I am investigating a product that promises to ease multivendor firewall management, but I find it hard to believe...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
that it's possible to write one rule set that can be applied to multiple vendors' firewalls without exceptions or failures. What's your take on the maturity of multivendor firewall management technology?
Ask the Expert!
Have questions about network security for expert Matt Pascucci? Send them via email today! (All questions are anonymous.)
When it comes to firewall management, being able to make changes both across the board and to an individual firewall is important. In the long run, most firewalls pretty much do the same function, but in a slightly different manner. When you add next-generation firewalls (NGFWs) into the mix, you have a completely different beast to think about.
Most of the multivendor firewall management software products I've seen promise to ease the difficulties posed by a few key problems that come with managing firewalls made by more than one vendor, specifically by doing the following:
- Analyzing the rule base to verify regulatory compliance
- Determining which rules on the firewalls can be cleaned by running discoveries against the firewalls
- Monitoring and recording what changes were made to the rule base, and
- Converting rule bases from one vendor to another
There are some systems that allow you to create a single dashboard for all of your network devices and offer the ability to log in to them and make changes. However, I'm not aware of systems that allow you to push a firewall change to multiple, disparate vendors with a single command. It's possible that there are such vendors, but I'd be curious as to how they deal with the different methods of pushing rules to disparate vendors, especially when NGFWs are involved. Now that firewall vendors are moving away from the typical quintuple method of analyzing packets and moving into application and behavior analysis, pushing a rule isn't always a cookie-cutter approach, especially between vendors.
On the other hand, if you're running many different instances of the same firewall platform in your enterprise, most vendors provide a management system capable of pushing rules to each of those devices from a centralized management package. In addition to providing you with a convenient way to manage the firewall rules, this approach also allows you to monitor the devices centrally.
In my opinion, having a firewall management product that allows you to perform the functions that I mentioned earlier is well worth the money, but having a system that will push standardized rules to multiple, disparate firewalls is somewhat worrying.
Related Q&A from Matthew Pascucci
A new version of the Ursnif Trojan uses mouse movements to bypass security efforts by beating sandbox detection. Expert Matthew Pascucci explains how...continue reading
Adobe Flash's end of life is coming, and it includes an incremental removal method, allotting security teams enough time to adjust. Matt Pascucci ...continue reading
Explore the differences of public versus private bug bounty programs, as well as the benefits of each one. Expert Mathew Pascucci explains the risk ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.