Risk Analysis

Firewalls serve as the cornerstone of your organization's security and ensure optimal traffic flow for your business operations. In today's interconnected, network security conscious world, organizations have exponentially increased the number of multi-vendor firewall devices used and, by extension, the number of firewall rules being created. This makes conducting a risk review of your firewall policies increasingly difficult.

To tackle this issue, ManageEngine Firewall Analyzer has introduced the Risk Analysis report to simplify the prioritization and management of all rules. It helps you list rules based on severity, identify weak firewall policy misconfigurations, and limit security incidents.

Currently, the Risk Analysis report feature is supported for the following devices.

Prerequisites for creating the Risk Analysis report:

1. The Risk Analysis report needs network zone configuration details fetched from your firewall device using a device rule to identify the policy traffic flow.
2. These network zone details are required to generate the Risk Analysis report and the Compliance Standards report.
3. If zone details are already configured, clicking the Generate Report button will generate the Risk Analysis report. If not, the user needs to fill out the network zone details and click Save to generate the Risk Analysis report.

After adding a firewall device and updating its credentials, Firewall Analyzer gives you the option to generate a Risk Analysis report. To do this, go to Rule Management > Risk.

This report categorizes the rule risk based on severity, like so:

• Critical
• High
• Medium
• Low
• Attention

This report comprises two sections:

• Summary
• Rules

The Summary tab gives you overall information about your firewall device's risky rules. It helps to identify the overall risky rule count and risk severity level count, and provides reports on the risk level trend and the risk level analysis.

The Rules tab gives you in-depth information about your firewall rules. The Rules page has two views:

• Show by Rule
• Show by Risk

Show by Rule

• This page contains all the risky rule data along with the associated risk level count.
• Clicking Risk Count shows all the associated risk information for that rule.
• Clicking Risk Information shows the detailed findings and recommendations for that risk section.

Click the Risk Count option to get drilled-down information on the risks associated with a specific rule.

Click Risk Information to get a detailed analysis on the selected rule.

Show by Risk

• This page displays the risk sections that contain risky rules.
• Clicking Risk Information shows the associated firewall rules that fall under that risk section along with detailed findings and recommendations.
• Users can authorize risky rules that allow trusted traffic by selecting the rules and clicking the Mark As False Positive option.

The details in the report are explained below:

Click Risk Information to get a detailed analysis on the selected risk. This includes detailed findings and recommendations for the firewall rules associated with this risk.

If you find any risky rules that are trusted, select them and click Mark As False Positive to exclude those rules from being considered when generating the Risk Analysis report.

Select the Excluded Rules icon to view the list of rules marked as false positives.

Want to know more about how Firewall Analyzer's Risk Management module can help you assess you current firewall rules? Sign up for a personalized demo. Or, download the free, 30-day trial and check out how the Risk Management feature can help optimize your firewall performance and ensure optimal protection against evolving threats.