Todd Ferguson recently found himself up against the wall, a firewall that is. While his company faced several security challenges, ensuring that firewall policies met internal standards rose to the top of his priority list.Ferguson is the network security manager at Raymond James Financial, a financial services holding company with subsidiaries engaged in investment, financial planning, investment banking and asset management.
Protecting the transactions of the company's clients, as well as internal network activities, is an essential responsibility for Ferguson and his IT staff of 825. Maintaining a sound defensive posture is one major piece of the puzzle, as is keeping up with ever-changing requirements. Firewall policies, in particular, have a tendency to become “Swiss cheese” over time, he says. Additionally, he sought to tie the individual rules to the application and business owner.
A team, comprised of an architect and an engineer, began assessing products and services from all of the major players in the space.“One of the challenges we faced at the time of our evaluation was simply supporting our firewall platform,” says Ferguson. “We considered all aspects, but were driven by the need for accuracy, reporting and, obviously, cost.”
Choosing a winner
While the team engaged with several vendors to develop support for its firewall operation, FireMon from Secure Passage rose to the top of the heap for its use of real-time network device monitoring.
“Upon real-time detection of change, FireMon collects the policy and configuration of the changed device and performs a comparison of old policy to new policy and immediately reports the full change details via email,” says Jody Brazil (left), co-founder, president and CTO of Secure Passage.
The change report includes the “who, what, when and where” specifics about the change, he says. The newly retrieved policy is stored and becomes available for further audit by FireMon. The tool's architecture can scale to monitor thousands of devices and it has built-in redundancy to ensure monitoring is always available.“With FireMon, you can control change, improve firewall policies and enforce compliance,” Brazil says.
This was the answer Ferguson and his team were looking for. “As with any solution that will take the data from firewall logs, the concern is always centered on operational impact versus risk,” he says.By implementing FireMon, the company was able to tie individual firewall rules, groups or policies back to the business owners, monitoring usage and necessity over time. An added benefit is that reducing unused, or “shadowed,” rules reduces complexity and improves perimeter security postures, Ferguson says.
The deployment was relatively painless, he adds. It involved defining new log destinations to send firewall log traffic to FireMon. “The challenges that presented themselves are common to exposing visibility – what data do you want to report or alert on?,” he says. “Once we spent time tuning the product to our requirements, operational impact has been minimal and largely tied to the implementation of new firewalls to be monitored.”
The tool has allowed Raymond James to continually monitor its configurations against internal and regulatory requirements. Each change is evaluated against configured polices, and alerts are sent if the change does not meet the policy requirements. Further, FireMon collects, monitors and reports on all of the company's critical core and perimeter firewalls across the globe.In addition, Ferguson says his team intends to decentralize the log collection in coming months to regional collectors.
To keep the system up to date, Secure Passage maintains an online user center where customers can obtain the latest version of software and documentation, submit feature requests and review support tickets, and more, says Brazil. The company automatically notifies all accounts when FireMon updates are available. The updates and patches are available for download as a single packaged .ISO image. The image simply is transferred to the FireMon appliance via a secured transfer method. Once the image is copied onto the platform, an integrated “update” command may be issued at the console.
In addition, Secure Passage offers an online community where engineers can find, download, review and publish extensions for FireMon.
Continual updating is a necessity these days, as Ferguson points out that most financial services firms have found themselves subject to broad and targeted attacks over the past few years.
“While the perimeter may have lost media focus to malware and the endpoint, it has not diminished the need to maintain layered, defense-in-depth and overall diligence in protective measures,” he says.
Raymond James Financial, headquartered in St. Petersburg, Fla., was founded in 1962. Its three wholly-owned broker/dealers (Raymond James & Associates, Raymond James Financial Services and Raymond James Ltd.) and Raymond James Investment Services Ltd., a majority-owned independent contractor subsidiary in the U.K., have more than 5,300 financial advisers serving nearly two million accounts in more than 2,300 locations throughout the United States, Canada and overseas.
The company reported net income of $60.7 million for the third quarter ending June 30. In comparison, the firm earned $42.6 million for the third quarter of fiscal 2009, and $55.6 million for the immediately preceding quarter.
Discussing the company's 3Q earnings with CNBC's Maria Bartiromo in late July, CEO Paul Reilly credited the firm's focus on the fundamentals – proven with 90 consecutive quarters of profits. It is necessary to keep a long-term, balanced focus without getting caught up in swings, he said. “We know markets will go up and down.”