PureSecuredPureSecured
homesecurity visionservicescontactpuresecurity


login

@puresecured.com

 


   checkpoint logo

 

        


        

 

 



PureSecured Security Overseer Service (SOS)



PureSecured SOS is a service to ensure that your security administration stays Secured. Security Policies have a tendency over time to grow and expand, as additional rules and objects are added. This increases the complexity of the rulebase, and with increased complexity comes increased risk that changes may have unintended consequences that compromise the security of the firewall's configuration.

PureSecured SOS is a pro-active system that uses a combination of automated rulebase change review, audit compliance policies and uniquely tailored reporting to ensure that your security configuration remains in constant compliance with your security policy, and that expired and irrelevant rules and objects can be quickly identified to minimise the risk of accidental exposure and keep the rulebase as clean, tidy and manageable as possible.

PureSecured SOS provides four key methods of rulebase integrity protection -

  1. Rulebase Tracking. Every time an administrator makes a Save or Install Policy function, all changes made by that administrator are tracked and logged, with a report showing every change made in the revision. This allows all administrator activity to be tracked and logged, as well as providing an automated report that can be cross-referenced with an internal change request. This ensures that changes that are requested in the change request reflect exactly on what has been performed in the change request.

  2. Change Auditing. As part of the PureSecured SOS setup, a change Audit Compliance policy will be built, based upon your IT Firewall Security Policy. This can include checks such as -

    • All rules must have logging turned on. Any rule without logging will generate an Alert.
    • All rules accessing the DMZ/Protected segment(s) must be approved by the IT Security Manager
    • All Rules with a Source, Destination or Service of "Any" must be approved by the IT Security Manager
    • All Changes to rule "x" will generate a mail alert to the IT Security Manager If your organisation does not already have an IT Security Policy for Firewalls, a template-based one can be designed as part of the Setup Process.

  3. Rulebase reporting. PureSecured SOS has a comprehensive set of reporting functions to provide unique views upon rulebase usage. A regular weekly rule usage report is generated and sent via email to show the most common and least commonly used rules in the rulebase, as well as rules that were unused during the week. This can be used to review whether these barely used rules are required anymore, and prompt their deletion if not needed. Also provided is a weekly summary report of all changes made by all users, useful for providing a security team activity report for Firewall changes. Also available are forensic reports to document all changes on a rule, or all changes made by a particular administrator over a period of time.

  4. Revision Comparisons. A complete revision history is kept in the database. So it is possible to compare what a rulebase looked like on a previous date, and also show a side-by-side comparison report of the changes between any two revisions. This can provide invaluable forensics information when troubleshooting or trying to track an emerging issue, as well as provide a historical context on security changes.


The PureSecured SOS service works by performing ongoing checks on all changes as they are saved or installed. Alert notifications provide real-time alerts on non-compliant changes. All changes are also manually reviewed for “sanity checking” and escalated as required. This is supplemented by regular rule and log reporting that tracks rulebase utilisation and makes recommendations towards optimising rulebase efficiency and performance. The result is a combination of automated and manual processes that provide a continuous audit and review service that ensures that your security configuration stays as current and accurate as possible.

PureSecured SOS also includes 4 days of onsite consulting, one day a quarter. This can be used for Audit or policy review sessions, technical support issues, network vulnerability assessment, product consulting or any other issues that are relevant to your business. Email support for Firewall and Security issues is also provided as a part of the service - think of us as your resident on-call security expert!

Contact us for more details.

 

<< back to services