Automated configuration management tools clean out redundant rules - Information Security Magazine - Page 1

Automated configuration management tools clean out redundant rules

The problem is almost as old as the firewall: Keep your business safe without impeding operations; keep dangerous traffic out while making sure legitimate traffic moves freely and quickly. That's not always easy, especially in large, distributed enterprises.

Over time, hundreds of firewalls, often from multiple vendors, spawn thousands of rules, many redundant or obsolete. Performance degrades and the network may be at risk without your knowledge. Change management becomes a formidable challenge in this environment--testing the impact of new rules, making sure an apparently redundant rule is really redundant and an obsolete rule is never actually used.

"The process was manual, intensive and prone to error," says Dave Witherspoon, director of technical security and forensic services at Canadian-based Scotia Bank. "We lacked confidence cleaning up old rules, in case someone was still using them."

It doesn't have to be that way. Automated firewall configuration management tools from companies including AlgoSec, Secure Passage and Tufin Technologies allow organizations like Scotia Bank to weed out old and redundant rules without risk, and test new and modified rules before risking them in production.

"Change management is a rigid process at Scotia Bank. We have strict guidelines and practices," says Witherspoon, who has deployed AlgoSec's Firewall Analyzer on a number of Scotia Bank's core firewalls. "Now we have the ability to be proactive around change.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

We've eliminated risk and freed resources."

These products make good sense, both as business enablers and security tools. While regulatory compliance and security are important considerations, keeping business running smoothly may be the biggest incentive.

This was first published in October 2007