These third-party platforms can also help find all the rules that apply to individual devices, which comes in handy for Forester, who is moving Emdeon servers from Nashville to a new data center in Memphis. Tufin's SecureTrack software finds all the existing firewall rules pertaining to each server so the rules can be transferred to the Check Point firewalls located in Memphis, he says.
In general, Gartner says businesses should stick with a single firewall vendor, but it also realizes that is not always practical in large companies, Young says. Keeping firewalls optimized and compliant without these tools is a much greater task he says.
Alternatives that are used by businesses are generally manual, including making entries about changes in Excel spreadsheets that have to be analyzed by hand. He says these lists get out of date and then administrators have to look around for the information they need. "Some of it may be in the Check Point console and then Fred knows what's happening on the Cisco console," Young says. ""Nothing will ever replace a really knowledgeable firewall administrator, but it removes complexity."
For large companies, the software probably makes sense, he says. A business that might spend US$10 million to US$20 million on firewalls, for instance, would spend about US$50,000 on these tools, so it represents a proportionally small investment, Young says. The demand for these products is not enormous, and the total sales for this type of product is US$100 million or less, he says.
"It solves an irritation problem rather than being a show-stopper. It adds oil to the machinery," Young says.