The integration provides linkage between the two processes. So, for example, as Firewall Analyzer identifies rules that should be created, modified or removed, a ticket is opened in FireFlow. Both products are available separately, as well.
The integration is two-way, illustrated by the new ActiveChange feature, which allows organizations to automatically create new or modified firewall rules recommended by Analyzer and that have undergone the required approvals through FireFlow. The aim is to eliminate the need to manually key firewall rule changes, reducing administrative workload and error. "Our research shows that a lot of downtime is caused by human error and misconfiguration," says John Kindervag, senior analyst at Forrester Research. "The more you can automate, the better."
The market for firewall audit and management tools is driven largely by regulatory compliance requirements, particular Payment Card Industry Data Security Standard (PCI DSS). These tools also provide automated analysis, attacking the management pain points and security risks created by bloated rule sets and redundant and unnecessary rules.
They run complex algorithms that evaluate the actual rules against corporate policies and best practices to identify gaps, verify changes and produce audit reports. Automated analysis is becoming essential as audits across multiple firewalls that incorporate thousands of interdependent rules have grown well beyond human capability.