Skip Links

Firewall audit tools: features and functions

By Neil Roiter, CSO
May 10, 2010 03:12 PM ET

CSO - Firewall audit tools automate the otherwise all-but-impossible task of analyzing complex and bloated rule sets to verify and demonstrate enterprise access controls and configuration change-management processes.

Although the market has been driven by compliance--it was essentially created by PCI DSS--these tools can also allow organizations to improve network performance, reduce downtime, improve security and reassign staff from shooting down firewall issues and analyzing configurations to taking on tasks that help grow the business.

The problems are familiar to organizations of all sizes--from those with just one or two overtaxed and inefficient firewalls, to large, distributed enterprises with scores or hundreds of firewalls administered by many business units, often all following different policies that may have been written before the units' acquisitions.

Also see Firewall audit dos and don'ts for practical implementation advice

Not long ago, 200-300 rules was considered excessive. Now, it's not unusual for firewalls to have many hundreds or even thousands of rules, many of which were rendered obsolete when IT operations added new rules to meet business requests but neglected to remove any old ones. Analyzing configurations for a few firewalls, let alone hundreds, has grown beyond the capacity of human computation.

Firewall Audit Tools: Key Benefits and Use Cases

Business efficiency and security may be the goals, but regulatory requirements frequently open up the budget. The firewall audit market, pegged by Forrester Research at $25 million to $30 million in 2009, is fueled by PCI DSS requirements to review firewall and router configurations every six months. These controls also typically come under scrutiny during internal, partner and other regulatory audits.

Enterprises exhaust countless man-hours analyzing firewall and router configurations to produce audit reports, only to realize that they do not have a firm grasp on their network access controls and the change-management processes that enable them.

"How do you demonstrate that a 2,000-rule set is robust and secure?" says a security officer for a telecommunications company, which uses SkyBox Security's SkyBox Assure solution. "It's impossible to do manually."

These automated tools run complex algorithms that evaluate the actual rules against corporate policies and best practices to identify gaps, verify changes and produce audit reports. They enable organizations to verify and document the entire configuration-management lifecycle to demonstrate to auditors that practice follows policy, and that changes were completed as authorized and grant the intended access.

"There's nothing more embarrassing or devastating to an organization than when you tell an auditor, 'This is how we do it,' and when they look, there is no semblance of what you said," says Jeff Sherwood, principal security strategist for H&R Block, a Secure Passage customer. "Now we can come out of the gate and say, 'This is what we do and here is proof we do it.'"

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News