Checklist For Selecting Firewall Vendor

How should CISO define the requirement for solutions related to the Firewall domain?

  •  To ascertain total throughput required. The requirement be finalized keeping in view the current traffic as well  as expected increase in volumes over at least next 3-5 years.
  •  To ascertain what is the throughput required for individual interface.
  •  How many interfaces are required in the firewall.
  •  Do we require additional modules (IPS, anti spoofing etc). If yes then what are those.
  •  Any technological constraint or specific requirement

( Read more:  Database Security Vendor Evaluation Guide )

What are the key parameters based on which CISO would choose a vendor for the same?

  • Vendor should have prior experience in supply,installation and maintenance of information security devices. The projects should have been of comparable size. Number of successful deployments should be considered.
  • Vendor should be authorized partners of the OEM of the equipment to be supplied.
  • Previous record of supply and maintenance/ business dealings should be unblemished and of having successfully supplied and deployed information security equipment
  • Should have qualified staff on roles for support for supplied equipment. These staff should hold the certifications on the product from the OEM.
  • Licensing and free requirements are crystallized on various factors like throughputs, components, applications, sites etc.

( Read more:  Technology/Solution Guide for Single Sign-On )

Top Questions to ask vendor for evaluating the offering/Vendor Evaluation Checklist

  • Proposed solution should not be nearing end of life / end of sale / end of support currently. Residual life to be at least 5 years
  • Life road map of system should ensure that the solution is covered under support for period of at least 5 years from date of purchase / installation by OEM
  • What is the support structure of vendor and how will the support be provided (on-site, off-site, remote, session logs and audit)
  • How the updates / patches be made available (online and regular updates are preferable / fixed frequency)
  • What is the SLA (with specific reference to Uptime Assurance, Turn Around Time)
  • What is the level of engagement with OEM for the supply (It should be supply and support)
  • Responsibilities of the OEM towards the purchaser (for supply, installation and maintenance)
  • What if the front ending of the existing vendor ends abruptly, whether OEM provides an alternative and of what quality/ assurance.

( Watch more : Attacks on Smart TV and Connected Smart Devices )

Top mistakes to avoid while selecting a vendor?

  • Solution should not be nearing its end of life / end of support
  • There should be no ambiguity regarding the terms and conditions of services
  • Tenure of engagement of services of the vendor should be amply clear and accepted in writing by both the parties
  • Verification of the documents submitted by vendors should be done from original source or alternate source before selection
  • Price discovery should be done where ever possible.

-Sunil Soni, CISO, Asstt. General Manager, Punjab National Bank tells CISO Platform about Selecting Firewall Vendors

( More:  Want to share your insights? Click here to write an article at CISO Platform )

E-mail me when people leave their comments –

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)