Firewall Risk Analysis - Rule Management Reports


    Firewalls serve as the cornerstone of your organization's security and ensure traffic flow for your business operations. In today's interconnected, network security conscious world, organizations have exponentially increased the number of multi-vendor firewall devices and by extension - the number of firewall rules being. This makes conducting a risk review of your firewall policies increasingly difficult.

    To tackle this issue, ManageEngine Firewall Analyzer has introduced Risk Analysis reports to simplify and help you to prioritize and manage all rules. It helps in listing rules based on severity and in identifying weak firewall policy misconfigurations and in limiting security incidents.

    Refer the Rule Management Report Support page, for the list of firewall devices that supports the Risk Analysis feature.

    Prerequisites for creating the Risk Analysis Report:

    1. Risk Analysis report needs network zone details configuration fetched from your firewall device using device rule to identify the policy traffic flow.
    2. These network zone details are required for assessing risk analysis report and compliance standards report.
    3. If zone details are already configured, clicking on generate button will generate the Risk Report. If not, the user needs to assign the network zone details and click on save to generate the Risk Analysis Report.

    After adding a firewall device and updating its credentials, Firewall Analyzer give you the option to generate a Risk Analysis report. To do this, go to Rule Management -> Risk.

    This report categorizes the Rule Risk based on severity, that is:

    • Critical
    • High
    • Medium
    • Low
    • Attention

    This report comprises two sections:

    • Summary
    • Rules

    The Summary window give you an overall information about your firewall device's Risky rules. It helps to identify the over all risky rules count, risk severity level count, risk level trend report and risk level analysis report.

    The Rules Window give you in-dept information about your firewall rules. The Rules page has two views:

    • Show by Rules
    • Show by Risk

    Show by rules page

    • This page contains all the risky rules data along with associated risk level count.
    • Clicking on risk count shows all the associated risk information of that rule.
    • Clicking on risk information shows the detailed findings and recommendation of that risk section.

    Click on the Risk Count option to get drill down information on the risks associated with a specific rule.

    Click on Risk Information to get a detailed Analysis on the selected rule.

    Show by Risk page

    • This page displays the risk sections that contain risky rules.
    • Clicking on risk information shows the associated firewall rules that falls under that risk section along with it's detailed findings and recommendation.
    • User can white list the risky rules that allows trusted traffic by selecting the rules and clicking on Mark as false positive option.

    The details in the report are explained below:

    Risk Level - The severity level of the risk, as defined by the default profile of Firewall Analyzer.
    Risk ID - Identification number of the risk detected.
    Risk information - Description of the risk.
    Rules Count - Number of rules affected.

     

    Click on Risk Information to get a detailed Analysis on the selected risk. This includes detailed findings and recommendations on the firewall rules associated with this risk.

    <

    If you find any Risky rules that are trusted, select them and click on Mark as False Positive to exclude those rules from being considered when generating Risk report.

    Select the Excluded Rules icon to view the list of rules marked as False Positive.