Proof of Value (PoV) of OneFirewall Solution
Introduction
OneFirewall is an advanced threat intelligence sharing platform designed to prevent cyber attacks in real time. By leveraging a comprehensive threat intelligence database, OneFirewall matches network traffic against known threats and provides actionable insights to enhance network security.Objective
The Proof of Value (PoV) aims to demonstrate the efficacy of OneFirewall in identifying and mitigating potential cyber threats within an on-premises environment, including private cloud infrastructures. This is achieved by installing a Virtual Machine (VM) running the OneFirewall platform and analyzing edge traffic logs to detect malicious activities.Scope
-
Installation and Setup:
- Deploy a Virtual Machine with OneFirewall within the on-premises environment.
- Ensure compatibility with the existing private cloud infrastructure.
-
Traffic Logging:
- Enable the logging of edge traffic to the OneFirewall VM.
- Configure the system to capture and forward all relevant network traffic for analysis.
-
Threat Analysis:
- OneFirewall will continuously monitor and match the incoming traffic against its extensive threat intelligence database.
- Provide real-time insights and alerts on any detected malicious actors attempting to penetrate the network perimeter.
Process
1. Preparation
- Prepare a Linux-based virtual machine (Ubuntu, Debian, Red Hat, or equivalent) with Docker and Docker Compose installed.
- Ensure the selected on-premises environment or private cloud instance meets all network and permission requirements needed for deployment.
- Provide the required access credentials (i.e. VPN, VM credentials with sudoers rights) to the OneFirewall team, who will handle the setup and configuration.
2. Installation
- The OneFirewall OnPrem Solution — a fully containerized ecosystem orchestrated via Docker Compose — will be deployed and configured by OneFirewall staff, equipped with a PoV License.
- Verify network connectivity to ensure the solution can access and process the necessary traffic logs.
- Perform final installation and connectivity checks to confirm the solution is fully operational within the infrastructure.
3. Configuration
- Enable logging of all edge traffic to the OneFirewall VM.
- Set up necessary permissions and integrations for comprehensive traffic analysis.
4. Monitoring and Analysis
- OneFirewall begins real-time monitoring of network traffic.
- Traffic is analyzed against the threat intelligence database to identify and classify potential threats.
- Generate reports and alerts based on the analysis to provide insights into malicious activities.
5. Evaluation
- Assess the volume and nature of detected threats.
- Evaluate the responsiveness and accuracy of OneFirewall in identifying and mitigating potential cyber threats.
- Gather feedback from network security personnel regarding the usability and effectiveness of the OneFirewall platform.
Deliverables
- Installation Report: Documenting the setup process and initial configuration of the OneFirewall VM.
- Traffic Analysis Report: Detailed insights into the detected threats, including types of attacks, sources, and frequency.
- Evaluation Report: Comprehensive assessment of OneFirewall’s performance during the PoV, highlighting key findings and areas for improvement.
Conclusion
The PoV of OneFirewall aims to showcase the platform’s capability to enhance network security through real-time threat intelligence and monitoring. By successfully deploying and evaluating OneFirewall within an on-premises environment, stakeholders can make informed decisions about its potential long-term integration into their cybersecurity strategy.VM Requirement
| Component | Basic | Recommended |
|---|---|---|
| CPU/vCPU | 8 | 16 |
| RAM | 32GB | 48GB |
| Disk | 750GB SSD | 1TB SSD |
Network connectivity
| Direction | Service | Reason |
|---|---|---|
| Inbound | 514/UDP | Syslog traffic |
| Inbound | 443/TCP | UI and API Platform Access |
| Inbound | 22/TCP | SSH Console access for installation |
| Outbound | 443/TCP | Access Cloud Feeds at https://app.onefirewall.com/api/v1 |