AlgoSec Firewall Analyzer (AFA) is a component of the AlgoSec Security Management Suite, and is a comprehensive device analysis solution that builds an end-to-end model of your network’s security posture and Layer 3 connectivity.
AFA's network model and its graphical map enable you to automatically detect security holes in your device policies, helping you manage your network proactively and efficiently.
In situations where a new exploit uses ports that could be blocked by the devices, AFA lets you run a traffic simulation query on all your devices to identify whether you are exposed, and which policies should be tightened up.
AFA reports are very intuitive and user-friendly, allowing you to quickly locate and resolve critical problems with three mouse clicks. Although AFA reports are easy to understand, they comprise a profound analysis of five layers of information, with more than 1500 linked files. The files making up the average AFA report, total about 75 MB* in size.
The following are traffic types analyzed by AFA:
- Every external IP address
- Every internal IP address (private or public, including NAT)
- Every protocol
- All source and destination port numbers and applications
- Both incoming and outgoing traffic
Each report is the result of AFA analysis of more than 1030 possible intrusions.
For more details, see AFA reports.
Analyzing complex device policies manually is time consuming and requires an understanding of all the possible options and combinations. As a result, many risks are not detected and impose a threat to the organization's security.
The AFA Risk Management module automatically analyzes every type of packet that a device may encounter and performs a comprehensive analysis - not just a spot check. Therefore, customers have the ability to view all the risks and the specific rules that cause them, across all their devices.
For details, see Customize risk detection.
Today's constant demand for application and infrastructure changes poses a significant risk of compromising security in the process, and exposes organizations to new risks they might not even know about. That's why an ad-hoc approach to change management is not recommended.
AFA provides a comprehensive solution that helps report all the changes made to your device policies, and analyzes their impact, so that you can review and verify that they are performed correctly. In addition, a complete change history is logged. With AFA, the change process becomes more efficient, safer and easier to control.
Devices work more efficiently and are easier to manage when the policies are uncluttered and free of unused rules and objects. AFA enables customers to optimize policies easily and safely, by providing information on the following:
- Unused Rules: rules that are not used according to actual traffic logs
- Covered Rules: rules that are covered by previous rules (and will never be used)
- Disabled rules
- Time-inactive rules
- Rules without logging and without comments
- Unattached, unused and unrouted objects
AFA also includes the Intelligent Policy Tuner, which identifies rules that are too wide and permissive, and rules which contain sparsely used objects, thereby enabling you to fine tune your policy.
For details, see View policy data.
AFA helps you comply with standards and regulatory requirements such as:
- Basel II Capital Accord
- BS 7799 / ISO 17799
- NIST 800-41
- Payment Card Industry Data Security Standard (PCI DSS)
- Cyber Security Standards (CIP)
Additionally, AFA enables you to incorporate auditing into your work process. Simply define the schedule for analysis. AFA will automatically perform the analysis according to your defined triggers and e-mail the results to the relevant people upon completion.
For details, see Run traffic simulation queries.
AFA also enables you to manage your security network policies from the perspective of your business applications, using the additional AppViz plugin.
AppViz is available from the bottom left menu in AFA, and opens in a separate tab.
For more details, see Welcome to AppViz.