Lifecycle Services: What Are They And Do You Need Them?

Once you’ve deployed the right security solutions for your company, your decisions and uncertainties aren’t over. Consider your firewall platform: Are you making use of all the features and functionality your licensing makes available to you? Will your security team be able to stay on top of every patch, hotfix, and upgrade to keep your software up to date and avoid performance issues? 

Then there’s the ongoing need to review configurations, security policies, and best practices. Plus oversee compliance, manage backups for disaster recovery planning, and run performance health checks.

Everything required to maintain your environment begs the question: Do you have all the engineering resources and skill sets needed to perform those and other day-to-day tasks?

Lifecycle Services: An Alternative To A Managed Security Service Provider

Some companies turn to managed security service providers (MSSPs) to continuously monitor and manage their security systems. This third-party relationship provides certified experts to oversee the company’s security investments. But the results can include some unexpected disadvantages.

In one example,  a manufacturing company with more than 400 remote branch offices had tried an MSSP to help manage a complex Check Point security environment. But instead of lightening the load for the company’s information security team, the MSSP’s efforts left the client frustrated by limited visibility and control of their own environment. 

Wanting better collaboration and customization as well as more control and visibility, the company ended their MSSP relationship. Instead, they chose from a menu of Lifecycle Services from Sayers. 

Lifecycle Services provide expert engineers who make full use of the firewall solution’s licensed features and functionality, mitigate threats with ongoing configuration health checks, review security policies, and orchestrate upgrades. They also customize training to ensure the client has the control and visibility they need. 

By combining Lifecycle Services with Sayers Front-Line Support, the manufacturing customer gained 24/7/365 engineering expertise. Those resources reduced the burden of ongoing security system maintenance and freed up the customer’s security staff to focus on other business-critical requirements.

Organizations can use Lifecycle Services for the long term, or as a transitional solution while their in-house team increases their skill sets and knowledge of the platform.

Bringing Needed Resources And High-Level Engineering Skill Sets

When it comes to professional services, Lifecycle Services are the sometimes tedious yet often high-level tasks that companies may not have the knowledge or resources to do themselves.

Gerry Wollam, Senior Cybersecurity Solutions Architect at Sayers, says Lifecycle Services can be a welcome resource for a range of needs, such as ensuring backups are not only happening regularly but also are not corrupt. He adds:

“We have a large healthcare client we do several hundred upgrades a year with, because they don’t have the capacity to do it themselves. While upgrades are monotonous, they do take a high-level skill set to do to prevent outages.”

Other organizations have turned to Lifecycle Services after experiencing downtime due to serious issues which could have been avoided if they had kept current with patches for their next-generation firewalls. 

“Most of the problems they ran into were actually fixed in those updated hotfixes,” says Corey Clark, Senior Security Architect and Director of Cybersecurity Support at Sayers. “If they had been following a program to keep the files up to date, they would have been fine. With the advanced next-gen firewall features of today, it’s more imperative than ever to keep them up to date to provide the best security they can.”

Staying On Top Of Firewall Platform Performance And Reporting

Included in the menu of Lifecycle Services are health, performance, and capacity assessments to evaluate the company’s existing technologies based on key performance indicators, such as CPU and memory thresholds. 

Alerts indicate deviations that should be addressed, and customers receive reports showing comparisons of capacity and performance over time. Clark says:

“We offer graphs for CPU, memory, connection counts, and throughput on interfaces. We get a very detailed telemetry look at the gateway, and the intelligent automation can pull this information every 15 minutes and compare it to the prior day, week, month, or year.”

Reports identify relevant assessment items as normal, caution, or critical. Summary tables clearly indicate which areas need attention and include recommended actions to improve performance as well as for long-term planning and budgeting.

In one fairly common example, a customer unknowingly had a critical feature disabled for all their firewalls, hindering performance. “Most of the time when we point out a customer has an important feature turned off, they didn’t know they did,” Clark says. “We work with them to activate the feature and resolve the issue.”

Automation Through A Managed Intelligent Service

Sayers Lifecycle Services provide an intelligent network automation service using BackBox to perform a variety of tasks, such as monitoring critical processes to identify potential problems before they become outages. 

System checks can run automatically at desired frequencies such as hourly, daily, or monthly, based on the needs of the customer’s environment.

Automated orchestration capabilities include making configuration changes and upgrades based on the licensing and software versions the customer is running. Clark says:

“If we need to change the password on 200 firewalls for a customer, I can select the 200 firewalls as a task, write the script for it, and say, ‘Go do it.’ It will make that change on all 200 of those firewalls for us.”

Lifecycle Services also make disaster recovery planning easier, with fully automated backup and recovery of device configurations to minimize downtime during a failure. 

Clark adds, “All of our Lifecycle Services are customizable, based on what the customer’s needs are.”

——————-

Questions? Contact us at Sayers today to learn more about Lifecycle Services for firewall platforms including Check Point, Palo Alto Networks, Fortinet, and Netskope.

---