Skip Links

Firewall audit dos and don'ts

Real-world advice on choosing and implementing firewall audit products

By Neil Roiter, CSO
May 10, 2010 06:01 PM ET

CSO - Firewall audit products are maturing, but the product class is still a relatively young, small market, defined by compliance requirements. You have a fairly limited choice of vendors, including Tufin Software Technologies, AlgoSec, Secure Passage and Athena Security, which all come with firewall audit pedigrees, and RedSeal Systems and Skybox Security, which are primarily vendors of risk-mitigation tools, and so go beyond firewall audit to feature sophisticated risk-assessment and risk-management capabilities.

Take the time to define your requirements, narrow down your choices and put candidates to the test.

See the companion article Firewall audit tools: features and functions on CSOonline.com

DO look at platform and device coverage. These products generally support all the major firewall vendors and some others, as well as major network devices, so you should be covered. Take both present and future needs into account. For example, you may run a single platform across the organization now, but future acquisitions may run on other vendors' infrastructures. These tools should be able to help whether you plan to migrate onto a single platform or continue to manage several while still realizing the efficiencies they promise. See if the vendor has a software development kit that can allow it to integrate with unsupported platforms.

Check that coverage for network devices is included. There are a couple of considerations here. First, it may be important to you to clean up and optimize access control lists on your routers, and second, routers are increasingly featuring more built-in security capabilities.

DON'T overlook scalability. Those vendors that focus largely on enterprise deployments claim they can scale up to thousands of devices. Determine what that actually means in terms of management and the ability to perform under stress.

"In addition, the magnitude of environment brings huge demands on technology and methods that can be used," says the telecommunications company security officer. "What in a smaller company can be rock solid may not be applicable in a big environment. You need be cautious about the limitation of technology."

Choose with growth in mind. Even if a product scales to your current requirements, how well-suited is it to meet greater demands as the business grows, services are added, acquisitions are integrated and traffic increases?

DON'T buy more than you need. Some of these products are aimed at complex, heterogeneous environments with hundreds of firewalls and network devices. Measure the tool's capabilities and cost against your environment. If your firewall environment is relatively simple and static and your traffic is fairly predictable, choose a less-expensive product that you can apply initially for your optimization project and periodically to keep your firewalls under control.

DO put these products to the test once you narrow your choices to those that claim to meet most of your requirements.

"Pick two or three of your favorites and bake them off in real-world situations," says John Kindervag, senior analyst at Forrester Research. "The nice thing about firewall-auditing products is that you can test them on a live production environment because they are passive tools."

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News