The market for firewall audit tools is heating up as organizations search for ways to automate firewall rule set analysis to meet compliance requirements.
"Some companies have so many firewalls out there with so many rules," said Eric Ogren, founder and principal analyst of the Ogren Group. "They may have gotten them via acquisition, or have a blend of Check Point and Cisco. It's hard to keep them consistent."
Firewall auditing tools give organizations a way to find unused rules that have accumulated over time and become redundant or contradictory, said John Kindervag, senior analyst at Forrester Research Inc. By eliminating unused rules, organizations can remove a potential attack vector, he said. Firewall audit tools also can help optimize the firewall rulebase, which can improve performance, he added.
But compliance requirements, particularly the Payment Card Industry Data Security Standard, are the main drivers for enterprises buying the tools, Ogren and Kindervag said. PCI DSS Requirement 1.1.6 mandates the review of firewall and router rule sets at least every six months.
"That's the biggest market driver," Kindervag said, adding that it's impossible for organizations to go through their firewall rules every six months without some type of automation. Most firewall auditing tools also can manage router configurations, he said.
Vendors in the firewall auditing tools market include AlgoSec Inc., Athena Security Inc., Check Point Software Technologies Ltd., LogLogic Inc., ManageEngine, a division of ZOHO Corp., Matasano Security, RedSeal Systems Inc., SecurePassage LLC, Skybox Security Inc. and Tufin Software Technologies Ltd., according to a report Kindervag wrote last year.
Jody Brazil, president and CTO of Overland Park, Kan.-based Secure Passage, said PCI DSS continues to drive demand for his company's FireMon product, but other regulations, such as those from North American Electric Reliability Corporation (NERC), are increasingly coming into play. The heavily regulated financial-services industry has been a top market for SecurePassage, along with the telecommunications industry, but retail and other industries are adopting the tools too, he said.
"The problem of managing complex configurations is certainly universal," Brazil said.
Todd Ferguson, enterprise information security architect at financial-services firm Raymond James, said the company uses FireMon extensions (plug-ins) to perform policy checks on firewall implementations every time a new policy is pushed out. The St. Petersburg, Fla.-based company has mostly Juniper firewalls with a few Cisco firewalls.
"It greatly reduced the amount of manual checking we had to do from a post-implementation standpoint," he said. "Before that, we had to have an administrator make the change and an engineer follow up to make sure the change was made properly and not resulting in unintended openings."
Ferguson said the tool helps meet compliance demands: "Every time we push a policy change to the firewall, we're doing a compliance check. We're ensuring we're meeting our own standards including regulatory requirements."
SecurePassage this week launched FireMon Nexus, an online community where customers can share custom FireMon extensions to help with specific security and compliance issues. Ferguson said Nexus would have saved him time writing Raymond James' FireMon extensions if it had been available earlier, but that it will be the first place his team looks before writing new extensions to avoid reinventing the wheel, so to speak.
Looking ahead, the firewall auditing market will evolve with vendors adding new features, according to Kindervag. In the future, the tools will be able to perform more detailed analysis, analyze multiple firewalls across the network, tie into security information management (SIM) tools, and integrate into full IT service management processes, he wrote in his report last year.