Checklist For Selecting Firewall Vendor

How should CISO define the requirement for solutions related to the Firewall domain?

  •  To ascertain total throughput required. The requirement be finalized keeping in view the current traffic as well  as expected increase in volumes over at least next 3-5 years.
  •  To ascertain what is the throughput required for individual interface.
  •  How many interfaces are required in the firewall.
  •  Do we require additional modules (IPS, anti spoofing etc). If yes then what are those.
  •  Any technological constraint or specific requirement

( Read more:  Database Security Vendor Evaluation Guide )

What are the key parameters based on which CISO would choose a vendor for the same?

  • Vendor should have prior experience in supply,installation and maintenance of information security devices. The projects should have been of comparable size. Number of successful deployments should be considered.
  • Vendor should be authorized partners of the OEM of the equipment to be supplied.
  • Previous record of supply and maintenance/ business dealings should be unblemished and of having successfully supplied and deployed information security equipment
  • Should have qualified staff on roles for support for supplied equipment. These staff should hold the certifications on the product from the OEM.
  • Licensing and free requirements are crystallized on various factors like throughputs, components, applications, sites etc.

( Read more:  Technology/Solution Guide for Single Sign-On )

Top Questions to ask vendor for evaluating the offering/Vendor Evaluation Checklist

  • Proposed solution should not be nearing end of life / end of sale / end of support currently. Residual life to be at least 5 years
  • Life road map of system should ensure that the solution is covered under support for period of at least 5 years from date of purchase / installation by OEM
  • What is the support structure of vendor and how will the support be provided (on-site, off-site, remote, session logs and audit)
  • How the updates / patches be made available (online and regular updates are preferable / fixed frequency)
  • What is the SLA (with specific reference to Uptime Assurance, Turn Around Time)
  • What is the level of engagement with OEM for the supply (It should be supply and support)
  • Responsibilities of the OEM towards the purchaser (for supply, installation and maintenance)
  • What if the front ending of the existing vendor ends abruptly, whether OEM provides an alternative and of what quality/ assurance.

( Watch more : Attacks on Smart TV and Connected Smart Devices )

Top mistakes to avoid while selecting a vendor?

  • Solution should not be nearing its end of life / end of support
  • There should be no ambiguity regarding the terms and conditions of services
  • Tenure of engagement of services of the vendor should be amply clear and accepted in writing by both the parties
  • Verification of the documents submitted by vendors should be done from original source or alternate source before selection
  • Price discovery should be done where ever possible.

-Sunil Soni, CISO, Asstt. General Manager, Punjab National Bank tells CISO Platform about Selecting Firewall Vendors

( More:  Want to share your insights? Click here to write an article at CISO Platform )

Votes: 0
E-mail me when people leave their comments –

Community Head, CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

CISO MeetUp: Executive Cocktail Reception @ Black Hat USA , Las Vegas 2025

  • Description:

    We are excited to invite you to the CISO MeetUp: Executive Cocktail Reception if you are there at the Black Hat Conference USA, Las Vegas 2025. This event is organized by EC-Council & FireCompass with CISOPlatform as proud community partner. 

    This evening is designed for Director-level and above cybersecurity professionals to connect, collaborate, and unwind in a relaxed setting. Enjoy…

  • Created by: Biswajit Banerjee
  • Tags: black hat 2025, ciso meetup, cocktail reception, usa events, cybersecurity events, ciso

6 City Playbook Round Table Series (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

  • Description:

    Join us for an exclusive 6-city roundtable series across Delhi, Mumbai, Bangalore, Pune, Chennai, and Kolkata. Curated for top cybersecurity leaders, this series will spotlight proven strategies, real-world insights, and impactful playbooks from the industry’s best.

    Network with peers, exchange ideas, and contribute to shaping the Top 100 Security Playbooks of the year.

    Date : Sept 2025 - Oct 2025

    Venue: Delhi, Mumbai, Bangalore, Pune,…

  • Created by: Biswajit Banerjee

National Insider Risk Symposium, Washington DC, USA 2025

  • Description:

    We are excited to invite you to the 10th National Insider Risk Symposium, a premier forum bringing together leaders and experts from both the commercial and public sectors to address the evolving landscape of insider threats. CISOPlatform is a proud community partner for this event. 

    Event Details:
    Venue: National Housing Center, 1201 15th St NW, Washington, D.C. 20005
    Dates: September 17–18,…

  • Created by: Biswajit Banerjee
  • Tags: national insider risk symposium, ciso, cybersecurity events, usa events