AlgoSec FireFlow
AlgoSec FireFlow intelligently automates the security policy change workflow, reducing the time required to process firewall changes by 60%, increasing accuracy and accountability, enforcing compliance and mitigating risk. FireFlow helps align operations and security teams by automating the entire change lifecycle—from submission and design to risk analysis, implementation, validation and audit. FireFlow supports traditional and next-generation firewalls, as well secure web gateways. It seamlessly integrates with existing service desk ticketing systems and can be easily customized to match each organization’s specific business processes to help:
- Significantly reduce the time required to process change requests.
- Improve accuracy of processed changes.
- Simplify auditing and ensure compliance and corporate governance.
-
Features
-
Specifications
Automated and Customizable WorkflowsFireFlow adds intelligent automation to the security policy change workflow. Out-of-the-box workflows are included for:
|
|
View Demo (3:01) |
Proactive Risk and ComplianceTo ensure compliance with regulatory and corporate standards, FireFlow analyzes each change before it is implemented and provides detailed information to approvers on any changes in risk or compliance levels. FireFlow draws on the broadest risk knowledgebase, which includes industry best practices, regulations such as PCI-DSS and SOX and customized corporate policies. |
|
View Demo (1:56) |
Network Topology and Design IntelligenceLeveraging topology-aware algorithms, FireFlow detects unneeded ("already works") changes and notifies requestors. Required changes are designed in the most secure and optimal way and include all relevant devices and rules to add, delete or edit. |
|
Click to Enlarge Image |
Automated Policy PushFireFlow's unique ActiveChange™ technology can automatically implement recommended policy changes on Check Point devices, saving time and avoiding manual errors. In Cisco environments, FireFlow can automatically translate change requests to Cisco CLI commands for a faster and more accurate implementation. |
|
Click to Enlarge Image |
Auto-Validation and ReconciliationFireFlow validates that change requests have actually been implemented on the network, preventing pre-mature closing of tickets. Additionally, to prevent unauthorized changes, all detected policy changes are automatically matched to request tickets and mismatches are reported. |
|
Click to Enlarge Image |
Audit-Ready ReportsDetailed reports track the entire change lifecycle, providing SLA metrics and greatly simplifying auditing and compliance processes. |
|
Click to Enlarge Image |
Automated Change Workflow for Secure Web GatewaysFireFlow seamlessly integrates with Blue Coat ProxySG to simplify and expedite the security policy change request workflow -- from end-user request initiation, design and review to work order generation. Organizations can now manage and audit security policy changes of multiple security devices under one common platform. |
|
Click to Watch (2:56) |
CMS IntegrationAlgoSec FireFlow complements existing change management systems with intelligent automation that enables IT to process firewall changes more quickly and with less risk. FireFlow supports change management systems such as:
|
|
Watch Integration with HP Service Manager (3:12)
Watch Integration with BMC Remedy (3:52) |
SLA TrackingFireFlow measures every step of the change workflow, enabling organizations to demonstrate they are meeting Service Level Agreements (SLAs), identifying potential bottlenecks and pinpointing change requests that require special attention. |
Click to Enlarge Image |
Supported Devices
Check Point | FireWall-1®, Provider-1®, SmartCenter | v3.0 and up, NG, NGX, Software Blade Architecture (R7x) – including Application and Identity Awareness Software Blades |
| VSX | All versions | |
| Security Gateway VE | All versions | |
Cisco | PIX, ASA Series | v4.4 and up |
| Firewall Services Module (FWSM) | v1.0 and up | |
| IOS Routers & Switches | All versions | |
| Cisco Layer-3 Switches | Nexus Routers - All versions | |
| Cisco Security Manager | v4.3 | |
Juniper | NetScreen Series | v5.0 and up |
| Network and Security Manager (NSM) | v2008.1 and up | |
| SRX Series | All versions | |
Fortinet | Fortigate | FortOS 3.x and up, including VDOM |
| FortiManager | v4.x | |
Palo Alto Networks | PAN-OS | V4.X and up |
McAfee | Firewall Enterprise (formerly Sidewinder) | V7.x and up |
Blue Coat | Proxy SG | V5.x |
Supported Devices for Change Monitoring*
F5 | Big-IP Family | |
Juniper | Secure Access SSL VPN | |
Linux | Netfilter/Iptables | |
Cisco | Ace | |
WacthGuard | XTM | |
* Additional devices can be added via the AlgoSec Extension Framework. | ||
System Requirements
The AlgoSec Security Management Suite can be delivered as software only, or preloaded on a virtual or physical appliance.
Physical appliances can be deployed in high-availability mode and support load-sharing for increased scalability.
Software | Memory | 2GB |
| CPU | 3Ghz | |
| Storage | 300 GB (2GB and additional 50MB per report) | |
| Operating System | Red Hat Enterprise Linux v4/v5 CentOS 4 - 5 Microsoft Windows 2000/XP/Vista (VMware) | |
| Browser | Internet Explorer 7.0 or higher Firefox 3.0 or higher | |
Virtual Appliance | VMware virtual appliance can run on a hosting Windows server with 1GB of RAM (2GB RAM or more is recommended). | |
AlgoSec Appliance | AlgoSec 1020 – low cost entry level, best for up to 150 firewalls *The number of firewalls supported by each appliance may vary according to policy complexity and the amount of logs collected. | |
Want to Learn More? Take the Next Step
 |  |  |  |
