How to manage your multivendor firewalls like a pro
- — 28 December, 2007 07:40
Auditing firewalls to keep regulators happy and tracking rule changes - especially for businesses buying firewalls from multiple vendors - is a burden that a variety of third-party software can lighten dramatically.
Software from vendors AlgoSec, Secure Passage and Tufin, can report firewall statistics to prove compliance with industry and government standards, and it can consolidate rules so firewalls run more efficiently, customers say.
"That's very different from what individual firewall vendors do," says Greg Young, a research vice president at Gartner. "[Third parties] respond more to audit compliance and the real-world regulatory compliance that companies need."
Young says individual firewall vendors have tools to configure and logs to record rules changes, but don't have the capability to simulate inserting new rules in existing rule sets to see their impact. AlgoSec, Secure Passage and Tufin are the only vendors he knows of that offer this type of functionality, and they do so only for the major firewall vendors, Check Point, Cisco and Juniper.
Adam Forester, supervisor of network security for medical transaction processing firm Emdeon Business Services, says he turned to Tufin because Check Point tools couldn't do as good a job optimizing his 100-plus firewalls.
"I needed the real optimization, being able to go through the policy and say this rule is using services that another rule is also using and you can eliminate this rule. Check Point's products just do not do that," Forester says.
Tufin software runs through a firewall's rule set in less than five minutes, drastically cutting the time it would take to do the same optimization manually, he says. "We would spend a couple of months going through logs manually, printing out the entire rule base and just going through it by eye," he says. He says the software reduced the number of rules in one firewall from about 600 to 200, reducing the CPU power demanded to process traffic.
Trimming down the number of firewall rules means it is simpler to audit them, says Gartner's Young. That translates into lower prices for audits because they take less time, he says.
This type of software can help with regulatory audits, as well. For instance, when it came to meeting firewall security regulations, AXA Technology Services turned to AlgoSec's Firewall Analyzer. It can generate reports that help out demonstrating compliance with the Sarbanes-Oxley Act (SOX) and PCI industry standards, says Dan Raymonda, a technology specialist for the company. AXA Technology is the centralized IT provider for other AXA operating companies.
He says the AlgoSec gear generates reports that let him know whether his firewall rule-sets are within the range of compliance standards set for PCI.
AXA is more concerned about SOX compliance, and Raymonda uses the AlgoSec software to assess the risk of new firewall rules proposed by AXA operating companies.
Those risk-assessment reports are reviewed by the requesting operating company, which determines whether the risk is acceptable in light of SOX requirements, he says.
The software can gather data for risk assessment from multiple firewalls based on a single instruction. So if he needs to assess a new rule for external firewalls, he doesn't have to deal with each one individually. Instead the AlgoSec platform deals with them as one group and analyzes it, saving time and reducing errors.
"Everybody has made an error here or there in positioning a firewall rule," he says. "To have [Firewall Analyzer] do the calculations of literally millions and millions of potential access methods and evaluate it and come up with a risk assessment is just a godsend."
Raymonda says he has the AlgoSec software configured to poll firewalls regularly on its own to perform routine compliance checks.