Six steps to firewall hygiene with optimized rulesets
Analyze firewall rule sets and automate change management workflows to advance cyber hygiene priorities and reduce risk.
Learn how to:
- Protect your attack surface by eliminating risky firewall access rules
- Enhance business agility through firewall rule automation and provisioning
- Optimize firewall rule planning and strengthen your network security policy
- Free up personnel time through automated firewall rule analysis
- Accelerate firewall audit readiness and stay continuously compliant
- Reduce exposure to new vulnerabilities by leveraging Skybox threat intelligence
- Enforce continuous policy compliance with clear and intelligible rule sets
“How to review firewall rules” remains a popular topic of debate among security administrators discussing various firewall optimization options. The Skybox Security Posture Management platform solves that problem. It reduces cyber exposure risk exponentially by delivering a concise, manageable, optimized ruleset and automated change management workflows for provisioning firewall rule and object changes. Rule optimization and smart automation are leading firewall rules best practices, especially in industries such as Fin Serv, where periodic rule recertification is mandatory. The ability to de-risk proposed changes against unintentional vulnerability exposure is a unique Skybox differentiator and a critical capability for organizations interested in maintaining a fortified security posture against popular threats such as zero-day DDoS attacks. Skybox rule optimization capabilities extend to cloud firewall solutions and can be used to de-risk firewall deployments.
Identify shadowed, redundant, expired, or disabled rules
Shadowed and redundant rules have their scopes completely covered by other rules with the same action that appear above or below them in the firewall access rules. Because of the way the firewall evaluates traffic, shadowed and redundant rules remain unutilized, creating potential risks during a firewall audit. The Skybox Firewall Assurance module conducts firewall rule analysis to identify shadowed, redundant, administratively disabled, or expired rules.
Identify duplicate or orphaned objects
Duplicate objects introduce complexity in the firewall rule set, as they have the same scope but different unique names. Administrators can eliminate the inconsistency of firewall rules that use duplicate objects by reconfiguring all rules to use one object and deleting the extra objects, using Skybox Firewall Assurance.
Identify unused rules/objects
By analyzing firewall hit counters and traffic logs, Skybox firewall rule analysis software identifies unused rules & objects that can be safely removed from the firewall. Firewalls must be configured to forward the correctly formatted Syslog data to the Skybox Collector, where usage metrics are calculated.
Identify partially used rules/objects, evaluate flows
The Skybox Firewall Assurance module improves network visibility by delineating partial usage of rules and objects. It capturing firewall traffic flows over a period to outline the exact utilization of sources, destinations, and services within a rule or object. Thus, the solution can identify overly permissive rules and objects.
Create tickets for rule/object deletion/modification
Tickets are created in Firewall Assurance for deletion, deactivation, or modification of relevant rules or objects. Administrators can manage the tickets in the Skybox Change Manager module, which can enrich the change management workflow in ServiceNow and other 3rd party ITSMs.
Automated provisioning of rule/object changes on firewalls
Change Manager orchestrates the firewall security changes through integrations with PAN Panorama, Fortinet FortiManager, Check Point Security Management, and Cisco Firewall Management Center. Tickets are closed after the changes are successfully implemented and verified.