SecureTrack provides configuration change monitoring, reporting, and alerting features specifically for corporate firewalls. Check Point (NG FP3+), Cisco (PIX, ASA, FWSM, IOS Routers), Juniper (ScreenOS), and soon Fortinet (FortiGate) firewalls are all supported.

The product is deployed on a central Red Hat (Enterprise Linux, CentOS) server. For Check Point firewalls, the product tracks all changes made by admins (watching for policy saves or installs) logged onto a Check Point SmartDashboard or Provider-1 GUI. When such changes are noted, the central server uses OPSEC to retrieve the policy, storing it in its own internal DB for subsequent analysis. For other supported firewalls, the product periodically logs into the firewall via SSH, retrieving the firewall's policies and ACLs and translating them into the product's internal XML rule base format.

In both cases, once the policies are stored on the device, they are analyzed for changes; with alerting features supported to notify specified individuals as needed. Notifications can be sent in the form of E-mail reports, syslog messages, or SNMP traps.

SecureTrack leverages this configuration change repository to perform multiple monitoring/alerting features especially for security administrators or compliance officers. For example, organizational policies can be defined, with SecureTrack automatically providing notifications whenever a firewall configuration has been changed such that it violates those policies (such as allowing inbound telnet access). The vendor states that change reports detail both who made the change, and what firewalls were affected.

Other features include:

- Store and compare incremental policy changes in a graphical side by side view, with changes highlighted

- Report on the history of a specific rule; i.e., how and when it was changed over time

- Report on expired rules

- Generate rule usage reports which detail which rules are most-, least-, or un-used

- Support for usage analysis at the object level for Check Point, allowing for the identification of unused network and service objects

- Included best practice settings allowing for the generation of automated security audits of Check Point firewall configurations

- Support for the monitoring of Check Point FireWall-1 OS components; including network interfaces, routing tables and system resources (including CPU usage, memory, and disk space)

- Support for Cisco and Juniper Virtual Firewalls

Also available from the vendor is an appliance-based version of the product. Three appliances are listed: The T-500, supporting up to about 100 firewall devices; the T-1000, supporting up to about 500 firewall devices; and the T-1000 XL, with support for up to about 750 firewall devices.

In addition to the FortiGate support mentioned earlier, the new release of SecureTrack is also expected to boast enhanced change report filtering; supporting real-time reporting or alerting at the rule or object level.

SecureTrack is available now; pricing starts at $10,000. The new features described above--including Fortinet support--are expected on November 28, 2008.

Contact Tufin Software Technologies for further information.

product submission by EITPlanet Staff

E-Mail this page to a colleague
send info about SecureTrack

Suggest a link
for the SecureTrack fact sheet