Case Studies

"Through the integration of the AlgoSec Firewall Analyzer and Check Point's VPN-1 technology our joint customers will benefit from comprehensive change and risk management solutions. We are committed to open standards and making sure IT administrators have the best firewall protection on the market for the highest level of security."

Amir Ben-Efraim, Director of Business Development
Check Point Software Technologies

Large enterprise customer

A large enterprise customer has 160 firewalls in 50 countries, centrally managed from their headquarters. 1,500 policy changes per year are made by the firewall administrators, who are employed by an outsourcing company. The Director of Information Security had an urgent need to tighten his control over the change process, and to prevent risky changes. He also had to comply with Sarbanes-Oxley.

The customer purchased the AlgoSec Firewall Analyzer, and now runs it on a nightly basis. Every morning the Director of IS reviews the change journal that he receives via e-mail. He can then immediately identify any risky changes that were made shortly beforehand, along with the rules that created the risks. If such mistakes are made, he then forwards the FA e-mail to the administrators and instructs them to fix the issues. Things are now back under control!

Wall Street financial institution

A respected Wall Street financial institution was having a difficult time processing change requests for their large number of firewalls. Their change process was manual and based on a home grown ticket tracking system. The process looked like this:
 

a) A user requests a change
b) A firewall engineer plans the change
c) An information security team member approves the proposed change. A rule change was typically approved within three days, although, at times, the approval could be backlogged for up to two weeks. Critical changes were handled on the same day.

The firm was looking for a product which could help them automate and streamline the approval process as well as increase the security of their firewalls. After testing the AlgoSec Firewall Analyzer, they were convinced that this is the product to accomplish those goals. They found that AFA allows them to shorten the change approval to one day on a consistent basis so that the organization would be better equipped to support its business needs. At the same time the information security team is pleased because the faster approval turn-around time does not compromise security, - in fact, security is improved. Result: AFA has become a daily helpful tool for both the firewall engineering team and the information security team.

AFA has become a daily helpful tool for both the team that is changing the rules, as well as the security team.

Leading Audit organization

Here is an opinion of IT professionals in leading audit organization:

“ I found AFA to be a critical tool for the short timeline we had to work with for 8 firewalls, 2 of which had over 2000+ rules. I especially appreciated the assistance that the AlgoSec team gave on such short response time ”

“ Your tool worked excellent. I like the new interface and the better reporting logs. You and your company have helped us tremendously in finding errors and issues with our clients that would have not been identified through the manual process ”

“ I found AFA most useful and very accurate. Basically the AlgoSecFirewall Analyzer (AFA) allows for multiple configurations to be run while you are either sleeping or have some off-time. For single instances that were run after the automated time ran, was approximately 30 minutes or more to run, depending on the number of objects and rules. For very short rule sets the tool ran approximately 5 - 15 minutes and again was extremely accurate. We presented the client with the Executive summary report at first so that they can see the logical diagram that the tool creates. If anything appeared to be listed on the incorrect port, you can adjust the tool to accurately represent the logical layout. The tool also creates a list of risks and graphs them on the Executive summary in order from High to Low risks, to include possible High risks that can be discussed with the client. In addition, to the Executive summary the one report we found that the client was interested in is the Outside to Inside Report, which lists all open ports and NAT'ing (Network Address Translation) routes that were discovered. In all the client was very impressed with the easy to follow reports, the accuracy of the tools reporting capabilities and ports that were thought to be closed, but were found open. It was the tools ability to analyze the open ports and routing that I found most useful. While the tool identifies some risks, it still takes about an hour or so to dig deeper into open ports that may not have an associated or newly identified risk. This amount of time clearly demonstrates the tool's necessity for any engagement where time is critical. We made a comparison of time that it takes a specialist to manually review a firewall compared to the time the tool takes with some additional analysis and here was are the results:

Manual firewall audit: Charge to client = consultant's bill rate x Number of Firewalls x 10 hours of manual review + (Travel Time) + (Time on Site, e.g. Hotel, Airfare, Expenses).

AFA Tool = AFA report cost x Number of Firewalls + firms profit = price to charge client.

*Note: tool can be run during off hours or non-interactive time ”

Large financial organization

Like most other IT organizations, this AFA customer (a respected Wall Street investment bank) has a weekly meeting to review all of their firewall rule changes. One of their engineers was evaluating AFA and started bringing in reports which showed all of the new risks that were associated with the proposed changes. His co-workers were immediately impressed and the decision was made to purchase FA.
 

In addition to the rich customization capabilities, they use the scheduling feature to automatically run reports every weekend and are looking at ways to integrate AFA into their change management process.
 

They purchased licenses for 100 firewalls. The engineer who introduced AFA was lauded for his contribution to the organization.

Register here to view sample reports (PIX, Check Point, Juniper Netscreen, IOS ACL, Group analysis), evaluation download, pricing model, documentation and more.