I am investigating a product that promises to ease multivendor firewall management, but I find it hard to believe...
that it's possible to write one rule set that can be applied to multiple vendors' firewalls without exceptions or failures. What's your take on the maturity of multivendor firewall management technology?
Ask the Expert!
Have questions about network security for expert Matt Pascucci? Send them via email today! (All questions are anonymous.)
When it comes to firewall management, being able to make changes both across the board and to an individual firewall is important. In the long run, most firewalls pretty much do the same function, but in a slightly different manner. When you add next-generation firewalls (NGFWs) into the mix, you have a completely different beast to think about.
Most of the multivendor firewall management software products I've seen promise to ease the difficulties posed by a few key problems that come with managing firewalls made by more than one vendor, specifically by doing the following:
- Analyzing the rule base to verify regulatory compliance
- Determining which rules on the firewalls can be cleaned by running discoveries against the firewalls
- Monitoring and recording what changes were made to the rule base, and
- Converting rule bases from one vendor to another
There are some systems that allow you to create a single dashboard for all of your network devices and offer the ability to log in to them and make changes. However, I'm not aware of systems that allow you to push a firewall change to multiple, disparate vendors with a single command. It's possible that there are such vendors, but I'd be curious as to how they deal with the different methods of pushing rules to disparate vendors, especially when NGFWs are involved. Now that firewall vendors are moving away from the typical quintuple method of analyzing packets and moving into application and behavior analysis, pushing a rule isn't always a cookie-cutter approach, especially between vendors.
On the other hand, if you're running many different instances of the same firewall platform in your enterprise, most vendors provide a management system capable of pushing rules to each of those devices from a centralized management package. In addition to providing you with a convenient way to manage the firewall rules, this approach also allows you to monitor the devices centrally.
In my opinion, having a firewall management product that allows you to perform the functions that I mentioned earlier is well worth the money, but having a system that will push standardized rules to multiple, disparate firewalls is somewhat worrying.
Related Q&A from Matthew Pascucci
While there are no set rules, there are some security recommendations when it comes to virtual machines running on one host. Learn the best practices... Continue Reading
Poisoned search results have spread the Zeus Panda banking Trojan throughout Google. Learn what this means, how search engine poisoning works and ... Continue Reading
A report from CrowdStrike highlights the growth of malware-less attacks using certain command-line tools. Learn how to handle these growing attacks ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.