Risk Management & Compliance

The AlgoSec Firewall Analyzer Risk & Compliance Module is the market’s leading firewall risk and compliance management solution. It includes the full Optimization & Operations Module and adds the optional Risk & Compliance software module. Built on AlgoSec's comprehensive knowledge-base of industry best practices for firewall configurations, it allows users to quickly assess the security posture of their firewall configurations and ensure all devices meet their specific security controls. It also includes automatically completed compliance reports.

Risk & Compliance features include:

• Deep risk analysis: Identifies every packet the firewall may encounter. Automatically maps topology and identifies the most serious threats based on industry best practices, prioritizes subsequent risks and offers guidance on what and how to remediate.
• Risk drill down: Drills down on risk details as deep as six levels to find the specific rules and objects that require remediation.
• Automatic assessment and turnkey compliance reports: Generates automatically populated compliance reports to assure continued adherence to external regulatory standards including PCI DSS, Basel II, Sarbanes-Oxley
  (SOX), J-SOX, NERC CIP, and ISO 27001, supplying the end-user or auditor with out-of-the-box reports.
• Group compliance reports: Run a single compliance report that includes a group of firewalls to view overall corporate compliance on a single report.
• Multi-tiered risk analysis: Analyzes several firewalls together, taking into account their relative hierarchy in the network.
• Continuous security audit: Provide complete audit trail and replace error prone manual task to ensure configuration is aligned with security policy.
• Identify "risky" rules: Identify all rules that allow risky traffic and should be reviewed. Analysis is based on routing table examination and industry best practices.
• Customizable risks: Customize out-of-the-box risks creating customer specific risk profiles, user-defined zone-types and trusted traffic. This allow you to easily audit your corporate security policy..
• “Changes in risks” alert: Send emails to pre-assigned users following a change to the security posture relative to previous analysis.
• Offline Web interface: Offer offline policy store to deliver unprecedented visibility and insight to ensure current configurations match mandated policies.
• VPN analysis: Add risks associated to VPN rules and VPN objects to the Change History page and to email notifications.
• Compliance: Out-of-the-box and audit-ready compliance reports for PCI DSS, Basel II, Sarbanes-Oxley (SOX), J-SOX, NERC CIP, and ISO 27001. In addition, the AlgoSec Firewall Analyzer explores the policy and change history providing an auditor the required information to produce a report that complies with additional corporate and regulatory standards such as HIPAA, FISMA, and Cyber Security Standards (CIP).

The AlgoSec Firewall Analyzer Risk & Compliance Module is offered in both "Basic" and "Advanced" editions for the ultimate in flexible licensing. For details on what is offered in each module see the AlgoSec Firewall Analyzer datasheet (PDF file).

For more information and to view sample reports register here for exclusive access to our Customer Extranet where you can view sample reports, read white papers, customer case studies and more.