As more companies become concerned about data breaches, IT solution providers are finding increased demand for firewall policy management. Companies are realizing that while they are trying to battan down the hatches to preven data leaks, there is also an opportunity to save money while increasing effectiveness. Here, Kalat, sales engineering manager at Algosec, a vendor of products that help manage security policies across firewalls, routers, and VPNs, discusses how IT solution providers can offer peace of mind to customers by offering firewall policy management solutions.— Jennifer Bosavage, editor
Tools in the firewall policy management space have been around for many years, but have traditionally languished in relative obscurity to most of the IT world. That trend is changing. (Ed. note: For more, see
How To Successfully Sell Managed Internet Security Services.)
Various firewall policy management vendors have experienced some explosive revenue growth. Interest in what was once a niche market has grown into a must-have tool set for any serious IT shop today. Delivering those new and valuable solutions to customers takes some understanding of the market need and knowing a few tips on how to successfully sell firewall policy management tools.
Many drivers are fueling the boom in firewall policy management. As firewall technology has matured, the size and complexities of firewall rule bases have grown far beyond the size at which they can be audited by hand. Compliance and regulatory requirements are pushing many organizations to seek out tools to help them create audit reports.
The growth and use of MSSPs has fueled a desire by some organizations to be able to have a third-party validation of the MSSP’s work. Additionally, the need to trim costs by reducing firewall engineering staff, increase accuracy of changes, reduce mistakes, and speed up the workflow of changes all drives adoption of firewall policy management tools.
Typically, a firewall policy management solution offers a number of key features, usually bundled as a suite. Part of the suite is used for audit and analysis of firewall policies. Another part of the suite is used for workflow management and validation of new firewall change requests.
An interesting, and occasionally frustrating, aspect of selling these tools is that the various tools features are useful and desirable to different parts of an IT organization. Cross-departmental selling is often vital in a large organization. A key to selling a full suite, or even a component of it, is to understand which features are important to which departments, and targeting those features to the right decision makers. Often, that involves making sure key IT management decision makers are included in the buying decision at a customer.
Audit and analysis tools focus on existing firewall polices. They offer a long list of useful functionality. First is to identify configuration risks and risky rules that are too permissive or are allowing dangerous traffic to sensitive parts of the network. Most tools come with a large set of risks, and also allow a customer to customize the tool with their own risks or white-list certain risky rules as required for business. Most often, this feature is used by the IT Security or IT Audit groups who typically do not run the day to day firewall administration, but desire oversight and audit functionality.
Next, most tools offer extensive change monitoring and alerting. That feature appeals to the Network Operations team as well as the Security teams. Policy Optimization helps find redundant rules, unused rules and objects, and tighten down rules to only those services and hosts actually being used. Additionally, policy optimization can help customers reorder their rule bases for optimal throughput and CPU usage. Most often, the network engineering or security operations team is interested in that feature set. Compliance reporting is an important selling feature, and typically is used to generate PCI, SOX, and similar compliance audits of the firewall.
Those reports are often desired by senior IT management, as well as anyone charged with auditing the firewall for compliance.
As the audit and analysis tool set will often cross many organizational boundaries within IT and security, it is important to identify which feature set is driving the interest, and therefore who has the budget to purchase the tools, and focus on those areas, but there is a cautionary note here. Often, the network operations team who is making the day-by-day firewall changes is not always thrilled when the security oversight group suddenly has very detailed reports about risks and perceived mistakes on the firewall policy. It is vital to carefully navigate this potential conflict so that internal politics does not destroy the solution sale.
When considering the Workflow Management solution set, the focus is shifted from existing policy clean up to intelligently managing new firewall policy change requests. Features of a workflow management solution typically are focused at helping IT as a whole make better firewall changes, and as such, requires buy-in from a number of groups.
For requestors of firewall changes, a firewall workflow management tool allows customized Web-based submission forms with validation and intelligence capabilities to ensure the request is valid. Once a ticket is submitted, the workflow tool can automatically select which firewalls handle the traffic request in question, and if the traffic requested is already allowed to pass those firewalls. That can save a lot of effort and time on the part of IT, as well as reducing implementation of redundant rules.
Next, the request rule can be checked for risks against a customized risk profile, giving the security group a chance to review the rule for appropriate security issues. Once the ticket is approved, the workflow tool will give an exact recommendation of how and where to implement the new rule, and in some cases, automate creation of the rule as well. Once rules are implemented, the workflow tool can audit that the change was done accurately, with no extra access granted.
Finally, the entire process is documented with each individual involved noted and a full history of activity on the ticket is kept. That is a key feature; years later, there may be a question why and how a rule came into existence.
Given the multiple groups that a workflow solution may interact with, it is very important to have high level IT leadership involved early in the purchase decision to avoid any turf wars. The key functionality to promote is the accuracy, time savings, and automation involved, which appeals most to the IT leadership. The huge advantages of the discovery, automation, intelligence, accuracy, and historical record will heavily outweigh the costs of an additional change management system, but this argument most often resonates best at a high level in the IT organization.
Offering firewall policy management solutions is a fast growing market segment with serious customer demand. Knowing the value propositions, which features and functionalities appeal to various departments, and when to sell up the org chart are important aspects of successful sales.