When I first got to the client site, they had a fairly mature Network Model that they had neglected for a number of months. There were a large number of unplaced objects that had been captured by their automated configuration update system, their version was out of date and they had a backup appliance that had been lost/misplaced in transit to their disaster recovery datacenter. The client also wanted a full reconciliation of their CDE, DMZ and user subnets as well as customized device hardening/Best Practice Checks. While working through the physical and logistical steps of locating and deploying the backup appliance, upgrading and testing all systems, I was able to quickly reconcile the client's master list of subnet designations against the corresponding RedSeal containers, making adjustments where necessary. I was able to clean up the Network Topology map by sorting and correctly placing the objects which had been neglected over time and additional devices and subnets discovered when I migrated the RedSeal system over to the client’s new CMDB. I have addressed the client's Model Issues and was able to greatly reduce the number of reported violations by identifying devices requiring remediation, correcting device displays within RedSeal and, where appropriate and documented, by suppressing instances approved by client management. I have highlighted a number of legacy network connections that RedSeal identifies as potential access (and threat) vectors which are not in use due to routing policies and have also identified unexpected connectivity currently available into subnets thought secure. RedSeal was able to quickly identify the connectivity and the firewall rules (by line number) which were permitting this access. With this information, the client’s security architects were immediately able to research business decisions behind this access and take appropriate actions. In certain cases, this lead to changes in network configuration and in others, this resulted in the business decision being documented and approved within RedSeal itself. One of the most effective and immediate results we were able to present revolved around the client's desire to review, standardize and harden their device configurations. I was also able to craft custom Best Practices Checks (BPC), using RegEx and JavaScript, to have RedSeal automatically check their router and firewall configurations for the company's customized list of device hardening criteria. With these BPCs scheduled in tandem with the daily device configuration updates, I was able to create a series of customized reports to direct remediation efforts. For the engineering teams, I was able to identify devices, by rule violation matched with the configuration change steps required to correct the issue. For management, I was able to create and schedule a periodic report which summarizes the violations and displays the (downward) trending counts across product lines, specific devices and specific rules.