AlgoSec Security. Visibility. Governance
   
 
Overview
Policy Optimization
Rule & Object Cleanup
Risk Management
Change Management
Cisco PIX to ASA Migration
Server IP Migration
Automated Audit
Managed Services
Security Compliance
White Papers
 

Network Security Audit - Managed Services

An MSP tasked with managing large numbers of firewalls will find the AlgoSec Firewall Analyzer (AFA) to be the perfect solution for ensuring that regular rule changes do not introduce any new risks, and for monthly firewall audits. AFA helps MSPs offer consistently high quality with less experienced personnel. Use FA to differentiate yourself when competing for new deals. Offer AFA as an add-on service to your existing and new clients.

The AFA generates reports which can be used to test the effectiveness of firewall related IT processes which are regulated by legislation such as the Sarbanes-Oxley Act, Basel II Capital Accord, HIPAA, BS 7799 / ISO 17799, FISMA, Payment Card Security Standard PCI DSS, Cyber Security Standards (CIP) etc. Such compliance tests will help you address more customers.

Outsourcing requirements are unique in that the MSP may utilize in-house and/or third party tools to assist in the management of the customers network. Because of this, the burden of procuring these tools may be on the MSP and profitability becomes an issue if these tools are too expensive, especially if they are used on a temporary basis. Because of this, AlgoSec has created a special pricing model for MSPs who see the value in implementing AFA at their customer sites.

Another case follows the staffing model, where engineers are placed at the customer site for a period of time and, in some cases, may be treated as employees. Depending on the type of engagement, the MSP employee may have the ability to introduce new products into the enterprise environment.

Either way, AFA can play a central role in the regular operation and management of the customers firewall infrastructure.

Most MSPs hire talented information security experts. Nevertheless, according to surveys, every large enterprise firewall policy includes serious risks that are unknown to the MSP. The large investments in infrastructure and personnel are essential however not sufficient to bring the expected security.

What type of solution are you looking for? Consider the following checklist:

  • Clean existing risks and make sure that new risks are not introduced
  • Execute the change process faster, and more safely
  • Locate and fix human errors before damage occurs
  • Make current rules safer
  • Do not interfere with network operations
  • Track progress
  • Comply with SOX and other regulatory requirements
  • Comprehensive analysis - not just a spot check
  • No false positives
  • Handle a large number of firewalls
  • Handle multiple vendors uniformly
  • Work automatically
  • Get notified about new risks
  • Share information with the relevant people

You can address all the above requirements and more using the AlgoSec Firewall Analyzer (AFA) .

AFA Provides you with a view of the risks across all your firewalls, highlighting the new risks, as you can see in the Executive Summary below. AFA also guides you to the specific rules that need fixing. AFA enables you the peace of mind that your firewall policies are safe. Always.

group executive summary

The AlgoSec Firewall Analyzer (AFA) is invaluable for enterprise environments as a result of its ability to highlight all the risks associated with a firewall policy. AFA non-intrusively generates a detailed report, at a consistently high quality. As a result, hidden risks will no longer be a concern. The firewall team can easily modify or remove the faulty, unnecessary or redundant firewall rules and gain peace of mind.

The AlgoSec AFA Closes the Management Loop:
Basic change management is not enough for firewall policies. Knowing that a rule has changed is just the tip of the iceberg. IT security teams need to know whether the change introduces any new risks. Currently, when a new rule is deployed, there is no feedback on the effect it has on network security.

change-open loop

 

The AlgoSec Firewall Analyzer (AFA) closes the management loop. It automatically documents the real policy changes. It also highlights network security risks, and, as a result, leaves no "hidden risks".

Using AFA as part of your firewall policy change process is natural.

change-closed loop

 

The AlgoSec Firewall Analyzer non-intrusively analyzes all possible incoming and outgoing traffic, based on a detailed examination of the rule set and routing table of a firewall. FA's patent-pending algorithms effectively analyze every possible packet the firewall will encounter, typically within 20 minutes.

Are active testing tools good enough for firewall policy analysis? Active network testing tools are unable to test all IP addresses and services, and will not flag open firewall rules if the host behind the firewall is not listening on the scanned port. Therefore, getting a "clean bill of health" from a network scan tells you only that you passed a "spot check" - it tells you nothing about the huge number of possible attack packets that were not attempted. Your network may still be vulnerable! After a scanner alerts you about a risk, it takes extensive research to locate the rule that needs to be fixed. AFA does it for you automatically.

What are the highlights of the AFA solution?

