Firewall operations management tools tested
By Rob Smithers | Network World US
Published: 15:20 GMT, 12 July 2010
Anyone running multiple firewalls in a complex, enterprise environment knows how difficult it can be to catch misconfigurations, avoid conflicting rules, identify vulnerabilities and meet auditing and compliance mandates.
- AlgoSec Firewall Analyzer |
- FireMon from Secure Passage |
- RedSeal Network Advisor and Vulnerability Advisor |
- Skybox View Assure and Skybox View Secure |
- Tufin SecureTrack
In this test, we look at five firewall operations management products: AlgoSec's Firewall Analyzer, RedSeal's Network Advisor and Vulnerability Advisor, Secure Passage's FireMon, Skybox's View Assure and View Secure and Tufin's SecureTrack.
We found that these products perform similar core functions: they retrieve configuration files of firewalls (and other network devices), store the data and analyse it. They can look at change history, analyse existing rules, perform rules-based queries, re-order rules, and send out alerts, if policies are violated. They can also create automated compliance audit analysis and reports.
In addition, they can do modelling and wargame analysis based on a snapshot-in-time version of the real network. Plus, Algosec, RedSeal and Skybox can provide network diagrams and topology views of the underlying networks.
We focused on practical and usability characteristics of the products, specifically installation and ease of use, configuration, compatibility and interoperability. The evaluation was conducted with firewalls from Cisco, Check Point, Juniper and SonicWall.
We used the Mu Test Suite to perform security audits on the firewall, while being monitored and managed by the different firewall management products under test.
In addition, the security policy assessments were conducted with Ixia's IxDefend and Ixload. Ixia's IxDefend is a security assessment tool that can quickly find quality, resiliency and security exposures across an array of applications. We used Ixia's IxLoad to generate HTTP and FTP traffic to the firewall.