SANS Firewall Security Policy guidelines helps organizations to manage and configure their perimeter devices which enables them to ensure network security. Firewall Analyzer, helps you to meet the SANS Security Policy requirements at an ease with its out-of-the-box reports. Following are the audit checklist of SANS and the details on how Firewall Analyzer helps to meet them
|Rules||Description||How Firewall Analyzer meets requirement|
|4||Ensure that logging is enabled and that the logs are reviewed to identify any potential patterns that could indicate an attack||Firewall Analyzer automatically collects and analyzes all your firewall logs to provide out-of-the-box reports and alerts that helps you to identify potential patterns of security attacks|
|9.1||Avoid using localhost addresses in security policies||Firewall Analyzer provides you detailed report on all 'Allowed Rules with Local IP Addresses' that facilitates the decision on which localhost addresses should be used/avoided in security policies|
|9.2||Avoid using invalid addresses in security policies||Exhaustive reports on rules that allow traffic to LAN & DMZs via WAN Interface provides information such as the Policy name, rule name, Source, Destination, Service type, Source/Destination Interface and more, which helps you to identify & avoid using invalid addresses in security policies|
|9.3||Block the Incoming Traffic to broadcast address||Firewall Analyzer provides you information on configured rules which allow untrust traffic to broadcast address. This enables you to review the rules and block the incoming traffic from untrust zone to broadcast address|
|11||Block Insecure protocols,services and ports.||Firewall Analyzer provides you report which gives you detailed information on all the configured rules that allow insecure protocols, services and ports in your network. This report provides better insight of your network and helps you to block the insecure services or protocols|
|12||Avoid insecure Remote Access||Firewall Analyzer's 'HTTP Access Details', 'Telnet Access details', 'SSH Access Details', 'User Access Details' reports provides detailed information on inbound/outbound traffic which helps you to block the Remote Access with the insecure services|
|15||Block UnWanted ICMP Traffic||Firewall Analyzer provides you detailed report on rules that allow ICMP traffic from Untrust Zone. The solution also provides you the rules report that provide information on Blocked ICMP traffic to Untrust Zone. These two reports help the users to identify the unwanted ICMP traffic and block it|
|16||IP Readdressing/IP Masquerading||Firewall Analyzer's detailed rules report on 'All direct connections from untrust sources' helps to review and configure your rules in such a way that it blocks direct connections from untrust zone|
|19||Allow Traffic that is necessary for business requirements||Firewall Analyzer helps you to analyze the traffic connections from untrust source with its out-of-the-box reports. This helps you in identifying and allowing the traffic that are necessary for business requirements|
|24||Continued availability of Firewalls
|Firewall Analyzer provides you an option to backup all firewall data by Active StandBy and supports continued availability of firewalls|
Manage your firewall rules for optimum performance. Anomaly free, properly ordered rules make your firewall secured. Audit the firewall security and manage the rule/config changes to strengthen the security.
Get a slew of security and traffic reports to asses the network security posture. Analyze the reports and take measures to prevent future security incidents. Monitor the Internet usage of enterprise users.
Unlock the wealth of network security information hidden in the firewall logs. Analyze the logs to find the security threats faced by the network. Also, get the Internet traffic pattern for capacity planning.
With live bandwidth monitoring, you can identify the abnormal sudden shhot up of bandwidth use. Take remedial measures to contain the sudden surge in bandwidth consumption.
Take instant remedial actions, when you get notified in real-time for network security incidents. Check and restrict Internet usage if banwidth exceeds specified threshold.
MSSPs can host multiple tenants, with exclusive segmented and secured access to their respective data. Scalable to address their needs. Manages firewalls deployed around the globe.