Skip Links

New Data Center Cloud Computing
  :: The virtual blind spot :: CLEAR CHOICE TEST: Firewall management
:: How to seed security into the cloud :: Hungry for virtual server security

THE NEW DATA CENTER ARCHIVE: Storage, Security, Mobility and more….
NDC Archive

Review: Firewall operations management

Skybox, RedSeal lead the way among five vendors who offer tools to make your firewalls more efficient and effective

By Rob Smithers, Network World
July 12, 2010 12:00 AM ET

Network World - Anyone running multiple firewalls in a complex, enterprise environment knows how difficult it can be to catch misconfigurations, avoid conflicting rules, identify vulnerabilities and meet auditing and compliance mandates.

Hungry for virtual server security

In this test, we look at five firewall operations management products: AlgoSec's Firewall Analyzer, RedSeal's Network Advisor and Vulnerability Advisor, Secure Passage's FireMon, Skybox's View Assure and View Secure and Tufin's SecureTrack. (See how we conducted our test.)

We found that these products perform similar core functions: they retrieve configuration files of firewalls (and other network devices), store the data and analyze it. They can look at change history, analyze existing rules, perform rules-based queries, re-order rules, and send out alerts, if policies are violated. They can also create automated compliance audit analysis and reports.
In addition, they can do modeling and wargame analysis based on a snapshot-in-time version of the real network. Plus, Algosec, RedSeal and Skybox can provide network diagrams and topology views of the underlying networks.

Overall, we were most impressed with RedSeal and Skybox, which cover all the basics, plus have the added benefits of being able to support multiple vendor vulnerability scanning products, which can calculate the network's risk scores and run vulnerability analyses on your whole network. However, we were impressed with all of the products.

Algosec's Firewall Analyzer had an intuitive interface and came with predefined standard audit and analysis reports. Installation was simple and the program offered a wizard for easy data collection.

Network Advisor and Vulnerability Advisor from RedSeal answered questions on how well the network is configured to protect from Internet threats. The programs generate vulnerability reports showing weaknesses in the network, and contain pre-configured compliance management reports in pdf and xml formats.

FireMon from Secure Passage performs real-time analysis on device configuration and stays current by using an automated analysis of compliance guidelines. There is a wizard to import device information en mass for large networks.

Skybox View Assure and Skybox View Secure can automate the collection schedule of configuration files by the hour, day, week, month or year. A built-in ticketing system supports access change tickets and policy violation tickets.

Quiz: Do you know security?

SecureTrack from Tufin has a What-If analysis feature to test changes to policies before they are implemented. Pre-defined analysis and reporting options are based on industry best practices.

AlgoSec Firewall Analyzer

We tested AlgoSec's Linux-based Firewall Analyzer software package, which consists of an analysis engine, collection engine, Web server, administrative GUI for local and remote administration, and user, policy storage, and syslog databases.

The analyzer engine runs queries on the data collected, based on predefined or custom rules, and then generates a detailed report. The Web server sends e-mail alerts to the firewall manager.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News