Network Firewall Management Tools from Third-Party Vendors Gain Ground Among Enterprises

Secure Passage and other third-party firewall management vendors are playing in a small but growing market. Some analysts say third-party firewall auditing and management tools will have a place in the market until Cisco, Juniper Networks and other firewall vendors build out their capabilities.

Five years after spinning out of FishNet Security, officials at Secure Passage say they have watched the challenge of managing firewall policies mushroom.

In a space where larger vendors such as Cisco, Juniper Networks and Check Point Software Technologies loom large, third-party vendors like Secure Passage are finding a niche by offering enterprises deeper visibility into their firewall policies.

The company announced the availability of a new version of its flagship FireMon product Feb. 24. Designed to augment existing firewall administration tools from the Junipers of the world, the product competes against offerings from companies such as AlgoSec, Exaprotect and Tufin Technologies.

Some analysts say these companies are capitalizing on a small but growing market due to a lack of solid management and auditing tools from traditional firewall vendors.

"Generally, firewall vendors don't have an advantage here," said Forrester Research analyst John Kindervag. "They don't have the rules correlation engines in their products. Cisco has zero ability here. They have failed in the firewall management area, let alone the firewall auditing space."

Gartner analyst Greg Young agreed that many of the consoles and reporting tools from the firewall vendors are found lacking.

"As long as the firewall vendors continue to hold back on these features, third-party companies will help enterprises manage firewalls from multiple vendors, and stretch out the lifespan of firewalls by improving inefficient rule sets," he said.

To hear Secure Passage tell it, enterprises today are challenged by rising complexity in their firewall policies due to outdated and redundant rules. The complexity, Secure Passage CTO Jody Brazil noted, has long-term implications on firewall policy management.

"At some point, it becomes too difficult to simply manage what exists; that clean-up becomes overwhelming," he said. "Rules that are now obsolete become difficult to identify and simply remain in operation beyond their productive life."

"The result is ... decreased performance and unnecessary security risk [such as] open access that is not needed for legitimate business purpose," Brazil concluded.

To augment the management capabilities of the firewall vendors themselves, Secure Passage provides analysis tools that evaluate how firewall policies process specific traffic, what rule will be used, and how and when rules are triggered. In addition, the company provides reports that can be used to determine regulatory compliance.

Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is the biggest driver of the market, Kindervag said, adding that the rule requires enterprises to review firewall and router configurations.

"It is nearly impossible to manually audit firewall and router rules and policies," Kindervag said. "To do it properly, you need to correlate the rule base to the log files to see what rules are being fired and which are just open holes into the network. Most companies are not even addressing this issue. I regularly see companies who have never reviewed their firewall rule sets."