SolarWinds' Rule Tracker maintains a history of the business justification for each firewall rule allowing access into your enterprise network. It also identifies the precise rules that have changed between revisions so that new documentation can be entered incrementally.
Documenting the business justification for your firewall rules is now easier than ever. You told us that you didn't want something that would lock you into a restrictive process, so we designed a tool that lets you get the job done independently of change management systems. You asked for something really user-friendly, so we incorporated the use of simple spreadsheets and a system that works offline so no direct connections are required to the firewall itself. You wanted flexibility to catch up before an audit, so we made sure you could document your rules whenever you need to on a incremental basis.
Even with a formal change process, most enterprises struggle to track the business justification for a rule, as the documentation is often kept in a change ticketing system where the affected rules might not even be mentioned in the resolved ticket. In cases where the tickets do mention the rules (using either CLI notation, line or rule numbers), keeping a clean record of the documentation becomes extremely difficult in the face of change over time.
Change ticketing systems were not designed for generating rule documentation on a rule by rule basis. As a result, when it is time to clean up rules or do a rule audit for PCI or other security requirements, locating up to date documentation that can be associated with specific rules is a mammoth task.
Rule Tracker solves this dilemma by recognizing that 1) documentation should be entered and stored using a rule-centric view and 2) built-in intelligence for rule by rule change analysis is necessary in order to track documentation and identify what needs updating and 3) spreadsheets are still the most tried and true method for people to complete documentation requirements.
Built on Firewall Security Manager's comprehensive understanding of firewall rules, and the network and service objects and object groups that they refer to, the system tracks rules based on what the rule is doing, rather than the CLI text and the line number in the configuration (which changes every time new rules are added or deleted). This is perhaps the biggest reason why documentation is oftentimes inconsistent and incomplete.
In a simple spreadsheet-like interface, users can add documentation on a rule by rule basis. Whenever a new version of the configuration is imported, the tool automatically identifies new and modified rules. One of the major pluses of the system is the flexibility it offers to work with any kind of change process. Users may document the rules incrementally or at the point that changes are being deployed. The Rule Tracker, however, does not impose any dependencies to keep the documentation tightly integrated with the change process, and makes it possible to fill gaps on an incremental basis.
In addition, the system can evaluate changes without requiring device connections. All of the analysis is available from the configurations which can be directly imported into the Rule Tracker. This is especially convenient because documentation may be performed by anyone with read-only permissions to the configurations. The Rule Tracker can also export spreadsheet reports that can be shared with other stakeholders, updated, and then be re-imported back into the system.
Reviewing the business justification or original intent for rules is one of the best ways to understand if your firewalls are doing the right thing. Frequent changes, increasing network complexity and personnel turnover cause the knowledge around legacy rules to get lost. SolarWinds' Rule Tracker works with configurations from Cisco, Check Point and Netscreen firewalls to help enterprises maintain a complete firewall rule documentation history.
SolarWinds' Rule Tracker is particularly useful for companies looking to comply with PCI DSS 1.1.5 and NERC R2.2, or for internal documentation and security reporting purposes. For auditors, especially PCI QSAs, reviewing the documentation for each firewall rule is an ideal place to identify lax security controls, general rulebase neglect and other red flags that trigger the need for further investigation. What SolarWinds accomplishes for organizations is a convenient and simple way to certify what access is acceptable throughout the rule's lifecycle.
The Rule Tracker can be purchased as an add-on solution to any Firewall Security Manager installation and is also available as a bundled solution with SolarWinds' Rule Cleanup feature.