- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - Anyone running multiple firewalls in a complex, enterprise environment knows how difficult it can be to catch misconfigurations, avoid conflicting rules, identify vulnerabilities and meet auditing and compliance mandates.
In this test, we look at five firewall operations management products: AlgoSec's Firewall Analyzer, RedSeal's Network Advisor and Vulnerability Advisor, Secure Passage's FireMon, Skybox's View Assure and View Secure and Tufin's SecureTrack. (See how we conducted our test.)
We found that these products perform similar core functions: they retrieve configuration files of firewalls (and other network
devices), store the data and analyze it. They can look at change history, analyze existing rules, perform rules-based queries,
re-order rules, and send out alerts, if policies are violated. They can also create automated compliance audit analysis and
In addition, they can do modeling and wargame analysis based on a snapshot-in-time version of the real network. Plus, Algosec, RedSeal and Skybox can provide network diagrams and topology views of the underlying networks.
Overall, we were most impressed with RedSeal and Skybox, which cover all the basics, plus have the added benefits of being able to support multiple vendor vulnerability scanning products, which can calculate the network's risk scores and run vulnerability analyses on your whole network. However, we were impressed with all of the products.
Algosec's Firewall Analyzer had an intuitive interface and came with predefined standard audit and analysis reports. Installation was simple and the program offered a wizard for easy data collection.
Network Advisor and Vulnerability Advisor from RedSeal answered questions on how well the network is configured to protect from Internet threats. The programs generate vulnerability reports showing weaknesses in the network, and contain pre-configured compliance management reports in pdf and xml formats.
FireMon from Secure Passage performs real-time analysis on device configuration and stays current by using an automated analysis of compliance guidelines. There is a wizard to import device information en mass for large networks.
Skybox View Assure and Skybox View Secure can automate the collection schedule of configuration files by the hour, day, week, month or year. A built-in ticketing system supports access change tickets and policy violation tickets.
SecureTrack from Tufin has a What-If analysis feature to test changes to policies before they are implemented. Pre-defined analysis and reporting options are based on industry best practices.
We tested AlgoSec's Linux-based Firewall Analyzer software package, which consists of an analysis engine, collection engine, Web server, administrative GUI for local and remote administration, and user, policy storage, and syslog databases.
The analyzer engine runs queries on the data collected, based on predefined or custom rules, and then generates a detailed report. The Web server sends e-mail alerts to the firewall manager.