Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Guarding the Guards: Page 2 of 2

Make Your Choice

Products are available as software or appliances. The products either connect directly to devices and import the rules, or process the rules from a file share. Obviously, grabbing the rules from the device provides the best real-time results, but if performance is a concern or if rules change daily, a file share makes more sense. In addition, the network operations group may not allow a security administrator to connect directly to their devices.

Depending on the size of the network and the capacity of the product, a single software deployment or appliance may be sufficient to monitor your organization's network. However, potential customers must ensure the product can scale.

For instance, Firemon can be installed with a master system that aggregates data from multiple collectors around the organization. Other products use one appliance or software installation to connect to all the devices.

The number of devices a single management system can handle depends on several factors, including the complexity of configurations being processed and the number of devices. For instance, 100 devices with fairly simple rule sets will tax a firewall management device much less than 20 devices with configurations of 10,000 lines.

Potential customers should also pay attention to the reports these products generate. Managers always want the high-level analysis so they can understand (or think they understand) what's going on. Auditors want detailed records to assess the evolution of your security posture. Internal staff may just want to see what's required to get the job done. Report formats that meet the demands of different user groups should be a key criterion for products on your short list.

Our Take
FIREWALL MANAGEMENT TOOLS
Misconfigured firewalls can expose an organization to attack. Software is available to ensure firewall rules match security policies.

Configuration management tools also reduce the time administrators must spend tracking and maintaining the rules.

In addition to reducing exposure, these products can help organizations meet industry regulations such as PCI.

Some products also check configurations of switches, routers, and other network devices.

For advanced organizations and administrators, some products offer an API allowing an organization to extract data and harness the information in other applications or reporting formats. This allows correlation of data between multiple products to create a larger picture and report upon security as a whole and not isolated views.

All Fired Up

If your organization has multiple firewalls or a lot of rules or complex configurations, or if it undergoes a fair amount of auditing, you are the perfect candidate for one of these products.

Firewall management can help organizations better manage risks by providing greater visibility into how security policies are actually being translated into real-world traffic patterns and data flow.

Adam Ely is an information security consultant.