The Newberry Group Blog


Archived Categories

Sort By: Title   |   Blog Date
Monday, June 09, 2014

Case Study: Optimizing Barracuda Load Balancer to Meet Web Application Demands

Barracuda Load BalancerChallenge:

A regional energy cooperative wanted a way to provide seamless application availability for their customers and scalable performance for future growth demands. Their current Barracuda Load Balancer and Oracle ERP solutions were deployed by a 3rd party using a method that would significantly impact performance and scalability in their  virtualized environments.  With a deadline on the horizon, they needed a solution that offered both flexibility and availability while minimizing complexity.

Solution:

Newberry conducted a network and infrastructure assessment and found that the current Load Balancer and ERP deployment would only meet a fraction of the organization’s web application demands.  Newberry’s engineer worked closely with the customer to fine tune their Barracuda Load Balancer and rebuild their Oracle ERP system from the ground up while keeping the principles of scalability and application uptime at the forefront.

Results:

Newberry enhanced the organizations ability to manage and scale critical application environments by:

  • Creating custom Load Balancer services and rules to automate application failover, rewrite URL requests for cross-platform compatibility with Oracle, and utilized URL redirection to simplify end user navigation during their initial orientation.
  • Tuning the Load Balancer’s application layer for session persistence and Layer 7 health monitoring.
  • Clustering the Load Balancers together using High Availability for seamless failover and web application availability.
  • Identifying I/O performance bottlenecks in virtual and networking environments.
  • Redesigning the customers ERP architecture by reducing complexity and adding additional nodes which resulted in doubling the amount of concurrent users and sessions available.
  • Training and knowledge transfer with System and Network Administrators covering operations, maintenance and advanced troubleshooting.

Why Newberry Group?

As one of the few Barracuda partners that can support the entire product line beyond what was required by this customer, Barracuda immediately turned to Newberry to make this project a success. Newberry’s Barracuda-certified engineers brought their in-depth knowledge, experience and passion for technology that was needed to exceed the demands of this time critical project.


Posted by: Nicholas Trifiletti
 | permalink





Tuesday, May 20, 2014

Case Study: Protecting a Large-Scale Federal Network with Sourcefire NGIPS

Sourcefire logoChallenge:

A Federal agency recognized that they needed to improve their threat protection by monitoring all traffic as it passes through their gateways without hampering their network performance. This agency knew that malware was entering into their network enterprise but was not able to detect it.  Due to client data sensitivity and the need to ensure the security of the network for their customers, they needed to be able to apply customized protections as quickly as possible.

Solution:

Newberry Group partnered with Sourcefire to provide a solution that included multiple Sourcefire Next-Generation IPS Sensors at the four main data centers. The Sourcefire IPS solution provides the agency with real-time contextual awareness and threat protection with the ability to act intelligently and automatically when an internal host is affected by a client side attack.

Results:

With Sourcefire’s NGIPS, Newberry Group helped the customer meet performance and customization demands so that the agency has access to:

  • Real-time contextual awareness with the ability to see and correlate extensive amounts of event data related to their IT environment—applications, users, devices, operating systems, vulnerabilities, services, processes, network behaviors, files and threats.
  • Advanced threat protection to discover, assess and respond to hacking activities, intrusion attempts and vulnerabilities in order to stay ahead of threats.
  • Intelligent security automation with event impact assessment, IPS policy tuning, policy management, network behavior analysis, and user identification. This significantly lowers the total cost of ownership to the agency and enhances their ability to keep pace with changing environments.

Posted by: Tony Hausmann
 | permalink





Monday, April 21, 2014

Case Study: Installing a Websense Web Security Filtering Appliance

Challenge:

Websense logoA Federal agency recognized that they needed to improve their current web security solution to allow for better filtering of the Internet traffic coming in and going out of their network.  They needed to provide for data loss protection, as well as utilize real-time analysis of malware and recognized advanced threats with the ability to perform forensic activities. They needed the solution to provide protection for local and remote users as well as support multiple campus sites.  Additionally, in the end, they wanted to be able to centrally manage the system post-deployment and develop reports for Executive staff and trend analysis.  Thus the solution needed to have an easy to use interface that allowed for the monitoring and management of the entire system from a single location.

Solution:

Newberry Group partnered with Websense to provide a technical solution that included multiple Websense appliances and the implementation of the Websense Web Security Gateway Anywhere (WSGA) solution installed at a main campus and a satellite location.  The final solution included the following:

  • Scalable deployment for up to 12,000 users with high availability and automated failover and load balancing.
  • Deployment of Websense’s TruHybrid solution that protected the agency’s branch offices and remote and mobile users.
  • Provisioning through a single unified interface.
  • Deployment of Websense’s TruDLP to prevent data loss and enable compliance with agency and NIST standards and policies.
  • Real-time analysis utilizing Websense’s Advanced Classification Engine (ACE) and threat intelligence from Websense’s ThreatSeeker Intelligence Cloud.
  • An advanced threat dashboard providing actionable forensic detail on who was attacked, what data was attacked, where the data almost went, and how the attack was executed.
  • File sandboxing to protect the environment from advanced malware.
  • Training of Websense Administrators on system operation, maintenance and report generation.

Results:

Newberry enhanced the agency’s overall environment by optimizing the customers filtering and security monitoring.  The agency now has the ability to:

  • Identify and monitor security vulnerabilities while being supported by manufacturer recommendations, industry best practices and compliance requirements.
  • Implement security configurations for web filtering policy down to a user level.
  • Provide reporting documentation to support security investigations or remediation.
  • Direct reach-back to Newberry engineers and Websense Premium Support

Why Newberry Group?

As a preferred Federal Executive Partner for Websense, Certified Triton Integrator, and Authorized Training Center, Newberry can offer a full scope of products and services to each of our clients. Our in-house certified Websense engineer trainers are able to provide a wide range of professional services that include integration, configuration and installation of Websense technology as well as standard and customized training courses to meet a client’s specific needs.  


Posted by: Valerie Root
 | permalink





Thursday, March 13, 2014

Case Study: Ensuring Network Health with ForeScout CounterACT

Newberry Blog | ForeScout Logo and CounterACTChallenge:

A large Midwest firm wanted to allow employees and guests to access to their networks and internet regardless of the device being used. They also wanted a way to ensure anti-virus and security vulnerability patches were up-to-date on their own Windows devices.

The company needed a solution that provided visibility of their network and attached devices, provided an agentless capability, and was easy to install and manage. Compatibility with the client’s current switch and MDM vendors was another key factor as well as ensuring it could move forward with a future global deployment.

Solution:

Newberry partnered with ForeScout to provide a plan around the CounterACT solution. The client tested the solution for more than a month to ensure that the product worked well with the existing infrastructure, that it was easy to use, and that it would not cause network disruption.

CounterACT also provided the organization with a large amount of instant information they did not have access to previously. Now they can see who’s connected to specific switches, see who was the last person to log into the network on a specific Windows PC or user IP address, then enforce policies against those devices and machines attempting to connect.

Results:

Forescout CounterACT enhanced the health of the customer’s network by providing:

  • A more efficient and effective way to control network access (authority to connect) and ensure endpoint compliance.
  • Real-time inspection and easy manageability of guests, contractors and employees using a variety of devices to connect.
  • The ability to enforce security policies to only allow devices on the main network that have up-to-date antivirus, OS, and application patches.
  • The ability to quarantine any noncompliant devices and devices with viruses and immediately reduce the threat of malware entering the network.
  • An agentless solution with unprecedented compatibility with over 16 switch vendors and multiple MDM, antivirus and antispyware vendors.
  • Fewer resources required for network access control (NAC) deployment, maintenance and administration

With ForeScout CounterACT, Newberry was able to quickly improve the customer’s network health and provide an automated solution for network access control, mobile security and endpoint compliance. Do you have a similar network access situation? Learn more about how Newberry can help.


Posted by: Tony Hausmann
 | permalink





Thursday, February 13, 2014

Case Study: Optimizing a Barracuda Web Application Firewall cluster

Barracuda Logo and Web Application FirewallsChallenge:

A Federal agency had recently purchased ten Barracuda Web Application Firewalls (WAF) from another vendor and had installed the devices themselves.  However, since the Barracuda WAF solution was new to them and the configurations were transferred from another solution, they were unsure if they had installed the devices in the most optimal setup.  

Solution:

The agency relied on Newberry for a technical review of the installation of ten Barracuda Web Application Firewalls to validate operational efficiencies, infrastructure design, and to determine if deployed security policies for protected sites were effective in protecting from external threats.

How We Solved the Problem:

After determining the intended functionality of the configuration, Newberry’s Barracuda-certified team used current network diagrams to review the logical placement of each WAF in their respective data flows to determine correct placement and deployment method.
A full review of the WAF environment was performed to determine if the services, security policies, advanced security protection features, and administrative access controls were appropriately set up to protect against external threats and comply with NIST standards and agency policies. The configuration of enabled services such as High Availability (HA), Load Balancing, Data Theft Protection and Caching/Compression were also reviewed to ensure optimal performance and adherence to Barracuda’s recommended configuration.
Our team also analyzed firewall logs and reports to identify any security vulnerabilities and made configuration recommendations to enhance performance and offer a greater level of security.

Results:

Newberry enhanced the overall performance of the customer’s network and WAF configuration by:

  • Identifying security vulnerabilities that were supported by manufacturer recommendations, industry best practices, known vulnerabilities, and compliance requirements.  
  • Providing fixes for the identified vulnerabilities
  • Offering recommendations for enhancing security and performance of the WAF and the overall network
  • Lastly, providing a report of the assessment/configuration that included a management summary and the technical findings.  

Why Newberry Group?

As one of the few Barracuda partners that can support the product line to the extent that was required by this customer, Barracuda immediately turned to Newberry to conduct this review. Newberry’s Barracuda-certified engineers brought the in-depth knowledge and experience needed to perform even the most intricate configuration and troubleshooting tasks.

Need help with your Barracuda product installation? Learn more about how we can help.


Posted by: Steve Carney
 | permalink