How to manage your multivendor firewalls like a pro
He said the AlgoSec gear generates reports that let him know whether his firewall rule sets are within the range of compliance standards set for PCI.
AXA is more concerned about SOX compliance, and Raymonda uses the AlgoSec software to assess the risk of new firewall rules proposed by AXA operating companies.
Those risk-assessment reports are reviewed by the requesting operating company, which determines whether the risk is acceptable in light of Sarbanes-Oxley requirements, he said.
The software can gather data for risk assessment from multiple firewalls based on a single instruction. So if he needs to assess a new rule for external firewalls, he doesn't have to deal with each one individually. Instead, the AlgoSec platform deals with them as one group and analyzes it, saving time and reducing errors.
"Everybody has made an error here or there in positioning a firewall rule," he said. "To have [Firewall Analyzer] do the calculations of literally millions and millions of potential access methods and evaluate it and come up with a risk assessment is just a godsend."
Raymonda said he has the AlgoSec software configured to poll firewalls regularly on its own to perform routine compliance checks.
These third-party platforms can also help find all the rules that apply to individual devices, which come in handy for Forester, who is moving Emdeon servers from Nashville to a new data center in Memphis. Tufin's SecureTrack software finds all the existing firewall rules pertaining to each server so the rules can be transferred to the Check Point firewalls located in Memphis, he said.
In general, Gartner said businesses should stick with a single firewall vendor, but it also realizes that is not always practical in large companies, Young said. Keeping firewalls optimized and compliant without these tools is a much greater task, he said.
Alternatives that are used by businesses are generally manual, including making entries about changes in Excel spreadsheets that have to be analyzed by hand. He said these lists get out of date and then administrators have to look around for the information they need. "Some of it may be in the Check Point console and then Fred knows what's happening on the Cisco console," Young said. "Nothing will ever replace a really knowledgeable firewall administrator, but it removes complexity."
For large companies, the software probably makes sense, he said. A business that might spend $10 million to $20 million on firewalls, for instance, would spend about $50,000 on these tools, so it represents a proportionally small investment, Young said. The demand for these products is not enormous, and the total sales for this type of product is $100 million or less, he said.
"It solves an irritation problem rather than being a show-stopper. It adds oil to the machinery," Young said.
Reprinted with permission from
Story copyright 2009 Network World, Inc. All rights reserved.
firewalls
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Southern Company
Download Now
Aligning IT to Business: The Rising Importance of Application Delivery Networks
Application Delivery Networking (ADN) will play a vital role in helping enterprises incorporate strategic technologies to achieve business initiatives.
Defending Against the Storm
Download Now
Mitigate Risk, Lower Costs and Improve Network Efficiency
Create a stable IP network that not only meets today's challenges, but is flexible enough to also meet future demands.
Share our Strength
Download Now
Preparing Your Business Services for the Future
Would you trust your network monitoring tools enough to know when something is truly halting a business service?
IPAM: Slashing Network Costs
Slashing Network Costs by Consolidating and Automating Core Network Services
Essential Archive Requirements for E-Discovery
Register Now!
Horror stories: Managing IT Across Multiple Locations
How one extra sharp IT manager eliminates daily agony, hassle and repetition.
