Secure Passage Boosts Firewall Monitoring
Secure Passage is adding life-cycle management of firewall rules to its firewall analysis software, creating a way to avoid bloated and redundant rules that can slow performance.
Tue, July 14, 2009
Network World — Secure Passage is adding life-cycle management of firewall rules to its firewall analysis software, creating a way to avoid bloated and redundant rules that can slow performance.
FireMon 5.0, called eVolution, keeps track of the workflow needed to request, create, verify and correct rules. It can remind firewall administrators of rules that are due to expire and perhaps need to be deleted.
The software documents changes all through the life cycle, from who requested a rule to who approved it and who implemented it or changed it and when. This information can be used to support firewall audits and compliance checks required by regulatory and industry groups, the company says.
The software adds a framework specifically for reporting compliance with Payment Card Industry (PCI) security standards by providing the business justification for allowing certain kinds of access that PCI monitors. The software can generate reports on how well firewalls stack up to the requirements of 15 separate PCI standards.
A new audit log automatically captures each change and makes it and the justification for it readily available to comply with audits. This can reduce the time it takes to gather information needed to meet auditors' demands, the company says.These features will be useful to financial services firm Raymond James in monitoring its Juniper firewalls, says Todd Ferguson, the company's network security project manager. Raymond James faces compliance audits from PCI, the Sarbanes-Oxley Act and other industry and internal audits, he says. The new tools help find and sort the documentation required.
Rule documentation without the new tools is more manual, done by searching two stores of the relevant data, Ferguson says. Also, when engineers troubleshoot problems, they can readily look at audit logs to find whether changes might have an impact on services.
To help keep rules streamlined, eVolution includes a rule recommendation feature that compares requested rules with existing rules and recommends the simplest change to accommodate new requests. So if a department needs access to a particular service on a particular port, providing that access may be as simple as adding that service to an existing rule that already grants access to other services on that port, Ferguson says. This prevents creation of a brand new rule that would define the group, port and the one new service, he says.
EVolution performs traffic-flow analysis on all traffic passing through firewalls to reveal patterns that firewall executives can examine and decide whether they are overly permissive for users' needs. These broad rules can then be tightened up to allow only the necessary access, the company says.
Secure Passage competes with AlgoSec, Tufin and others. FireMon 5.0 is available now, and is an upgrade included for customers with a service contract.
