• Network perimeter security is the first line of defense in an effective information security program. Network firewalls, whether they be UTM based or next-generation devices form the foundation necessary to protect your organization’s data, network and critical assets from outside intruders and threats. Yet, many organizations continue to be challenged by managing these solutions in-house, due to the heavy technical burden of day-to-day management or lack of available, skilled security expertise. Trustwave’s service is designed to address all of the complexities associated with the deployment, management and ongoing threat monitoring of these enterprise firewalls, including in-depth support for Cisco, Fortinet and Palo Alto Networks.

Overview

  • Trustwave’s Managed Enterprise Firewall service includes network based firewalls that are capable of providing network security protection for large or complex deployments. These firewalls are highly scalable and can also include virtual versions as options depending on specific vendor capabilities. Deployment options for these devices include the data center, network edge or branch offices. Next-generation firewalls will often include capabilities such as application or user based policies, threat detection via intelligence feeds as well as traditional IPS methods, SSL based VPN’s, and sandboxing.

    Trustwave’s Managed Enterprise Network Firewall service includes support for many of these features dependent upon the specific firewall vendor chosen and includes:

    Global Advanced Security Operations Centers (ASOC) that provide around the clock support, staffed with security experts who have in-depth product knowledge and experience working with complex, enterprise network environments with next-generation firewalls and / or UTM devices.

    Continuous Device / Threat Monitoring assures that regardless of the specific device capabilities supported, you are protected from the latest threats, with 24x7x365 monitoring, analysis and validation of advanced threats which includes use of real-time threat intelligence from SpiderLabs.

    24x7 Security Portal Access assures that you have continuous visibility into any open tickets, alerts and status of your perimeter security profile. Detailed reporting is available for internal control and compliance requirements whenever they are needed.

Benefits

    • Efficient Deployment

      Efficient deployment of managed firewalls specifically configured for your network, ensuring that monitoring and protection are in effect immediately and monitored continuously.

    • 24x7 Service Event Monitoring

      24x7 service event monitoring quickly identifies evidence of suspicious activity, filtering out non-validated threats with rapid escalation to the customer for validated threats.

    • Elimination of False Positives

      Elimination of false positives by Trustwave analysts assures that your team stays focused in the areas that matter most and are only engaged when security conditions warrant.

    • Regular Device and Policy Updates

      Regular device and policy updates that address the latest network-based threats. In some cases, updates may include protection against zero-day attacks (firewall vendor specific).

How It Works

  • Managed enterprise firewalls are deployed at the network perimeter other sensitive locations or within the internal network for additional network segmentation as required by the customer. Service is delivered from a cloud based management system and supported by Trustwave Global Threat Operations and SpiderLabs Research teams which includes Cyber Threat Analysts, Incident Response Engineers, and Threat Intelligence Analysts. The key roles each of these members includes:

    Threat Intelligence Analyst

    Responsible for global threat monitoring and maintaining of Trustwave specific threat feeds and Indicators of Compromise (IOCs) used for customer site monitoring as well as third party signature / threat updates as required by supported firewalls.

    Cyber Threat Analyst

    Responsible for customer specific threat monitoring and operation of the Managed Enterprise Firewall Service on the customer’s behalf, including threat validation, potential attack notifications, escalations and classification of events which include:

    Critical

    Security events requiring an immediate response by the customer at this level are actionable, high risk events which are actively compromising or damaging the customer.

    High

    Security incidents at this level are actionable, high risk events that have the potential to cause severe damage to customer environments.

    Medium

    Security incidents at this level are actionable, medium-risk events that have the potential to cause limited damage to customer environments.

    Low

    Security incidents at this level are not immediately actionable, and may require further investigation by the customer to determine possible actions.

    Incident Response Engineer or Threat Hunters

    These are optional, additional cost services that a customer may choose to leverage from Trustwave to assist them with containment, remediation or other incident response operations should they become necessary.

    MDRE-diagram

Resources

  • Documents