News Column

Poor firewall auditing and reporting impacts on companies' risk posture

August 1, 2014

Richard Broeke

The role of the firewall has expanded considerably from its traditional role of perimeter security to securing application connectivity, interrogating application traffic, controlling web usage, and blocking spam.

Without effective audits and reporting, companies are unable to make intelligent decisions around the configuration of the firewall and don't have the insight or agility to respond to threats and vulnerabilities.

About 50% of administrators audit their firewalls once a year and about 10% never do it. There is a wealth of excellent information buried in firewall logs that document port scans, unauthorised connection attempts and activity from compromised computers and devices, amongst other things.

Logs should be checked weekly, if not daily, but I concede that standard firewall reporting tools can't provide information that facilitates intelligent decision making because the information logged is often in a format that is difficult to understand and even more difficult to report on.

Actionable information needed

Companies need actionable information on the behaviour of the technology and usage by the company's users. Technical stats aren't enough.

Without proper visibility, companies have no idea if the firewall is configured appropriately or if there are any holes. With standard reporting tools, companies can't see, for instance, whether the firewall's intrusion protection settings are appropriately configured, or when attacks happen and if they have been stopped.

It goes without saying, that on-the-fly management and configuration decisions will be a shot in the dark as well.

It doesn't have to be this way for companies using Fortigate Firewalls. With the innovative security incident and event management (SIEM) solution, logMojo, companies with Fortigate Firewalls can get the depth of information that need for effective firewall management and reporting.

logMojo boasts rich reporting features and more detailed analytical tools for the intelligent management of Fortigate Firewalls. Backed by its distributed, parallel processing Cloud, logMojo combines high-speed, real-time analysis of FortiGate logs with Intelligent Alerting and Dynamic Drill Down Reporting.

Many reporting solutions offer only the top "X" number of results for specific protocols like http and smtp; while others only offer general reports not tailored to the detailed information generated from a FortiGate.

Complete, detailed FortiGate reporting

logMojo is the only solution for complete, detailed FortiGate reporting on all aspects of its features. This includes all FortiGate system events, traffic information, content filtering, application control, intrusion prevention system, anti-virus, anti-Spam, VPN, and authentication. Every single piece of information in or out of a FortiGate can be reported upon quickly and easily with as much - or as little - detail as required.

logMojo's Executive Reports, aka Overview Analysis Reports, provide high-level summarised information across all aspects of a FortiGate Firewall. The informative charts and graphs cover all aspects of a unit's health, usage, status of UTM/NGFW features, geo-ip reports and more.

The short, concise reports are perfect for quick weekly, monthly or quarterly reviews of what has been occurring on - and through - the device. The reports can also be used to aid in compliance with regulations.

logMojo's Scheduled Reports System allows reporting upon months of data (which may contain hundreds of millions of events) quickly and to spot trends and events needing further investigation easily. It also allows reports over multiple devices to be combined together to allow a global view of security events across the enterprise or distributed business.

logMojo's alerting and reporting capabilities are like an intelligent CCTV system. While the average CCTV system will simply monitor and record movement in an environment, an intelligent CCTV system will provide alerts when there is suspicious movement. Likewise, logMojo provides alerts when there is malicious activity. Admins know where to start looking for incidents, and action can be taken immediately.

Admins can easily analyse logs and more effective decisions on bandwidth management and network security with actionable insight into website visits, traffic, and employees' usage of the network. This makes the management of the firewall strategic, focused and effective. When a firewall is effective, companies get return on their investment.

All rights reserved.

For more stories covering the world of technology, please see HispanicBusiness' Tech Channel

Source: Bizcommunity (South Africa)

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters