Athena FirePAC

The complex interaction between a Firewall Rule and a Firewall Policy presents a real challenge to Firewall Administrators. For those organisations with more than a single vendor’s solution deployed or where firewall security policy demands more than a single layer of perimeter firewall protection, additional complexity is added to the firewall configuration and firewall analysis overhead.

Athena FirePAC eases this management burden by providing offline firewall rule analysis and firewall audit tools that helps administrators ensure that firewall management is efficient and error free. Because Athena FirePAC understands how rule changes affect Firewall behaviour, rules optimisation and clean-up will never disrupt critical business services.

• Firewall clean-up

  • Clean out all of the redundant, shadowed and overlapping rules that cause configuration errors, slow performance and make the firewall more costly and difficult to manage.

• Security policy checks

  • Apply automated security templates to uncover exposures to critical hosts by identifying the dangerous services the firewall allows into the network.

• Policy comparison

  • Validate how changes to the rules impact the overall behaviour of the firewall. Determine what IP addresses might be at increased risk or what services are allowed by new versions of the configuration.

• Services query

  • Determine all of the services allowed to a particular host or from a particular source. Identify what hosts may be exposed to a particular service. The policy query takes into account how all of the ACL, NAT and route rules are working together to control the behaviour of the firewall.

• What-if analysis

  • Understand how rule dependencies and complex interactions impact firewall behaviour before changes are deployed to the network.

• PCI compliance

  • Produce automated compliance reports that go beyond a checklist for minimal compliance. The FirePAC PCI audit pinpoints precisely what your firewall allows to reach your credit cardholder data.

• Dangerous rules prioritisation

  • Prioritise the riskiest rules causing the greatest exposure to your internal network. Problem rules can be modified to be more restrictive in order to pass security audits and ensure that the firewall is designed to mitigate risk.

• Wizard-driven UI

  • Manage powerful analytics across multiple firewalls using FirePAC's intuitive interface and automated workflows. FirePAC makes it easy to understand the details about different firewall vendors using familiar views.

• Migration support

  • Accelerate the migration process dramatically and ensure that the target policies are equivalent to the original. Athena FirePAC is the only solution that can provide remedies for the errors introduced through the conversion process.

• Rule usage analysis

  • Simplify your rule-base by removing unused rules and objects. Move the most used rules to the top of the rule-base to improve performance.

• Intelligent rule reordering

  • Generate an automatic optimised rule order based on the rule usage and rule dependency analysis. FirePAC ensures that performance optimisation will not alter the security profile of the firewall.

• Compliance comparison

  • Determine the impact of changes to your compliance profile. This report can be used to do periodic automated audits.

• Rule and Object search

  • Search ACL rules to see if the change you want to make has been undertaken previously.. Search your address and service objects by name or by content and find what rules and objects use the objects you are looking to modify or add.

• Group reports

  • Summarise the key findings on an inventory of firewalls including the number of security and compliance risks as well as opportunities for optimisation.

• Mass update facility

  • Upload a group of firewalls for analysis in a single operation

• VPN analysis

  • Confirm the VPNs that are configured, the remote peers and the protected networks.

• Scheduled analysis

  • Set-up your firewalls for automated periodic audits

• Customised security checks

  • Build your own security templates. Customise a set of checks to audit the firewalls for compliance to your corporate policies.

Reduce Security Risks with better Firewall Configuration and Management

Through better management of Firewall Rules and Firewall Policy, organisations will realise improvements in their security posture. By automating Firewall Rule and Firewall Policy Management user error or omissions are reduced. This improved Firewall Security mitigates risks and provides the tools to harden an entire fleet of firewalls.

Because analysis is performed off-line, no direct connection to your firewall is required and what/if modelling can be undertaken without posing any risk to perimeter or internal security, or network availability. The risks posed by dangerous firewall rules represent a critical vulnerability to an organisation’s overall security.

How Athena FirePAC can help

Better management of Firewall infrastructure reduces risks from internal and external threats. Rules management is an arduous and meticulous task. By providing IT Professionals with the tools that ease this overhead, overall security will be improved and Network and Security administrators will be engaged in more productive activities. Because performing the task is so laborious, it is often moved to the bottom of the priority list and not performed as regularly as best practice security policies would dictate.

Athena FirePAC provides extensive Firewall reporting and modelling capabilities. These tools can used to produce easy to read and interpret Firewall Documentation and supporting reports. Costs will be saved because auditing and compliance required for PCI-DSS is easier to undertake, and by providing reference Firewall Documentation this will in turn reduce the time and cost for QSA’s to complete the auditing process. This in turn will reduce compliance related costs and encourage the use of best practice methodology.

Policy Comparison

Policy Comparison lets administrators undertake detailed change modelling prior to deployment into the network. After deployment, you can verify if the rules are correctly implementing a given security policy. By using Athena FirePAC’s policy comparison feature the traditional cycle of test-repair-test will be relegated to the past. Any configuration revision is analysed and behaviour differences are compared with the original parameters.

Policy comparison enables users to

Determine the risk to specific IP addresses. Better understand what services are allowed with the updated configuration Ensure policy changes produced desired policy outcome Verify policy equivalence prior when rationalising objects groups prior to migrating to Cisco CSM or Juniper NSM Isolate the rules that were responsible for difference in actual versus anticipated behaviour outcomes.

Object and Rule Search

Athena FirePAC lets users search and browse all objects in a vendor neutral tabular format by object name, address or service content. In a single search, users can view all references to the object including parent and child relationships. This makes clear how any change to an object would impact other objects in the firewall. FirePAC rule search allows users to cut through objects with multiple levels of membership hierarchies to pinpoint the services and addresses allowed or denied by a rule.

Advanced Query

FirePAC’s advanced query can be used to identify all the ACL, NAT, VPN and routing rules that act on any traffic that is of interest to the user. By specifying a single address, users can understand all access to a server from external and internal zones. Unlike other tools, issuing a separate query with the public address is not required.

Athena FirePAC live demo

• The live demo contains sample Cisco, Check Point, and Netscreen firewall configurations with all FirePAC solution components turned on
  • Download live demo

Sample reports:

• Firewall Profiler

  Executive summary of rule cleanup and security audit analysis

  • View Sample Report

• Firewall Configuration Debugger

  Debug the configuration to quickly determine if the firewall is the source of a service availability problem

  • View Sample Report

• Rule Tracker

  Associate business justification with each individual rule, and maintain the documentation history throughout the rule's lifecycle

  • View Sample Report

• Impact Analysis

  Essential components for understanding the impact of ACL and object changes (FirePAC's entry-level base package)

  • View Sample Report

• Rule/Object Cleanup

  Simplifies your objects and eliminates rule clutter to improve manageability and performance

  • View Sample Report

• Security Audit

  Security Audit tool is comprehensive, intuitive and easy to use

  • View Sample Report

• PCI Compliance

  Generates comprehensive and highly professional PCI compliance reports full technical detail

  • View Sample Report