Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Firewall Analyzer - Middle East Workshop


Published on

Learn about firewall log analysis and policy management.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Firewall Analyzer - Middle East Workshop

  1. 1. ManageEngine Firewall Analyzer Log analytics and configuration management software for network security devices
  2. 2.  How to add the device in Firewall analyzer.  Traffic Statistic.  Security Statistic.  Device Management  Rule Management Agenda
  3. 3.  configure terminal  logging enable logging timestamp  logging trap informational logging device-id {context-name | hostname | ipaddress interface_name | string text}  logging host interface_name syslog_ip [udp/<syslog_port>] Sample configuration of Cisco ASA.
  4. 4.  Live Traffic  URL monitoring (Allowed and denied URL's)  Web Usage(Http,Https).  Admin Reports (logged in logged out,command execution)  Intranet monitoring  Internet monitoring Traffic Statistic.
  5. 5. Live Traffic Report(user based traffic)
  6. 6. URL monitoring(Allowed and Denied)
  7. 7. Web Usage (http and https)
  8. 8. Admin Reports (logged in logged out,commands execution)
  9. 9. Intranet monitoring & Internet monitoring
  10. 10.  Virus Report  Spam Report  Attacks Report  Security Report Security Statistic
  11. 11. Virus Report
  12. 12. Spam Report
  13. 13. Attacks Report
  14. 14. Security Report
  15. 15. VPN Report
  16. 16. o Device rule (change management and Policy fetching). Device Management
  17. 17. Rule fetching
  18. 18. Change Management
  19. 19. • Configuration changes are recorded and time stamped • User responsible for the change is recorded • Total number and type of changes are listed • The changes in configurations like modified, added and deleted are highlighted Change Management
  20. 20. o Compliance policies o Rule Management o Policy Optimization. Compliance
  21. 21. • Supports different compliance formats such as PCI, ISO, SANS, NIST, NERC. • Continuously monitors your firewall rule changes. • Reports instantly on any rule misconfiguration. • Automatically schedules 'Security Audit Reports’. Compliance Reports
  22. 22. Improve your firewall performance by analyzing the firewall policy anomaly reports. Firewall Analyzer provides a detailed reports on the following anomalies: • Correlation • Generalization • Redundancy • Shadow • Grouping Policy Optimization
  23. 23. Shadow anomaly: In this case, second rule will never get hit. It is shadowed. Also, action is different for both the Rules.
  24. 24. 2. Redundancy anomaly: Shadow and Redundant Rules are more or less similar. If Action differs it is shadow, otherwise it is redundant. Case 1 (R1 is subset/equal of R2): Administrator can remove R1 Case 2 (R2 is subset of R1): Administrator can remove R2
  25. 25. Set alert notification on the following alert profiles: • Normal alert • Anomaly alert • Bandwidth alert Alert Profiles
  26. 26. • Search the raw logs of Firewall to pinpoint the exact log entry which caused the security activity. • Mine the security incidents using the advanced search of Raw Firewall logs. Forensic Analysis
  27. 27. Scheduling Reports Report Profiles: • Set up and automate report profiles for any number of devices on which Firewall Analyzer is reporting. Log Filters: • Log filters let you define filters for the log data that is reported on. Customized Reporting with Protocol Groups: • Firewall Analyzer groups protocols into Protocol Groups based on their function.
  28. 28. • Audits & analyzes the complete firewall security and configuration. • Provides a security audit report with rating. • Assess the best way to fix the issue. • Recommends best practices based on the report. Security Audit
  29. 29. Premium Edition • Supports up to 60 devices • For small and medium scale network Editions Distributed Edition Supports up to 1200 devices For large scale network
  30. 30. Support for more than 50 vendors
  31. 31. Firewall Analyzer is a technology partner with : Technology partnerships What our partner has to say about us: "This integration offers administrators an incredible amount of visibility into firewall systems. Application control goes deeper with detailed usage reports, while change management, security reporting, event trends, and a detailed compliance report for firewall configuration creates an immediate ROI for customers to present back to their stakeholders." — Ben Oster, WatchGuard
  32. 32. Some of our Customers
  33. 33. ManageEngine Support:
  34. 34. Get Certified and be a ITOM professional