To provide safe, reliable network access to employees, customers and partners, TransUnion operates over 40 firewall clusters managed locally by a team of firewall administrators. They are based at corporate headquarters in Chicago as well as TransUnion offices around the world.
In the financial services industry, mutual audits between customers and partners are routine. In addition, TransUnion has a corporate change management process and is expected to comply with exacting government and industry regulations including Gramm-Leach-Bliley, SarbanesOxley and PCI DSS. Managing TransUnion’s rapidly growing firewall operations while accurately and efficiently implementing security guidelines is a complex process.
With such a large number of firewalls, it was increasingly difficult for the TransUnion team to ensure that all of them were up-to-date and correctly configured. Engineers needed to keep track of which changes had been made, when and by whom – and then to make sure that every change was correctly implemented and in accordance with corporate policy. As the size of the team grew, it was becoming harder and harder to keep track of the details and to be absolutely sure that there were no human errors.
"Tufin SecureTrack has helped us to save valuable time and increase the efficiency and accuracy of our firewall operations team. With SecureTrack, our engineers are spending less time on repetitive, error-prone manual tasks – and our firewalls are in line with our corporate security policies. With Tufin SecureTrack, we are able to provide increased levels of accountability with internal and regulatory compliance requirements."
Victor Hsiang, Manager of Security Architecture TransUnion
Over time, TransUnion’s rule bases had become very large and complex; however, rule base assessment was still performed manually, which is expensive, time-consuming and error-prone. Testing of a single cluster took 20-24 working hours to complete. This painstaking process had to be repeated periodically to ensure ongoing security and accountability.
To increase efficiency, prevent errors, and comply with accountability standards,TransUnion needed a reliable automated change management solution. It was also important to find a way to optimize the large rule bases and keep infrastructure costs under control.
TransUnion evaluated several solutions and selected Tufin SecureTrack™ for its advanced real-time change management capabilities and policy analysis features. In addition, SecureTrack offered a more convenient, intuitive user interface which was critical for ensuring rapid adoption of the solution by the entire team. By tracking and comparing every change to defined corporate standards, SecureTrack enabled TransUnion to maintain accountability and consistency and to identify violations before any damage could occur.
Instead of spending 20-24 hours per audit, TransUnion’s firewall team used SecureTrack to automatically analyze security policies and generate a report. SecureTrack’s rule base cleanup and optimization features helped TransUnion to locate and remove inactive rules. The team was therefore able to significantly improve performance and hardware resource utilization.
SecureTrack provided TransUnion with a comprehensive view of firewall policy across all customers and objects – for all of their clusters. SecureTrack’s unified graphical interface made it easier for firewall administrators to visualize the firewall policy, understand changes, and take action.
Although TransUnion initially selected SecureTrack for change management and rule base optimization, the team also implemented SecureTracks’ auditing features to support corporate change management procedures as well as external audits. SecureTrack enables compliance with international regulatory standards including PCI DSS, SOX, HIPAA, ISO 17799 and Basel II.
- Enforcement of corporate security guidelines
- Improved network security and uptime
- Risk management and business continuity
- IT governance
- Regulatory compliance
- Improved security infrastructure performance
- Proactive security enforcement