AlgoSec Integrates Firewall Analysis, Workflow Products
AlgoSec has integrated its firewall audit and management analysis and workflow products into an integrated suite, introducing several new features, including automated rule changes, security ratings and firewall object creation. AlgoSec Security Management Suite 6.0 includes Firewall Analyzer, which automates firewall, router and VPN audit and analysis, as well as FireFlow, which automates the change control workflow process.
March 14, 2011
AlgoSec has integrated its firewall audit and management analysis and workflow products into an integrated suite, introducing several new features, including automated rule changes, security ratings and firewall object creation. AlgoSec Security Management Suite 6.0 includes Firewall Analyzer, which automates firewall, router and VPN audit and analysis, as well as FireFlow, which automates the change control workflow process.
The integration provides linkage between the two processes. So, for example, as Firewall Analyzer identifies rules that should be created, modified or removed, a ticket is opened in FireFlow. Both products are available separately, as well.
The integration is two-way, illustrated by the new ActiveChange feature, which allows organizations to automatically create new or modified firewall rules recommended by Analyzer and that have undergone the required approvals through FireFlow. The aim is to eliminate the need to manually key firewall rule changes, reducing administrative workload and error. "Our research shows that a lot of downtime is caused by human error and misconfiguration," says John Kindervag, senior analyst at Forrester Research. "The more you can automate, the better."
The market for firewall audit and management tools is driven largely by regulatory compliance requirements, particular Payment Card Industry Data Security Standard (PCI DSS). These tools also provide automated analysis, attacking the management pain points and security risks created by bloated rule sets and redundant and unnecessary rules.
They run complex algorithms that evaluate the actual rules against corporate policies and best practices to identify gaps, verify changes and produce audit reports. Automated analysis is becoming essential as audits across multiple firewalls that incorporate thousands of interdependent rules have grown well beyond human capability.Working with its own or third-party workflow tools, AlgoSec also enables organizations to verify and document the entire configuration-management lifecycle in order to demonstrate to auditors that practices follow policy, that changes were completed as authorized, and that the intended access was provided.
In addition to ActiveChange, the AlgoSec Suite's new features include:
Rule recertification, which helps organizations evaluate the need for existing rules during periodic reviews to eliminate "rules bloat." This provides complete information, including who requested the rule and why in order to determine if a rule should be deleted. "People are terrified to remove a rule because they are not sure if they're going to break something," says Nimmy Reichenberg, AlgoSec VP of marketing. "A rule may have been in place for years, written by someone who is no longer with the company."
Devices or groups of devices are rated for overall security posture based on industry benchmarks and best practices.
In addition to rules change control workflow, organizations can define workflows for adding, modifying and deleting firewall objects, including impact analysis, approval, implementation recommendation and audit.
AlgoSec competes in the firewall audit and management market with a handful of vendors, including Athena Security, FireMon, RedSeal Systems, SkyBox Security and Tufin Technologies. In evaluating these products, Forrester's Kindervag says organizations should consider ease of use, ease of implementation, ability to easily retrieve log data, interoperability, and the features required to meet their regulatory compliance and security requirements (including strong reporting for auditors and management).
"This is absolutely a space where I should have a bake-off between two or three of the players before I decide which one best fits my environment," he says. "The players that are in the market have competitive feature sets for most part."
See more on this topic by subscribing to Network Computing Pro Reports Alert: The Long Arm of Database Security (subscription required).
You May Also Like