AlgoSec Security. Visibility. Governance
   
 
Overview
Policy Optimization
Rule & Object Cleanup
Risk Management
Change Management
Cisco PIX to ASA Migration
Server IP Migration
Automated Audit
Managed Services
Security Compliance
White Papers
 

Risk Management

The firewall is the first and continued line of defense against potential intruders at most organizations. To ensure security they must be properly configured. This is an increasingly difficult task as constantly changing rule sets become complex matrixes with hundreds if not thousands of rules.

Built on AlgoSec’s comprehensive knowledge-base of industry best practices for firewall configurations, AFA's risk management solution allows users to quickly assess the security posture of their firewall configurations and ensure all devices meet their specific security requirements.

It also allows enterprises to easily define and configure their own distinct firewall policy guidelines. Either based on industry best practices or enterprise defined guidelines, AlgoSec's solution will automatically detect any violation or change in risk posture and immediately notify by email pre-selected team members, guarding against human error and potential intruders.

AlgoSec also offers automatically completed compliance reports for leading industry standards including PCI and SOX. Where there is a difficult, complex or time-consuming aspect of firewall administration, AlgoSec aims to help users by finding ways to automate those tasks and reduce the time they spend managing their ever changing firewall environments. 

When looking for a solution consider the following checklist:

  • Clean existing risks and make sure that new risks are not introduced
  • Execute the change process faster, and more safely
  • Locate and fix human errors before damage occurs
  • Make current rules safer
  • Do not interfere with network operations
  • Track progress
  • Comply with SOX and other regulatory requirements
  • Comprehensive analysis - not just a spot check
  • No false positives
  • Handle a large number of firewalls
  • Handle multiple vendors uniformly
  • Work automatically
  • Get notified about new risks
  • Share information with the relevant people

You can address all the above requirements and more using the AlgoSec Firewall Analyzer (AFA) .

AFA provides you with a view of the risks across all of your firewalls, whether from a single vendor or multiple vendors -- Check Point, Juniper/Netscreen and Cisco --highlighting the new risks. It also takes you to the specific rules that need fixing.



The AlgoSec Firewall Analyzer (AFA) is invaluable for enterprise environments it highlights all the risks associated with a firewall policy. AFA non-intrusively generates a detailed report, at a consistently high quality. As a result, hidden risks will no longer be a concern. The firewall team can easily modify or remove the faulty, unnecessary or redundant firewall rules and gain peace of mind.

The AlgoSec AFA Closes the Change Lifecycle Management Loop:
Basic change management is not enough for firewall policies. Knowing that a rule has changed is just the tip of the iceberg. IT security teams need to know whether the change introduces any new risks. Currently, when a new rule is deployed, there is no feedback on the effect it has on network security.

change-open loop
 

The AlgoSec Firewall Analyzer (AFA) closes the change lifecycle management loop. It automatically documents the real policy changes. It highlights network security risks, and, as a result, leaves no "hidden risks."

Using AFA as part of your firewall policy change process helps you ensure that no risks or unnecessary clutter are introduced into your rule base.

The AlgoSec Firewall Analyzer analyzes all possible incoming and outgoing traffic, based on a detailed examination of the rule set and routing table of a firewall. AFA's patent-pending algorithms effectively analyze every possible packet the firewall will encounter.

Solving a Complex Problem
An article published in IEEE Computer magazine reviewed 30 firewalls in "corporate America" companies. It clearly indicated that there is a direct ratio between firewall policy complexity and security holes.


Rule-base complexity = Rules + Objects + Interfaces * (Interfaces -1) * 0.5
Source: IEEE magazine, June 2004

This suggests that even a mid size firewall is potentially exposed to several critical risks. It seems that the large investments that corporations make in infrastructure and personnel are not sufficient to bring the expected security.

The distribution of firewall policy errors looked like this:

Manual inspection of firewall rules involves a high probability of errors. Corporations need to have their firewalls audited in a systematic and comprehensive way to avoid the errors that leave security gaps. Only sophisticated computerized products are able to tackle such a task: there are simply too many possibilities for humans to handle unassisted.

A comprehensive approach to firewall policy analysis requires analyzing all intrusion scenarios between all IP addresses (source and destinations), analyzing all possible source and destination ports and all protocols. A quick calculation shows that there are over 1,000,000,000,000,000,000,000,000,000,000 possible combinations. On such a scale, active testing is not a viable option, since it would take longer than the age of our planet in order to complete.

AFA started its development in 1999 by a team of researchers at Bell Labs. The AFA report contains over 1,500 richly-linked HTML-based files. This structure allows a very easy drill down to more detail, without cluttering the high level view. All the reports may be stored on a server to allow easy access to any authorized user, or exported to MS office file format such as Word or Excel. This allows you to import the results of the firewall analysis into a database, as well as to include portions of the reports in tailor-made documents.
 
Why AlgoSec
Get A FREE Evaluation
Satisfaction Guarantee
How To Buy