NetworkiNg SolutioNS

1 . 8 0 0 . i N S i g H t t i N S i g H t. c o m

Firewall Policy Review OverviewFirewalls represent the single most important piece of technology in any company’s security plan. They are the front line of defense against Internet hackers and others who would threaten the lifeblood of your company. Over time, rule sets increase in size and complexity and, if not analyzed holistically from time to time, can contain misconfigurations or other anomalies that represent risk to your organization. An Insight Networking Firewall Policy Review analyzes your firewall configurations and rules to validate that they are implemented according to security best practices.

Firewall Policy Review BenefitsFirewall administrators must respond to changing business requirements over time by adjusting firewall configurations and appending new rules to an ever-increasing rule base. Over time, unmitigated risk can be introduced through troubleshooting or as overly permissive firewall rules are added. As rule sets increase in size, a manual process of reviewing firewalls quickly burdens firewall administration staff. To further complicate matters, many security mandates, such as the Payment Card Industry (PCI) Data Security Standard (DSS), require regular review of firewall rules. As a part of any effective risk management program, firewall rules should be reviewed on a recurring basis. The Insight Firewall Policy Review provides a cost-effective means to identify unmitigated risk in the current firewall configuration.

Our Proven MethodologyThe Insight approach starts with understanding your business environment. We analyze the relationships between the business and its supporting technology to learn the context of how technology supports the business. With this basic understanding of how your firewalls support and protect your business, Insight embarks on our technical testing processes. Using industry-recognized tools and firewall configurations provided by your team, we analyze the configurations through off-line testing. Our tools build a risk model for each rule and for the rules as a set and provide line-by-line analysis of risky rules and configuration settings. We then review each of these items with you to establish appropriate context before providing targeted recommendations. Once the data is collected and appropriate context is gathered, Insight prepares an initial briefing to discuss the results with your team. If, during the data collection phase, we encounter findings of significant risk, we will alert your team to their

FiRewall POlicy Review OFFeRings

• Perimeter Security Assessments • Internet Security Assessment • Wireless Security Assessment • Remote Access Security

Assessment • Firewall Policy & Configuration

Analysis

• Internal Security Assessments • Internal Risk & Vulnerability

Assessment • Data Management Practices

Assessment (DBAs) • Data Management Practices

assessment (End users) • Web Application Security

Assessment • Social Engineering Assessment

• PCI Compliance Consulting

• HIPAA Compliance Consulting

• NERC CIP Compliance Consulting

• GLBA/FFIEC Compliance Consulting

• Network and Host Security Technology Design and Implementation

• 24x7 Managed Network and Security Services

Firewall Policy Review

aBOut insight

Insight Networking is a strategic business unit of Insight, a technology solutions provider serving global and local clients in 170 countries. Today, thousands of clients, including more than 80 percent of the Global Fortune 500, rely on Insight to acquire, implement and manage technology solutions to empower their business. Insight provides software and licensing services globally. In addition, we offer a comprehensive portfolio which also includes networking, hardware and value added services for our clients in North America and the U.K. We are aggressively expanding our global capabilities by introducing new offerings, including hardware and services, to meet emerging needs for our clients worldwide. Insight is ranked No. 484 on the 2009 Fortune 500.

1 . 8 0 0 . i N S i g H t t i N S i g H t. c o m

presence immediately in order to ensure that the deficiency is remedied as soon as possible. After the initial briefing, Insight analyzes all of the data, producing the final report. The final report identifies unmitigated risk within firewall management practices and is targeted at an IT manager with recommendations to improve firewall management capabilities. It also provides ample detail appropriate for network and security engineers to facilitate immediate and complete remediation.

success storiesInsight has delivered its unique blend of security and business risk management assessments to a wide variety of industries, including: • State and municipal government agencies • High-tech companies • Financial services industry • Manufacturing • Logistics and Transportation • Healthcare • Retail

Fast Facts• Cisco Gold Certified Partner• HP Platinum Partner• IBM Premier Business Partner• Lenovo Premier Business Partner• Microsoft Gold Certified Partner• Lifecycle Management Services• ISO 9001:2008 Integration Labs

• Advanced Technology Labs• IT Management Services with a 24x7

Network Operations Center• 432,000 square foot Distribution Center• $130M ‘ready to ship’ inventory, $3.3B

virtual inventory• 2,500+ technical certifications

Insight and the Insight logo are registered trademarks of Insight Direct USA, Inc. All other trademarks, registered trademarks, photos, logos and illustrations are the property of their respective owners. ©2009, Insight Direct USA, Inc. All rights reserved. Updated 10.09