Challenge
Liquid Networx started with a strong security foundation focused on the data center. However, as most of the staff transitioned to fully remote work, they faced new security challenges. Remote employees relied on home network setups and endpoint protection as the primary means of security, this created numerous additional attack vectors that threat actors could exploit.
Services/Solutions
In response, FortiSASE was deployed, integrating it with its existing Fortinet Security Fabric. This provided remote users with the same enterprise-grade security as the data center, including web filtering, intrusion prevention, and zero-trust access, vastly reducing the attack vectors.
Business Impact
The rollout was seamless, improving visibility, access control, and threat response while ensuring a frictionless user experience. Now, staff operates with enhanced security, simplified management, and greater confidence in protecting both its workforce and its clients, from the data center and beyond.
A Legacy of Connectivity and Security
For 30 years, Liquid Networx has helped businesses throughout the United States build digital connectivity. Originally a broker for telecommunications carriers, Liquid Networx is now primarily an IT consulting firm and managed service provider.
Liquid Networx provides break-fix support, implementations, network designs, and system configurations for customers of all sizes. We are based in San Antonio but do not focus on a specific region or vertical. We have customers coast to coast in every industry you could imagine. The commonality of our customers is that they are Fortinet shops. Our solutions are Fortinet-centric.
Most of Liquid Networx’s staff works remotely except for some individuals who manage hardware in the data center. Keeping the data center, key cloud resources, and the remote workforce safe is a top organizational priority. Because Liquid Networx provides professional services, we are constantly targeted by threat actors. A successful attack would be extremely detrimental to our business. People will not trust a professional service organization that gets breached, so we must secure our internal systems to protect our reputation before we do anything else.
Fortinet: The Backbone of Resilient Security for Liquid Networx
To secure our data center infrastructure and networks, Liquid Networx relies on the Fortinet Security Fabric. FortiGates (NGFW) protects the network perimeter for the primary data center and FortiSwitch advanced ethernet switches provide secure and reliable network speeds for all hardwired endpoints. Fortinet surveillance systems with a FortiCamera and FortiRecorder are used to secure the entire physical facility. FortiAP access points provide wireless connectivity and security for the entire data center. FortiTester supports network security testing and FortiConverter streamlines customers’ migration to FortiGate NGFWs.
All the company’s endpoints run the FortiEDR endpoint detection and response solution, with the FortiAuthenticator User Identity Solution providing multi-factor authentication and FortiNAC network access control securing access to data center resources. The FortiMail email security solution protects Liquid Networx’s Microsoft 365 environment, complementing the productivity suite’s native protections via application programming interface (API) integration. Liquid Networx manages the environment using the FortiManager platform, this provides a “single pane of glass” style application interface to make managing all of the integrations as seamless as possible.
This Fortinet infrastructure has been in place for years, and the solutions have all been exceptional. Through the Fortinet solutions, we see threats coming in all the time, and we remediate all of them. We have been doing this work for quite some time now, and we have not experienced a material breach or ever had any information stolen. The Fortinet infrastructure is doing exactly as intended. That said, several months ago, Liquid Networx saw an opportunity to strengthen security for its remote employees further.
Elevating Security for a Highly Distributed and Mobile Workforce
The vast majority of Liquid Networx employees work from home. Our engineers have their own FortiGates and FortiSwitches, but our project managers, NOC [network operations center] staff, account consultants, and sales team were being protected only by the infrastructure they had set up in their homes and FortiEDR on their endpoints. We wanted to deploy the full capabilities of the Fortinet Security Fabric to each of our remote users. In addition, Liquid Networx’s executive team travels frequently. Some of our managers are regularly working in hotels and airports. We needed to better lock down systems amid all that travel.
A secure access service edge (SASE) solution was deployed to improve access controls to its cloud and on-premises applications for all staff. FortiSASE was deemed the best option to accomplish this. Most Fortinet competitors charge for bandwidth used, this was not a sustainable and cost-effective method because Liquid Networx wants always-on connectivity for our remote workers. Another consideration was wanting our SASE solution to integrate tightly with our FortiGates in the data center. That architecture is not possible with some of the competitors because of how they deliver SASE.
FortiSASE: Strengthening Security for a Highly Mobile and Remote Workforce
As of three months ago, Liquid Networx has been utilizing a full FortiSASE stack. Deployment went very well. Our engineering team was our pilot group, and a majority of them were rolled out within a week. Now we have up to almost 50 users. Rollout has been fast and fairly easy. What we are doing with FortiSASE today is largely secure internet access. We have enabled FortiSASE web content filtering and antivirus, DLP [data loss prevention], and IPS [intrusion prevention system] capabilities for all our users. We are also sandboxing files as appropriate, something we could not do before. Having Fortinet’s full UTM [unified threat management] functionality sitting in front of our remote users has drastically improved our security posture.
FortiSASE is a mandatory requirement for all administrative access here at Liquid Networx. Admin accounts are accessible only from the FortiSASE IP addresses. Soon we are going to lock down all user access to our cloud apps, as well, so that everyone will have to come through FortiSASE to reach them, including Microsoft 365. That is the next level.
There is no concern about productivity or accessibility with the FortiSASE solution. The beauty behind FortiSASE, is that it has not negatively impacted our users’ day-to-day workflows in any way. In many cases, they do not even know they are protected. All they know is that they installed FortiClient. The FortiSASE integration with Active Directory and SAML [Security Assertion Markup Language] authentication has simplified our user logins by giving us a single sign-on through FortiSASE. In one instance, a user left a video conference open during an entire flight, the only traffic that was exposed was the SASE Tunnel, providing clear feedback the solution was working.
Secure Access, Better Visibility, and Faster Threat Response
For Liquid Networx’s network administrators, FortiSASE has substantially improved visibility. Most of our users are admins on their systems, so they can install whatever technologies they need. Before FortiSASE, we did not always know what everyone had installed. Now, FortiSASE gives us information about which applications are on each endpoint. So, if, for example, a vulnerability comes out in an application that some of our engineers use, we know where to go to respond to that zero-day threat. If a user complains about access to a cloud application, we can use FortiSASE digital experience monitoring to troubleshoot.
Liquid Networx intends to eventually add Fortinet’s SOC-as-a-Service and FortiGuard Forensics capabilities to further tighten security and gain additional eyes on our security environment. Currently, our team can respond more quickly in the event of a security incident.
FortiSASE is particularly helpful in staging equipment before it goes out to customer sites. We have a secure staging area inside our SOC 2 Type 2 data center. We stage thousands of devices—mostly FortiGates, FortiSwitches, and FortiAPs—every year. One complication of our business model is that remote workers need access to the staging area. We have put FortiGates in front of the staging area and leveraged the SPA [Secure Private Access] functionality inside FortiSASE to provide our team with access to that part of the data center, allowing technicians to stage equipment.
FortiSASE has strengthened security on some of the older applications that the firm is running on-premises in the data center. Before, we had to expose those applications to the Internet so that staff could use them. Now, FortiSASE enables us to have a ZTNA [zero-trust network access] proxy on the front end of those applications.
Ask Us About Our FortiSASE Offerings
Ready to strengthen your cybersecurity and simplify IT management with FortiSASE? Contact us today to see how Liquid Networx can help secure your business for the future.
Contact Form
"*" indicates required fields