Managing firewall changes is no simple task. There are several keys to ensuring a smooth firewall change management process – that meets both security and business agility requirements.
- Automating tasks where possible. Examples of this include, but are not limited to:
- Leveraging out-of-the-box change workflows to efficiently manage some of the more common requests such as adding, removing, changing or recertifying rules, and changing objects.
- Reconciling change requests with the actual changes performed to identify any out-of-process changes. In our recent survey, The State of Network Security 2012, out-of-band changes were noted as resulting in a system outage more than 50% of the time.
- Leveraging firewall-aware analysis to:
- Automatically identify the firewalls and rules that are affected by a proposed change;
- Simluate the change to proactively detect risk or compliance implications BEFORE the change is made;
- Identify requests that are unneeded (AlgoSec research has found that 25% of changes are unnecessary), thus eliminating additional work that has no value.
- and more… - Integrating with existing change management systems. This capability is the primary focus of this blog. AlgoSec FireFlow complements existing change management systems with intelligent automation that enables IT to process firewall changes more quickly and with less risk. We've created this short video to show how AlgoSec FireFlow complements and integrates with BMC Remedy to eliminate the need for opening and tracking change requests in multiple systems. Enjoy!
COMMENTS