  1. Clean existing risks and make sure that you don't introduce new risks: The AFA generates a complete firewall policy analysis report. It describes the risks related to the existing firewall rules according to their importance, and in three mouse clicks guides you to the specific firewall rule that needs to be modified to remove this risk.
  2. Execute your change process faster, and safer: Ensure that no hidden risks are introduced when changing the firewall policy. Integrate AFA into your change management process in order to simultaneously support faster response to change requests and enhance your security.
  3. Locate and fix human errors before damage occurs: Every new risk is highlighted so that it can be fixed quickly.
  4. Make your current rules safer: AFA identifies all the existing risks in the firewall policy and guides you on how to fix them.
  5. Do not interfere with network operations: AFA copies the firewall policy and routing table to a separate computer and runs the analysis non-intrusively without any packet transmission.
  6. Track your progress: AFA compares the risks between each analysis and the previous one. It shows you which risks have been reduced or completely removed. FA allows you to track your progress toward making your network safer.
  7. Comply with SOX and other regulatory requirements: View the history of changes in a firewall, see which risks were introduced or fixed between AFA analyses, and which rules, service definitions, and host group definitions were modified. This feature helps you comply with corporate and regulatory requirements (such as the Sarbanes-Oxley Act, Basel II Capital Accord, HIPAA, BS 7799 / ISO 17799, FISMA, Payment Card Security Standard PCI DSS, Cyber Security Standards (CIP) ).
  8. Identify rules and host groups that are not being used: Be advised about rules and host groups that are not being used to make your firewall policy more efficient.
  9. Comprehensive analysis: AFA analyzes every possible type of packet that the firewall may ever encounter. The number of theoretical combinations is over 1,000,000,000,000,000,000,000,000,000,000.
  10. No false positives: AFA includes a complete customization suite, providing you with the ability to eliminate risk items that are irrelevant to your environment. You can customize risk levels per individual firewall or a group of firewalls; you can customize the network topology; and you can guide AFA to treat trusted IP addresses as non-threatening.
  11. Handle a large number of firewalls: AFA analyzes all the leading firewalls in the enterprise market. When you run a PIX audit, an FWSM audit, a Checkpoint Firewall-1 audit, a Checkpoint Provider-1 audit, or a Cisco router IOS Access List (ACL) audit you’ll find the AlgoSec AFA very helpful. In case you wish to understand what your firewall policies are really doing, and you are looking for a PIX analyzer, a FW-1 analyzer, or an ACL analyzer you’ll love the AlgoSec FA! The reports for all the supported products have the same look and feel regardless of the firewall vendor.
  12. Handle multiple vendors uniformly: AFA analyzes all the leading firewalls in the enterprise market. When you run a PIX audit, a FWSM audit, a Checkpoint Firewall-1 audit, a Checkpoint Provider-1 audit, or a Cisco IOS Access List (ACL) audit – you’ll find the AlgoSec AFA very helpful. In case you wish to understand what your firewall policies are really doing, and you are looking for a PIX analyzer, a FW-1 analyzer, or an ACL analyzer you’ll love the AlgoSec FA! All supported products always have the same look and feel regardless of the firewall vendor.
  13. Work automatically: Automatically run periodic analyses of any group of firewalls, and produce an executive summary report for the entire group, containing an aggregate of all the risks found. You will be able to schedule an analysis over the weekend, or whenever you see fit.
  14. Automatic analysis upon policy install: AFA can scan all your policies continuously, and upon identification of a new installed policy analyze it and notify you according to your guidance
  15. Be notified about new risks: You may guide AFA to provide email notification upon predefined triggers.
  16. Share information with the relevant people: AFA reports may be automatically placed on an internal web server to make the reports available to your team using SSL and proper authentication.
  17. Integrate AFA into your policy change management process: Integrate AFA into your change management process in order to simultaneously support faster response to change requests and enhance your security.
  18. Easy to deploy: From the time you have a Linux machine it typically takes 2 hours to install and have a report ready.

Solving a Complex Problem
An article published in IEEE Computer magazine reviewed 30 firewalls in "corporate America" companies. It clearly indicated that there is a direct ratio between firewall policy complexity and security holes.


Rule-base complexity = Rules + Objects + Interfaces * (Interfaces -1) * 0.5
Source: IEEE magazine, June 2004

This suggests that even a mid size firewall is potentially exposed to several critical risks. It seems that the large investments that corporations make in infrastructure and personnel are not sufficient to bring the expected security.

The distribution of firewall policy errors looked like this:

Manual inspection of firewall rules involves a high probability of errors. Corporations need to have their firewalls audited in a systematic and comprehensive way to avoid the errors that leave security gaps. Only sophisticated computerized products are able to tackle such a task: there are simply too many possibilities for humans to handle unassisted.

A comprehensive approach to firewall policy analysis requires analyzing all intrusion scenarios between all IP addresses (source and destinations), analyzing all possible source and destination ports and all protocols. A quick calculation shows that there are over 1,000,000,000,000,000,000,000,000,000,000 possible combinations. On such a scale, active testing is not a viable option, since it would take longer than the age of our planet in order to complete.

AFA started its development in 1999 by a team of researchers at Bell Labs. The AFA report contains over 1,500 richly-linked HTML-based files. This structure allows a very easy drill down to more detail, without cluttering the high level view. All the reports may be stored on a server to allow easy access to any authorized user, or exported to MS office file format such as Word or Excel. This allows you to import the results of the firewall analysis into a database, as well as to include portions of the reports in tailor-made documents.

Summary
The AlgoSec AFA is a unique and comprehensive enterprise-class solution that helps you accomplish the following goals:

  • Clean existing risks and make sure that new risks are not introduced
  • Execute the change process faster, and more safely
  • Locate and fix human errors before damage occurs
  • Make current rules safer
  • Do not interfere with network operations
  • Track progress
  • Comply with SOX and other regulatory requirements
  • Comprehensive analysis - not just a spot check
  • No false positives
  • Handle a large number of firewalls
  • Handle multiple vendors uniformly
  • Work automatically
  • Get notified about new risks
  • Share information with the relevant people
 
Why AlgoSec
Get A FREE Evaluation
Satisfaction Guarantee
How To Buy