Reducing Azure network security deployment time from days to minutes

As a forward-thinking MSSP, ON2IT is reluctant to add operational overhead as it secures a fast-growing portfolio of client workloads. The organisation wants to consume network security in the same way it consumes easily deployed, fully managed cloud services. It also wants to centralise the administration of its essential network security tools. ON2IT wants to meet these objectives without compromising the quality of security, which is where Palo Alto Networks best-in-class security becomes a crucial component.

ON2IT is a Zero Trust innovator: a global pure-play cybersecurity service provider. Headquartered in the Netherlands with further offices in the US, the organisation offers worldwide managed cybersecurity services for clients with complex and dynamic IT infrastructures. ON2IT was founded in 2005 and has more than 300 clients worldwide.

Innovation is at the heart of ON2IT’s business growth. The organisation is continually looking to the future to ensure clients can be confident their data, people, and devices are safeguarded from vulnerabilities. This innovation extends to ON2IT’s Azure environment.

“As more clients move to the cloud for their digital transformation, they need to be certain their Azure environment is protected against threats and their applications are secure,” explains Rob Maas, Field CTO, ON2IT.

For its own environment, ON2IT had the option to choose Azure’s native firewall, or a firewall from a third party. According to Rob, that wasn’t a path the business wanted to take. “The native Azure firewall is click-and-play, but it has very limited features and no central management. A network virtual appliance from a third party provides a richer next-generation firewall feature set but can be very complex to implement and administer.”

With innovation in mind, ON2IT looked to an alternative solution – both for its own Azure environment and to provide managed security services to clients.

To streamline and modernise its Azure cloud security, ON2IT required a solution that would:

• Drive agile, secure digital transformation in the cloud, free from threats.
• Ensure rapid, trusted, low-risk deployment.
• Reduce the complexity of cloud security management.
• Unify and simplify security management.

ON2IT is a Palo Alto Networks “Diamond Innovator” and a previous “Global Managed Service Partner of the Year.” With this immense experience at hand, ON2IT was eager to implement Palo Alto Networks Cloud NextGeneration Firewalls (Cloud NGFWs) for Azure.

Live for six months, the Azure-native managed service uses the power of AI and ML to stop more zero-day exploits with Layer 7 applications-based Zero Trust policies. It also gives ON2IT the flexibility to easily extend security to Azure for both cloud-native and migrated applications. Enabling CDSS solutions such as WildFire will also give ON2IT protection against zero-day attacks.

“It’s a one-click solution,” says Rob. “It’s as simple as saying, ‘I want that firewall’ – and, at the backend, Palo Alto Networks makes it happen. The firewalls are deployed, the networks are created, and we can send traffic through. It removes a lot of complexity and it scales automatically.”

“In the past, for example, running a new service took time and complexity. You needed to deploy the IP addresses, perform the load balancing, make the configurations, and execute other tasks. That’s now all completed in two minutes and a few clicks versus what was previously three hours of work.”

The platform is also seamlessly connected with Panorama management for hybrid and multi-cloud security. “Panorama clients can use their existing Next-Generation Firewall workflows and integrations for their Azure deployments,” says Rob. “There’s no requirement for retraining.”

ON2IT uses an array of unified Cloud-Delivered Security Services (CDSS) to enhance the protection surrounding Palo Alto Networks Cloud NGFWs for Azure. This includes WildFire, DNS Security, Advanced Threat Prevention, Advanced URL Filtering, and Advanced Threat Protection. “With WildFire intelligence, for example, we are preventing unknown malware variants, protecting users before a threat can enter the network.” Advanced Threat Prevention raises the bar in protection against vulnerabilities being exploited and C2 communications from workloads that have been potentially compromised with tools like Cobalt Strike.

All of this is a revelation for an MSSP like ON2IT. Maurice Schiffer, Sales Manager at ON2IT explains, “You get all the features of a normal Palo Alto Networks ML-Powered Next-Generation Firewall deployment without any of the complexity. It’s all there in a box.”

The benefits of this cloud workload security platform include:

• Firewall deployment time is reduced from two days to 30 minutes: Procuring, configuring, and managing Cloud NGFW for Azure is simple. It can also be procured through the Azure Marketplace. Maurice explains, “We’ve cut the time needed to deploy a software firewall from two days to 30 minutes. If you deploy it yourself in Azure, you need to figure out the cloud environment, where it fits within the client environment, and then configure the firewall.”
• Unified management: ON2IT can leverage the Azure portal to create and manage Cloud NGFW for Azure resources. The integrated Palo Alto Networks Panorama management suite then provides comprehensive, agile security policy management. This, together with true Layer 7 application-based visibility and control with App-ID policies, allows for a simple Zero Trust-based policy creation, which ON2IT delivers to its customers.
• Reduced total cost of ownership: This modern software firewall means there is no infrastructure to manage and zero maintenance. ON2IT can scale to meet unpredictable capacity needs, and Panorama simplifies management. All of this results in reduced resources, an agile SOC environment, and reduced costs.
• Adaptive, agile security: ON2IT and its clients can easily extend security from on-prem to Azure. Panorama ensures reuse of existing NGFW workflows and integrations (including centralised logging and visibility) for Azure deployments. No training is required.
• Increased protection against threats: Palo Alto Networks CDSS capabilities included as part of the Cloud NGFW for the Azure platform raise the bar in protection against known and unknown threats when compared with basic cloud-native firewall capabilities.

Learn more about Palo Alto Networks on the website where you can also read many more customer stories.