Working in partnership with Symantec Managed Security Services — which monitors alerts on the new platform on behalf of STW — Ceglarek is developing network-activity baselines, setting up rules for firewall security, and identifying new opportunities to streamline performance or to further tighten security.
"We've done it in conjunction with a partner to turn on basic security, really capture what's going on for a couple of months, and really tell what needs to be clamped down on," he explains. "We don't have the resources to sit and watch firewall logs all day, but the Symantec guys do that for us - and they're getting a lot more data to work with."
The new platform is producing enough detailed information that STW is getting reports on activity it never even knew was happening in the past.
"Any suspected funny business that's going on, we find out about straight away," he said. "This never used to happen with the old firewalls; not only did they not capture that stuff, but they weren't looking for it."
A "very rich" set of reporting tools has helped make sense of that data — and, over time, it has become easier for the STW team to identify what has can stay and what has to go.
"It takes a bit of time," Ceglarek said, "because you have to watch and see how traffic responds. But you start to see what sort of apps are flowing through your network, what you can optimise for, and what you should be blocking."
Sign up for Computerworld eNewsletters.