Firewall Auditing

Audit & Augment Firewalls with Flow-based Monitoring

Firewalls have long been a necessary means for reducing the attack surface for enterprises and end users alike. When properly configured, they can be very effective. However, configured rules and actual traffic don’t always map to one another. As well, fat-fingered firewall rules are an ever present danger. Much attention is given to software operating system vulnerabilities, yet misconfigurations represent another means of weakening the enterprise’s security stature.

Lancope’s StealthWatch System provides unfied, flow-based security, network and application performance monitoring across physical and virtual networks. Having a means of monitoring actual traffic, ports and services provides a convenient and effective means of auditing the current firewall configurations to ensure that actual traffic adheres to security policies. In fact, PCI compliance emphasizes the importance of such proper configurations through insisting that corporations shut down ports and services not necessary for normal business operations.

StealthWatch can also conduct in-depth, behavioral analysis on data obtained from firewalls and other perimeter devices to enhance firewall auditing, as well as improve other efforts including security, policy management, network troubleshooting and compliance.

By monitoring and profiling all services and ports on the network, StealthWatch delivers unified visibility across physical and virtual networks that:

  • Enables scenario analysis of firewall changes before implementing as a risk-free means of verifying and/or measuring the impact of such changes without adversely affecting the end user network experience

  • Provides a network-wide view of traffic composition, enabling you to see at a glance which services are in use and how much bandwidth each consumes

  • Confirms ports and services necessary for normal business operations

  • Highlights those ports and services that may have been overlooked

  • Alarms on out-of-profile and unauthorized access conditions

  • Mitigates violations to firewall configuration policy (optional)

  • Augments firewalls by detecting and alarming on suspicious activity at the perimeter