As IT security becomes ever more business critical, most organizations have accumulated large numbers of complex firewall rulesets across their many security devices. These rulesets are regularly changed and added to and, as a result, they become bloated, in part because security teams are worried about the repercussions of cleaning up. Deleting a rule can be nerve-wracking since it might inadvertently cause an outage, or a gap in the security perimeter.
But not cleaning up rulesets is just as dangerous. Bloated rulesets add significant security risk, they add complexity and delays to policy change management processes, and they can impact the performance of your firewall appliance. In a typical firewall audit, for example, an external auditor may point to a rule and ask “what does rule 300 do, and is it still needed?” More often than not the firewall administrator will not know the answer, especially if the rule has been in place for long time, and he or she will then have to spend long hours trying to find out.
AlgoSec’s security policy management solution is that it assists organizations with their firewall rule clean-up processes, checking which rules are serving a valid purpose and which ones are redundant. This is done by tracking a rule’s usage over long time periods. If a rule hasn’t been used within a certain time period, say 8 months, the assumption is that it’s probably not needed and therefore no application will break or become insecure if it’s deleted.
However, there is still a risk of unexpected consequences. Even though a given rule wasn’t used during the monitoring period, is it really redundant, or is it still required occasionally, for example during a DR failover, or to allow additional traffic volume in the lead up to the holiday season? To make an informed decision, the firewall administrators need to know which business applications rely on each firewall rule.
Our recent release of the AlgoSec solution (v.611) associates firewall rules with their respective business applications, and provides a detailed, documented inventory of all the applications and connectivity each rule supports. This capability is supported through AlgoSec BusinessFlow, which now automatically annotates the firewall rules with links to the applications relying on them – and keeps this annotation up-to-date throughout the application’s lifecycle.
So now, when assessing the validity of a rule, the administrator doesn’t just rely only on whether the rule has been used within a specific timeframe: he/she can immediately see whether or not the rule supports a business application. This helps eliminate the potential risks of firewall rule removal and simplifies the decluttering process. The actual clean-up and decommissioning can then be automatically processed through AlgoSec’s zero-touch security policy change management.
There are several key benefits to linking firewall rules to their business applications.
By tying firewall rules to business applications, we continue to focus on enabling our customers to align their security with their business processes so that they can be more agile, more secure and more compliant – all the time.
Click here to find out what else is new in AlgoSec 6.11.
Receive notifications of new posts by email.
We don not ask your personal information to access any of our resources.