Major Marketing and Engagement Firm

Cisco Firepower and Cisco Identity Services Engine implementation used to manage and secure network traffic

  • Client is a leading provider of customer engagement solutions that help connect businesses and people how, when, and where it matters. The company offers payment tools such as checks and cards; and marketing services such as deposit and loan acquisition programs, digital marketing, performance analytics and promotional products for businesses. It deploys these customer engagement solutions holistically, across print, phone, and digital channels, ensuring that the customers of its world-class client base enjoy a consistently superior experience.

 

Problem Statement

  • Client requested to leverage next-generation firepower firewall security features such as Layer 7 (application) firewalls, IPS/IDS, AMP etc. – therefore a migration of existing firewalls to next-generation Firepower Firewalls was needed. This would enhance the security at perimeter

  • Client also wanted to implement NAC for wired and wireless users and any other device that would connect to network. Client also wanted to secure network by scanning all network devices before allowing network access. Guest Wireless Portal was also needed for authenticating Wireless Guest users. 

 

Technology Used

  • Cisco Firepower Management Center (FMC)

    • For Perimeter security

    • IPS/IDS (Intrusion Prevention)

    • AMP (For future)

  • Cisco ISE (Identity Services Engine) – NAC

    •  Wired and Wireless User Authentication

    • Device authentication such as Printers, IP cameras, Badge Readers etc.

    • Guest Wireless Authentication

    • VPN Users

    • Posture Scans for Wired, Wireless and VPN users

 

Implemented Solution

  • Gathered “As Is” and derived “To Be” states by working with Client’s Enterprise Architecture, Cyber Security and Operations teams to define, design and implement the Firepower and ISE solutions.

  • Existing ASA firewalls were upgraded to Next-Generation Firepower Firewalls

  • ISE was deployed in a large cluster that was spread between multiple different Data Centers for scalability, redundancy and improvement in response time for local clients

  • Solution to authenticate wired, wireless and VPN users when connecting to Network

  • Solution to record and authenticate Guest Wireless Users

  • Solution to perform a posture scan on all user’s machines to comply with security policies

  • MAC Address based solution for devices that does not support dot1x such as IP Cameras, Badge readers, Printers (in some cases)

Benefits of the Solution

  • With Next-Generation Firewalls – traffic can be protected and filtered more granularly and at application layer 

  • IPS (Intrusion Prevention) – protects network from any traffic from and to Internet and blocks immediately. This ensures business continuity

  • Authentication of users ensure that all openings on walls for network ports are protected and only authorized systems can access network

  • Guest Portal allows for Guest users to be authenticated – to ensure only company’s valid guests are permitted access to internet and a record can be created for audit or compliance purposes if needed

  • Posture scan of user’s machines ensures machines are running valid security software such as Anti-Virus or Anti-Malware before they can be allowed access on the network

  • All of these systems increase network security which in turn secures critical business information and systems. This not only ensures business continuity but also safeguards business from many legal adversities

Have a Question? Click below to schedule a consultation

(678) 735-9229

3355 Lenox Rd NE #750, Atlanta, GA 30326, USA

©2019 by RAAH Technologies INC.