MSSP

Firewall Analyser

Log Analytics and Configuration Management for Firewalls

Gaining network activity insights and keeping abreast about firewall logs is a challenging task as the security tool generates a huge quantity of traffic logs. There is a wealth of information available in the firewall configs and logs,which if mined properly can provide invaluable inputs to the organisations security posture and network performance.

Softcell’s SecureShield Firewall Analyzer is a log analytics, policy management and configuration monitoring software dedicated for firewalls It helps administrators track policy changes, optimize firewall performance and bandwidth usage, and also maintain compliance standards. It can dramatically improve visibility of the security posture and speed up responses by automation.

Rule Management

Gain Visibility over your entire rule set. Analyse effectiveness of Firewall rules and fine tune them for optimal performance.

Detect rule anomalies and optimise rule set
- Covered Rules
- Rule consolidation
- Expired /about to expire rules
- Recurring Rules
- Overly permissive rules
- Rule Order to improve performance
Automate firewall rule administration.
Determine if a new rule will negatively impact the existing rule set.
Object optimisation – unused/duplicate objects.

Config Monitoring

Analyse policy configurations that have an impact on firewall security and performance.
Admin Checks & Access Permissions.
Authentication Checks – Weak passwords.
Compliance with best practices.
Clear text checks -for sensitive info in un-encrypted format.

Log Analysis

Complete Visibility and security/traffic analytics. Know what’s happening on your network, to take corrective action wherever required.

Identify security attacks, viruses, and other security anomalies.
Integration with Threat intel to identify malicious IP’s allowed into network.
Impact of security policies on traffic - what traffic gets blocked by a particular policy.
Monitor and track internal threats in the network.
Perform forensic analysis to pinpoint threats.
Know if any viruses are active on your network, and see the hosts that are affected.
Mine for security incidents from raw firewall logs.

Security Compliance Management

Out-of-the-box compliance reports for the following industry standards
- DISA STIG Compliance
- CIS benchmarks

Firewall alarm management

Notify admins when threshold is crossed.
Automatic alerts in real time via email/SMS.
Alarms can trigger scrips to automate incident response.
Active alarms on system related events classified as high, critical, informational.
Live Logs – Details about last 5 minutes of traffic logs for near-real time information.

Reporting

Bandwidth Reports– Top users of VPN/SSL VPN/Browsing.
Attack reports - Source IP/Country of Attacks.
Policy reports – which policies triggering maximum blocks.
Traffic Reports- to help plan network bandwidth capacity using detailed traffic reports.
VPN reports – on VPN usage/trends.
Audit log reports for system related events.
Inventory Details of firewall host names, IP addresses, vendors –integrated with analyzer.
Custom Reports.
Export reports in CSV, PDF.

Dashboards

Allowed Dashboard – Topmost sources, destinations, services, users, countries, policy ids etc.
Denied Dashboard – Details of Access denied activities.
Threat Dashboard – Critical alerts displayed in threat platform.
Summary Dashboard - summary of all firewalls activity in single dashboard.

Benefits at-a-glance

Gain insights into network activity.
Analyze Firewall Configurations, Policies, and Rules.
Manage Firewall Compliance.
Analyse network traffic patterns via detailed dashboards.
Perform forensic analysis - eg how many ips /av signatures detected and blocked.
Understand bandwidth usage.
Visualise and analyse traffic & security issues in a single console.

For further information/demonstration, please contact [email protected]