Case Study

Validating Firewall Configuration Against CIS Benchmarks

A well-established British institution operated a complex internal network for hundreds of users and a sophisticated technology estate. With a strong in-house IT team of experienced technical staff and a well-developed security posture, the question wasn't about competency, but whether anything had been overlooked.

Download Case Study PDF
british insitution 2

In this story

Formation Tech were engaged to review the configuration of the institution's firewall against the CIS benchmark using Formation Tech's AI-driven audit tool. Despite the customer's high confidence in their in-house configuration, the audit identified a remote access configuration that was not aligned to best practice and was leaving the organisation exposed, surfacing the kind of finding that even highly capable internal teams can miss.

Challenges

Validating the Configuration of a Critical Edge Device

The firewall is one of the most important edge devices in any organisation's network. It governs how traffic enters and leaves the environment, and a misconfiguration, however small, can quietly undermine the security posture of everything that sits behind it. The challenge is not whether firewalls are being managed; in most organisations, they are. The challenge is whether the configuration that has accumulated over months or years still aligns with current best practice.

The CIS benchmark, maintained by the Center for Internet Security, sets out the consensus standard for what good firewall configuration looks like. Aligning to it is one of the most effective ways to reduce the attack vector at the network edge, often through simple, clear changes that materially improve security posture. But validating that alignment manually, against a live and evolving configuration, is time-consuming and easy to deprioritise.

For this institution, the question was a practical one: how aligned was the in-house firewall configuration to the CIS benchmark, and was there anything in the current setup that warranted attention? The IT function was highly capable and had configured the firewall in-house over a period of time. They were confident in their work, and they wanted to put that confidence to the test.

Solution

An AI-Driven CIS Benchmark Audit

Formation Tech were engaged to review the configuration of the institution's firewall using Formation Tech's AI-driven audit tool. The tool is designed specifically to assess how compliant a firewall configuration is against the CIS benchmark, surfacing both alignment and gaps in a clear, structured report. Rather than a generic security review, the audit gives organisations a precise view of where their configuration sits relative to a recognised industry standard.

Customer files are secured with military-grade encryption both in transit and at rest. All data is stored and processed exclusively in a UK-based Google Cloud environment, ensuring compliance with UK and EU data laws. A proprietary AI handles analysis internally, meaning customer files are never sent to external services.

The audit produced a number of recommendations. One of these concerned the remote access capabilities enabled on the firewall. The customer initially considered the finding a false positive, their internal team had a good degree of confidence that the configuration was not actually exposed in the way the report suggested. On further review, however, with the detailed report in hand, it became clear that the remote access had in fact been enabled in a way that was not aligned to best practice, and was leaving the organisation exposed in a way the team had not appreciated.

The finding was validated, reviewed with the customer, and addressed, closing down an exposure on one of the most critical edge devices in the network.

Outcomes

Independent Assurance on Critical Edge Configuration

The engagement delivered exactly what an independent, benchmark-based audit is designed to deliver: a precise, evidenced view of how the firewall was actually configured, and identification of a specific, material misalignment that even a highly capable in-house team had not surfaced. By moving from internal confidence to externally validated assurance, the institution closed down a real exposure and gained a clear baseline against which future changes can be measured.

More broadly, the case illustrates the value of independent audit regardless of how a firewall is being managed. For organisations that rely on a third-party MSP, an audit validates that the service provider is genuinely delivering the standard expected, useful peace of mind for any business paying for managed security. For organisations managing their firewall in-house, an audit validates the work of their own team, useful peace of mind for any IT function that has been doing the job well for years but wants an independent check against current best practice.

For this customer, the outcome was both specific and strategic: a real misconfiguration resolved, and an established mechanism for validating one of the most important edge devices in the network against a recognised industry benchmark.

2

CIS

Configuration audited against the recognised industry benchmark
Consolidation of suppliers from 2 to 1

AI-driven

Automated, structured assessment of firewall configuration

 

Single application for voice and collaboration

1

Critical remote access exposure identified and resolved 

2030

Independent

Validation regardless of in-house or MSP management 

Book a Discovery Call

Unlock the potential of your business, we'll learn about your challenges and show where your security posture really stands.