member sign-in
Forgot password? Create new account Close

Firewall Assurance and change control

Definition

This kind of solution helps prioritize security risks in an organization by automatically collecting and analyzing configuration data about network topology. It provides the possibility of identifying firewall conflicting rules and potential network threats that cause security gaps, determine if network security policy is enforced on each device and helps reduce configuration errors.

 

User Benefits

This solution offers the possibility of finding and remediating network and firewall security issues very fast, it can be used to test changes in advance and optimize configuration of these devices. IT teams can earn more time for other mission-critical tasks.

 

Business Impact

Using this kind of solution, visibility of network and firewall environment can be increased, failures and security breaches can be discovered and remediated much faster, network assessment time can be reduced drastically and also compliance against industry and internal regulations can be achieved.


Products supporting this technology

Skybox

As  networks evolves in more and more complex structures, threats against security of these networks raised dramatically. Open ports and configuration errors are often used by hackers and cyber-criminals to commit attacks with more and more severe consequences. Victims suffer from interrupting production activity, negative publicity or confidential information loss.

The challenge of every business is to maintain a safe network, opened and interconnected between vendors, clients and partners from all over the world. Information exposal and security of this information is a very difficult task to achieve. There are many risks regarding network security that could put in danger integrity or information theft.

Understanding these risks and blocking potential security issues is  a very difficult challenge. To protect network environments better, users need to best view the network battlefield and understand the complexity of it.

A good solution will offer the possibility to fast identify potential issues and configuration errors and test configuration changes before applying in production environment, reducing the chance of attacks or infiltrations. The possibility to compare “what if” and real environments is a really useful feature.

Firewalls are first line of network defense, so keeping them secure and continuously policy compliant is a necessity. This task can become very hard as regular audits need to be run in order to check for misconfigurations, shadowed, redundant or conflicting rules and security threats such as violating ACL’s. Considering these aspects, an automated tool that helps IT teams is very useful, and it frees up time for other mission-critical tasks. This kind of solution automatically or manually collects configuration data and log files, it creates a model, analyses firewall access paths, keeps track changes made to firewall rules and as output it offers status reports for different users in organization. Also, firewall change assurance reports and overall compliance reports for executives can be generated.

Whether an organization has 10 or 1000 network devices, finding potential security issue can be a very difficult task. Using this kind of solution, IT managers have the tool they need to correlate layers of network data, identify potential issues caused by configuration errors, troubleshoot access issues and connectivity routes. A network topology map can be created and updated automatically, resulting an environment where compliance or network changes can be applied before impacting production environment. Configuration data can be collected automatically from network devices including firewalls, routers and load balancers and after it is analyzed, useful information is provided as output that helps several groups into organization to verify compliance against corporate policies, balance network security and availability with no planning errors. 

This solution helps your organization to achieve compliance to some well known regulations like: PCI DSS, SOX, ISO, NSA or FISMA.

The possibility of automatically collecting configuration data of network devices, network topology,  threats and vulnerabilities under same umbrella really helps organizations understand cyber security risks they are exposed to.

  • manufacturer