Firewall audit tools automate the impossible; AlgoSec adds next generation firewall support

By | February 15, 2012

Posted in: Network Security Trends

The growing firewall audit market is rapidly adjusting to the phenomena of  next generation firewalls (NGFW), which introduce the context of highly granular application and user ID controls and additional complexity to an already complex and difficult network firewall environment. AlgoSec, one of a handful of firewall audit vendors, has added NGFW support as the most significant enhancement in its latest release.

Firewall management is one of those terms that sounds simple but gets very, very complex and inefficient, especially in large, distributed, often heterogeneous enterprise networks. Change workflow management is essential if organizations are going to vet new or modified firewall rules, but the process is often manual and sluggish. The temptation is to make the change to meet management access requests for new applications, systems, partners, etc. Over time, firewalls become bogged down with obsolete, inefficient, even conflicting rules.

On an enterprise scale, managing complex firewall environments with  tens or hundreds of firewalls, each with thousands of rules, is beyond human capability. Firewall audit, aka firewall management tools are designed to analyze firewall rule sets to winnow the inefficiencies, automate change workflows and vet the impact of introducing new rules. There capabilities are also crucial for demonstrating regulatory compliance to auditors. Enterprises exhaust countless man-hours analyzing firewall and router configurations to produce audit reports, only to realize that they do not have a firm grasp on their network access controls and the change management processes that enable them.

(For a more in-depth discussion of firewall audit tools, check out my report.)

In addition to AlgoSec, firewall audit vendors include Tufin Software Technologies, FireMon and Athena Security, as well as RedSeal Systems and Skybox Security, which are primarily vendors of risk modeling and mitigation tools.

The new release of AlgoSec’s Security Management Suite introduces support for Palo Alto Networks’ next gen firewalls. Palo Alto created the NGFW space about four years ago, and has risen to prominence in the market, sharing the leadership position with Check Point in Gartner’s latest Enterprise Network Firewalls Magic Quadrant. Gartner predicts NGFW will comprise 35% of the installed firewall base by the end of 2014, so it is incumbent upon firewall audit vendors to vet new rules, analyze existing rule sets and manage automated workflows in much the same way they manage traditional firewalls. AlgoSec, although not the first to market in support of NGFW, says they are first to introduce what they characterize as intelligent tuning of NGFW rule sets based on performance, not simply static analysis.

The message here is to look carefully at what is actually meant by “support” for NGFW and determine how it meets your requirements. AlgoSec plans to add support for other next gen firewall vendors.

In terms of device support, AlgoSec can now manage web security gateways as well as firewalls, initially for Blue Coat Systems gateways. Web security gateways are becoming a security staple in many enterprises, restricting user access to malicious and compromised websites. The technology emerged as the Web became the prime attack vector, and URL filtering products, designed for acceptable use and user productivity, were clearly not up the task as web security products.

AlgoSec now also automates configuration management, analysis and workflow, to ensure that firewalls are and remain configured properly. They’ve also added service level agreement (SLA) management, so enterprises can monitor SLA status, identify issues (e.g. lack of security approval or implementation by network personnel) and prioritize requests – granting access to a new partner, for example – based on urgency and status.

Finally, AlgoSec has improved scalability. Now distributed enterprises have the option of  managing devices locally and collect data from them, but feed the information back to a central appliance for analysis, rather than manage the local devices through remote access.

You May Also Be Interested In: