Proof of Value
Proof of Value (PoV) of OneFirewall Solution
Introduction
OneFirewall is an advanced threat intelligence sharing platform designed to prevent cyber attacks in real time. By leveraging a comprehensive threat intelligence database, OneFirewall matches network traffic against known threats and provides actionable insights to enhance network security.
Objective
The Proof of Value (PoV) aims to demonstrate the efficacy of OneFirewall in identifying and mitigating potential cyber threats within an on-premises environment, including private cloud infrastructures. This is achieved by installing a Virtual Machine (VM) running the OneFirewall platform and analyzing edge traffic logs to detect malicious activities.
Scope
-
Installation and Setup:
- Deploy a Virtual Machine with OneFirewall within the on-premises environment.
- Ensure compatibility with the existing private cloud infrastructure.
-
Traffic Logging:
- Enable the logging of edge traffic to the OneFirewall VM.
- Configure the system to capture and forward all relevant network traffic for analysis.
-
Threat Analysis:
- OneFirewall will continuously monitor and match the incoming traffic against its extensive threat intelligence database.
- Provide real-time insights and alerts on any detected malicious actors attempting to penetrate the network perimeter.
Process
1. Preparation
- Obtain the OneFirewall VM image and necessary installation files.
- Identify the appropriate on-premises environment or private cloud instance for deployment.
2. Installation
- Deploy the OneFirewall VM in the selected environment.
- Configure network settings to ensure the VM has access to the necessary traffic logs.
- Verify the installation and connectivity of the VM within the network.
3. Configuration
- Enable logging of all edge traffic to the OneFirewall VM.
- Set up necessary permissions and integrations for comprehensive traffic analysis.
4. Monitoring and Analysis
- OneFirewall begins real-time monitoring of network traffic.
- Traffic is analyzed against the threat intelligence database to identify and classify potential threats.
- Generate reports and alerts based on the analysis to provide insights into malicious activities.
5. Evaluation
- Assess the volume and nature of detected threats.
- Evaluate the responsiveness and accuracy of OneFirewall in identifying and mitigating potential cyber threats.
- Gather feedback from network security personnel regarding the usability and effectiveness of the OneFirewall platform.
Deliverables
- Installation Report: Documenting the setup process and initial configuration of the OneFirewall VM.
- Traffic Analysis Report: Detailed insights into the detected threats, including types of attacks, sources, and frequency.
- Evaluation Report: Comprehensive assessment of OneFirewall’s performance during the PoV, highlighting key findings and areas for improvement.
Conclusion
The PoV of OneFirewall aims to showcase the platform’s capability to enhance network security through real-time threat intelligence and monitoring. By successfully deploying and evaluating OneFirewall within an on-premises environment, stakeholders can make informed decisions about its potential long-term integration into their cybersecurity strategy.
VM Requirement
| Component | Min Requirement |
|---|---|
| CPU/vCPU | 16 |
| RAM | 48GB |
| Disk | 1TB SSD |
Network connectivity
| Direction | Service | Reason |
|---|---|---|
| Inbound | 514/UDP | Syslog traffic |
| Inbound | 443/TCP | UI and API Platform Access |
| Inbound | 21/TCP | SSH Console access for installation |
| Outbound | 443/TCP | Access Cloud Feeds at https://app.onefirewall.com/api/v1 |