Firewall audit tools: features and functions

By Neil Roiter, CSO |  Software, firewall

"There's nothing more embarrassing or devastating to an organization than when you tell an auditor, 'This is how we do it,' and when they look, there is no semblance of what you said," says Jeff Sherwood, principal security strategist for H&R Block, a Secure Passage customer. "Now we can come out of the gate and say, 'This is what we do and here is proof we do it.'"

While compliance automation may be sufficient justification for their implementation, firewall audit tools also offer tangible business benefits that go beyond surviving the audit ordeal.

Performance and Optimization: This is a prime function of all these tools. Firewall performance degrades because excessive rules eat up CPU cycles, and critical access rules are situated too far down in the hierarchy because when additions were made, the focus was on speed of implementation, rather than on optimizing the configuration. Firewall audit tools clean up redundant rules and requests for service that have already been enabled, and flag rules that apply to objects that are no longer in use or even in existence.

Also see SIEM Dos and Don'ts

Optimizing firewalls and network devices can improve performance problems that companies might otherwise have had to throw new hardware at. Benefits will be even more noticeable as traffic increases.

Business Continuity: Performance and optimization issues can seriously slow or even bring down critical business processes. This costs the business not only revenue, but also the man-hours it must spend to deal with the problems.

"Before, our team was heavily weighted--30 percent of their time--to firefighting, toward fault analysis and fault fixing," says Colin Miles, corporate network manager for U.K.-based Virgin Media, a Tufin Technologies user with a network infrastructure that includes more than 100 firewall pairs. "Since Tufin was implemented, that's turned to proactive capability, rule-based efficiency and optimization of the network, driving toward people savings."

Security: Complex configurations make security analysis very difficult. Obsolete or misconfigured rules can be exploited to give attackers access to sensitive data. Firewall administrators under pressure to fulfill business requests are likely to err on the side of granting too much access rather than too little. Firewall audit tools improve security by determining optimal rules and detecting unused and misconfigured rules.


Originally published on CSO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question