSec Case Study: BM&FBOVESPA (English)

Reece Group empowers business and IT teams with ChatOps –...

Go App Centric with AppViz

Nationwide Testimonial