Policy & Compliance Analysis
Compliant or Secure? Which is it?
We recognize that not all organizations have the same IT security and risk management objectives, however all organizations must strike a balance between being compliant versus being secure.
Compliance is a continuously evolving process. As organizations mature they are ready to develop more efficient methods and processes for managing and monitoring their compliance adherence.
Most organizations audit their firewall policies annually or as part of a third party audit. With the amount of change that occurs daily within most environments, annual audits are not enough.
Security On-Demand’s Policy and Compliance Analysis (PCA) Service provides firewall, router, and switch security policy configuration risk analysis. It is a comprehensive, non-intrusive, easy-to-use, and supports all of the major firewall platforms in the industry.
By employing the typical firewall audit toolsets into a subscription-based managed service, we provide continuous auditing of your firewall policies and can alert you immediately if an unauthorized firewall change occurs. Our non-intrusive, offline analysis can be performed on a single firewall, group of firewalls, routers load balancers and a host of other policy-driven network devices. Our solution uses patented 5-dimensional algorithms to calculate how the firewall will respond to every potential packet it may encounter and uncovers more risks with greater accuracy and provides the most intelligent automation, improving security and compliance while increasing operational efficiency and accuracy.
Security On-Demand will provide you with analysis reports on a scheduled basis and offer to review the analysis with a designated individual from your company and by a certified firewall security expert. In addition to immediate notification of critical firewall rule changes, we offer a host of compliance reports that fulfill requirements for PCI, ISO 27001, HIPAA, SOX, and others.
Other solution features include:
- Identify security risks present in the firewall configuration & policies
- Analyze intended firewall rules as part of your risk management process
- Prevent improper rules from being implemented
- Implement real-time firewall change management tracking and notification
- Ensure best practices by comparing firewall configuration to a knowledgebase of best practices
The following is a summary of compliance controls that may help with prioritizing your decisions.
RECOMMENDED SECURITY COMPLIANCE CONTROLS
- UTM Firewall
- Intrusion Detection/Prevention
- Log Management
- Perimeter Vulnerability Scanning
- Anti-Virus Protection
- Threat Monitoring, Correlation & Response
- Firewall Policy & Compliance Analysis
- Web Application Firewall (WAF)
- Web Application Vulnerability Scanning
- Internal Network Vulnerability Scanning
- File Integrity Monitoring
- Malware Threat Protection (Sandbox Analysis)
- Network Access Control (NAC)
- Wireless Intrusion Prevention/Detection
- Denial of Service/Distributed Denial of Service (DDOS)
- Governance, Risk, & Compliance (GRC)
Policy & Compliance Analysis Service:
Firewall policies and change management are a major challenge for organizations. Security On-Demand’s Policy & Compliance Analysis Service can help to automate and streamline this process. Download our Service Brief and learn more about how we can help you implement a rigorous and manageable firewall audit program.