Firewalls serve as the cornerstone of your organization's security and ensure traffic flow for your business operations. In today's interconnected, network security conscious world, organizations have exponentially increased the number of multi-vendor firewall devices and by extension - the number of firewall rules being. This makes conducting a risk review of your firewall policies increasingly difficult.
To tackle this issue, ManageEngine Firewall Analyzer has introduced Risk Analysis reports to simplify and help you to prioritize and manage all rules. It helps in listing rules based on severity and in identifying weak firewall policy misconfigurations and in limiting security incidents.
Refer the Rule Management Report Support page, for the list of firewall devices that supports the Risk Analysis feature.
Prerequisites for creating the Risk Analysis Report:
After adding a firewall device and updating its credentials, Firewall Analyzer give you the option to generate a Risk Analysis report. To do this, go to Rule Management -> Risk.
This report categorizes the Rule Risk based on severity, that is:
This report comprises two sections:
The Summary window give you an overall information about your firewall device's Risky rules. It helps to identify the over all risky rules count, risk severity level count, risk level trend report and risk level analysis report.
The Rules Window give you in-dept information about your firewall rules. The Rules page has two views:
Click on the Risk Count option to get drill down information on the risks associated with a specific rule.
Click on Risk Information to get a detailed Analysis on the selected rule.
The details in the report are explained below:
Risk Level | - The severity level of the risk, as defined by the default profile of Firewall Analyzer. |
Risk ID | - Identification number of the risk detected. |
Risk information | - Description of the risk. |
Rules Count | - Number of rules affected. |
Click on Risk Information to get a detailed Analysis on the selected risk. This includes detailed findings and recommendations on the firewall rules associated with this risk.
If you find any Risky rules that are trusted, select them and click on Mark as False Positive to exclude those rules from being considered when generating Risk report.
Select the Excluded Rules icon to view the list of rules marked as False Positive.