AlgoSec Firewall Analyzer, Enterprize Edition

The AlgoSec Firewall Analyzer (AFA), Enterprise Edition is the market’s leading Firewall Operations and Security Risk Management solution. It is the most comprehensive edition of the AFA Product Suite, combining all three of AlgoSec' software modules into a single, comprehensive solution, to help enterprises address all aspects of their firewall operations management, policy optimization and risk management requirements. It is based on AlgoSec’s patent pending technology.

The Enterprise Edition replaces the manual, inefficient and potentially error prone task of managing complex firewall, router and VPN configurations.  It makes it easy for enterprises to provide trusted team as well as outside consultants and analysts with unparalleled visibility into firewall configurations without accessing the production firewall consoles. It provides actionable information to enable team members to query firewall configurations, view policies offline from any web browser, optimize performance and prioritize action based on quantifiable risk exposure.
 

The Enterprise Edition is comprised of AlgoSec’s Risk Module, Optimization Module and Core Module.

Risk Module feature highlights:

• Deep risk analysis: Identifies every packet the firewall may encounter. Automatically maps topology and identifies the most serious threats based on industry best practices, prioritizes subsequent risks and offers guidance on what and how to remediate.
• Automatic assessment and compliance reports: Generates automatically populated per firewall compliance reports to assure continued adherence to external regulatory standards including SOX, PCI-DSS, J-SOX and ISO, supplying the end-user or auditor with turnkey reports.
• Continuous security audit: Provide complete audit trail and replace error prone manual task to ensure configuration is aligned with security policy.
• Customize risk assessment: Add risk profiles based on internal corporate standards and easily customize out-of-the-box risk profiles with the AlgoSec wizard-driven Risk Profile Editor.
• eMail notifications: Send emails to pre-assigned users following a firewall risk analysis with the summary of the analysis and the changes to the security posture relative to previous reports.
• Offline Web interface: Offer offline policy store to deliver unprecedented visibility and insight to ensure current configurations match mandated policies.
• VPN analysis: Add risks associated to VPN rules and VPN objects to the Change History page and to email notifications.

Optimization Module feature highlights:

• Rule cleanup and audit: Identify unused, covered, timed out and disabled rules which are candidates for removal. List rules that may not conform to company security policies, including rules without comments, rules without logs and rules with comments that do not include a ticket number.
• Usage analysis: Show unused rules, the most used and the least used rules.
• Intelligent rule re-ordering: Recommendation of new positions to the rules to increase the firewall performance. The recommended order retains the policy logic. Typically, by repositioning only a few of the most used rules a significant improvement in performance is seen.
• Object cleanup and audit: List unused, unattached and empty objects which are candidates for removal.
• VPN cleanup and audit: Show VPN parameters including unused users, unattached users, expired users, unused groups, unattached groups and expired groups.
• VPN analysis: Present the VPN parameters also in the change history page and in email notifications.

Core Module feature highlights:

• Firewall analysis and reports for change tracking: Visual display of the firewall policy, including topology, traffic, rules and objects. It also includes analysis of the routing table and provides a connectivity diagram. Shows changes from previous reports on the same firewall.
• Group reports for change tracking: Create a report on a group of firewalls with either predefined or ad-hoc firewall definitions.
• Customized report scheduling: Schedule an analysis on a per firewall or group of firewalls based on pre-defined intervals (daily, weekly, monthly, etc) and issue a report.
• Report comparisons: Compare any two reports – either the same firewall or different firewalls or different firewall vendors. Track the changes in a firewall policy between reports of any two dates.  Show the changes in traffic, rules, services, host groups, topology and objects.
• eMail notifications: Send emails to pre-assigned users following a firewall analysis with the summary of the analysis and the changes from previous reports.
• Queries: Query a specific firewall or a group of firewalls to determine which rules control traffic between specific sources and destinations. This enables help desk teams to easily troubleshoot and prevent disruptions. It also provides for seamless server IP migration and security checking.
• Real time change alerting: Continuously poll firewall policy changes and send email alerts when a change is detected.
• Basic compliance: By exploring the policy and change history an auditor receives the required information to produce a report that complies with corporate and regulatory standards such as the Sarbanes-Oxley Act, Basel II Capital Accord, HIPAA, BS 7799 / ISO 17799, FISMA, Payment Card Security Standard (PCI DSS) and Cyber Security Standards (CIP).
• What-if analysis: Analyze a firewall policy before actually pushing it into production. Allows planned changes to be tested to ensure that the change in policy will produce the required results.

In addition to the features listed above all editions provide the infrastructure software features for the AlgoSec Firewall Analyzer that include:

• Graphical user interface
• Data collection setup
• User management and access control
• Reporting infrastructure