|
Although you can view firewall policies within Secure-Track, you have to use the respective Check Point, Cisco and Juniper native firewall interfaces to make changes or update configurations. We'd like to see a tool that can analyze and actively manage multiple types of firewalls for heterogeneous environments.
You'll spend most of your time in the Compare and Analysis interfaces. The Compare view allows you to see current rules, objects and global properties, offering a side-by-side comparison of current and previous versions. This is also where you can browse and drill down into firewall objects and properties, including any changes made. The revisions component is useful and allows you to view changes incrementally.
The Analyze tab allows you to make simple and effective queries, providing quick insight into any rule set. When you use the comparison and analysis tabs together, you can find conflicting and high-risk rules. Overlapping rules or gaps in rule sets between firewalls can lead to an unpredictable or insecure configuration. This risk assessment capability goes a long way toward helping you mitigate these issues.
SecureTrack has a number of features that provide value beyond simple reports, especially the ability to have reports emailed on a set schedule. Reports are fully customizable and include rule usage, rules and policy changes, and even node-specific object changes such as user membership, and OS modifications. Rule usage shows what firewall rules are triggered most, revealing unused or unnecessary rules.
These reports can be filtered by date, firewall, or nearly any other specific criteria. In addition to the canned reports, compliance and regulatory reports can be defined manually with custom policies that identify problem rules.
On the downside, the rule usage feature is currently not available for Cisco and Juniper firewalls.
Tufin has done a very good job of creating a centralized management solution, primarily for Check Point firewalls deployed in distributed environments. It should have broader application with enhanced Cisco and Juniper support, planned for the next release.
Testing methodology: Our lab included a single instance of SecureTrack on Red Hat, two Check Point firewalls and one Cisco firewall. Rules were imported from production environments.
|
