Review: Securing The Firewall With SecureTrack
Easier said than done, right?
There is a common misperception that firewalls are a one-time configuration job -- that once it's set up and running, there is nothing left to do. The reality is that with ever-changing mix of applications, evolving user needs, and new security threats, the operations team has to proactively monitor and secure the firewall. However, missteps can be costly, as many data breaches are the result of a misconfiguration. For large enterprises with geographically distributed firewalls, keeping track of configurations and making sure policies are consistent is not just a time-consuming task; it can also be a logistical headache. Add in the complexity of mixed-environment, or networks where the firewalls come from more than one vendor, and the nightmare is complete.
SecureTrack 4.1 is a firewall operation management tool from Tufin Technologies, Ramat Gan, Israel, that can control and manage policy changes, analyze risks, and ensure business continuity. With SecureTrack, operations teams have a single interface that will display the configuration settings for each monitored firewall. Distance does not matter. All the information from each firewall is collected at predefined intervals and stored in SecureTrack's centralized database for analysis.
Tufin submitted SecureTrack 4.1 for review here at the Test Center. While Tufin sent the software version of ScureTrack, the company also offers an appliance-based version, as well. For the purpose of this test, Tufin provided three virtual machine images. One image had the SecureTrack application installed on a Linux host -- Red Hat Enterprise and CentOS are both supported -- and the other two images were of Check Point firewall products. While it's primarily supporting Check Point solutions, the application does have Cisco and Juniper support, as well, Tufin said.
Keep in mind, however, that SecureTrack is a passive tool -- it monitors and detects changes -- it can't actually make any changes to hardware or security policies. For planning and keeping track of all security policies and authorizing changes, SecureTrack simplifies management and also provides a comprehensive and accurate audit trail for full accountability. For actual changes, administrators still have to rely on the interfaces that came with that firewall.
Once the images were running, SecureTrack was aware of the Check Point products. To make the monitoring tool visible to Check Point, an OPSEC application needs to be created first. To do so, the SecureTrack server has to be declared as a new host node to the SmartCenter. This is not necessary for Cisco and Juniper firewalls, since SecureTrack uses SSH for those products. From the Web management interface, monitored devices are added to SecureTrack. A wizard collects address details, data collection options, and login information for the devices. The devices are visible as soon as they are added.
The compare menu lists monitored devices with a connection status icon and a number indicating how many policy revisions had occurred over a time period. All modifications and policy changes made to both test firewalls, when they were made, who made them, who applied them, from which computer the changes were made, and policy type are all visible here.
SecureTrack allows older and current policies to be displayed side-by-side in order to see the policy changes. The view clearly identifies which rules and objects were added, deleted or modified. It's fairly easy to read through the changes because the rules are displayed using the same style and icons as would appear on the firewall's own management interface. The graphical views of firewall policies and changes are available across the platform, as well.
The analysis tool can query firewall security policies on traffic patterns, such as checking that instant messaging and peer-to-peer applications were being blocked. Queries can also be used to find redundant rules. There's also a way to find and clean up unused rule bases and objects, to identify potential vulnerabilities in existing rules, and to optimize objects to improve performance.
SecureTrack continuously monitors firewall policies, so any configuration changes are detected automatically, and as soon as it is made. Because changes can be made in real-time, administrators can poke and tweak the rules and immediately see the result in firewall performance, making it easier to optimize the firewall based on actual traffic. All policy and rule changes -- even to components such as network interfaces and routing tables -- are reported in a variety of ways -- notifications can be sent as e-mail, logged to syslog, and stored in the SecureTrack system. SecureTrack analyzes the change and sends out detailed reports detailing which firewalls are affected by the change, what some of the impact will be, and which administrator authorized it. Advanced reports also provide a complete accounting of changes and effects. Performance monitoring tracks CPU, memory, and disk space utilization. When user-defined thresholds are exceeded, email alerts are automatically sent.
SecureTrack software license starts at $5,000, but the final price may vary depending on actual configuration. The entry-level appliance starts at $4,600. Tufin has two support programs for partners to bundle with SecureTrack. The standard annual software maintenance and support program, which is 20 percent on top of the product price, provides customers with software upgrades, and updates, as well as phone and email technical support during normal business hours. The premium program, at 40 percent on top of the product price, offers the same upgrades and updates, but also has phone and email technical support with up to two hour response time. Partners can expect 30 percent to 40 percent margins on the product, and 15 percent to 20 percent margins on maintenance contracts.
Tufin partners are security focused, have a skilled sales and technical staff, meet annual sales targets, and participate in lead generation campaigns. Tufin offers partners dedicated staff, cooperation in marketing activities, technical and sales training, and access to demo software and beta programs. Tufin plans to start a rebate and awards program first quarter 2008.