Firewall audit tools (sometimes called firewall management products) can help enterprises, IT solutions providers and MSSPs navigate the labyrinth of managing and changing firewall rule
These products automate firewall rule set analysis, identifying obsolete and conflicting rules, and compare current rules to enterprises' access control policies. They also identify firewall objects -- devices to which they control traffic -- that are no longer in use or relevant.
Experts say channel partners can benefit from direct sales of firewall audit tools, and can also leverage these tools for revenue-generating services or to add value to existing services.
The market is still relatively small, with perhaps $25 million to $30 million in annual sales expected this year, according to John Kindervag, senior analyst at Cambridge, Mass.-based Forrester Research Inc. There are a handful of vendors led by Tufin Software Technologies Ltd., Secure Passage LLC and AlgoSec Inc., he said.
As in most security markets, compliance is a major driver. The Payment Card Industry Data Security Standard (PCI DSS) requires companies to review firewall and router rule sets every six months. That may be pretty straightforward for small companies with one or two edge firewalls and a few dozen rules, but it's widely considered a difficult, labor-intensive and error-prone undertaking for large, distributed enterprises that have many internal firewalls segmenting networks. "In a dynamic enterprise environment, a lot of people are adding, deleting and changing rules," said Joe Luciano, CTO for Access IT Group, a King of Prussia, Penn.-based Tufin partner. "That's how it gets out of control. You have to go line item by line item."
Most firewall management tools are compatible with major firewall vendors, such as Cisco Systems Inc., Check Point Software Technologies Inc. and Juniper Networks Inc. This is often a result of the many mergers and acquisitions driven by the economy, particularly in financial services, according to Tufin CEO Ruvi Kitov. He also noted that customers gained through mergers and acquisitions account for about 10% of the company's business.
"You have fewer organizations but more devices, and fewer hands on deck," Kitov said. "You need central management for infrastructure that is very diverse."
Firewall audit opportunities for solution providers
Experts believe VARs can make a strong case for these tools in a tough economy. Enterprises that had dedicated staff for managing firewall rules now have fewer people to handle what was already a daunting task.
"I know of companies that have dedicated resources trying to manage thousands of firewall rules," said Kindervag. "It's too much. Humans don't have the computational power to understand all the interrelationships of all those firewall rules. The only way you can handle them is through these types of tools."
Enterprise customers going through major firewall upgrades and data center moves present good sales opportunities, said Access IT's Luciano. VARs can sell firewall audit tools, such as Tufin's SecureTrak, to establish baselines at the start of the project and then deliver change reports at the end. In addition to the product sale, he said, solution providers can add a day or two of professional services to install and configure the product, perform the baseline audits and issue the reports.
Vendors are also introducing improved capabilities for managing routers and switches in firewall audit tools. These capabilities will improve the management of complex enterprise access control lists (ACLs) and traffic flow policy. This should help IT security departments (which Luciano said are almost always the sales entry point), persuade their network management groups to pick up some of the cost when they see the benefit to their operation.
Firewall rules management and managed services VARs and service providers can use these tools to perform one-time or periodic firewall audits, which can also be included as part of larger security audit/assessment engagements. The service provider delivers the report with recommended changes, which can be made either by the customer or the provider with customer approval.
"One of our practices has always been around firewall audits," said Bob Gomez, area sales manager for Bedford, Texas-based Future Com Ltd., a Secure Passage LLC partner. "The tool helps us deliver a more comprehensive audit or assessment for our customers."
Gomez said most customers engage the company for quarterly audits. Secure Passage's FireMon allows Fire Com to pick up where the last audit left off.
"Manual assessments really mean starting over every time," he said. "There's no history. This tool lets you do comparison of historical data to see what changes are made."
In addition, Kindervag said, these tools can add significant value to managed firewall and network services because of their ability to automate analysis of thousands of rules across multiple, often heterogeneous devices.
Tufin's Kitov said managed service providers (MSPs) have been the company's largest vertical in 2009, as customers rather than channel partners. They buy the products to add value to their services and save money on their end by being more efficient.
"I've talked to managed service providers who are building these tools into managed services as competitive differentiator," said Forrester's Kindervag. "If you've got to manage 500 firewalls, it's a really good deal."