In my last post Firewall management for companies of all shapes and sizes I talked about my plan to write about firewall management needs for all types of businesses i.e. SMBs, Distributed Branch Offices, Global Enterprises, MSP/MSSPs. Today, I will focus on MUST HAVE features for Small and Medium Businesses (SMBs). I will address remaining segments in future posts.
I often get asked, how do you define an SMB? Some analysts define SMBs as companies with less than 1000 users and others define it as companies with revenues less than $50 million. IMO, you should consider yourself an SMB if you don’t plan to buy more than few firewalls, which you can count on your fingers (of one hand).
If you are a small and medium business with limited security expertise then its probably better for you to rely on MSP or an MSSP for managing your firewalls. When you prefer or are forced to manage your firewalls then here is the list of five MUST HAVE features in your next firewall manager. If you don’t, you will most likely end up suffering later.
1. Simple and easy to use.
If you are going to pay under $1,000 for a firewall then you don’t have money to spend on a Firewall Management appliance. But if you are going to have more than 1 or 2 firewalls then considering buying at least a virtual Firewall Management appliance. Many vendors offer virtual versions of their firewall management appliances. These virtual versions provide immense value by streamlining your firewall management as well as give you superb visibility in to your security posture. Irrespective of what you end up doing, make sure your next firewall manager is easy to use.
How do you look for simple firewall manager? You ask.
I suggest talking to your partner who helping you get that Firewall. Insist on buying best firewall for the money you can but at the same time make sure you ask for the one that will make your life easier. Fore the reseller to prove that the firewall manager is easiest to use among whatever is available in the market.
2. Shows high level view of your network traffic with ability to drill down.
A picture is worth thousand words, and that is what you want to see when you login into your Firewall Manager. If you can get a pictorial view of firewall rules and your network then you won’t need to spend hours figuring stuff out.
If your next Firewall Manager doesn’t provide you a good visual representation of rules and network traffic then it isn’t built for you. If it does, then make sure it doesn’t stop at the top level visualization, some vendors will have that, but you don’t want only pretty pictures so check for the ability to drill down into details from those high level views. You will need that while troubleshooting your network problems.
3. Send you alerts via Email/SMS when things go wrong.
Most likely you won’t have time and manpower to go check the Firewall Manager’s screen on a daily basis. You would want to get alerted in cases things go south, examples could be when your Firewall deployed in High Availability mode switches over, or when your Firewall detects an intrusion or malware etc. The best vendor will not only have Firewall Manager that alerts you but also provide configurability on those Alerts so that you can customize it for your needs.
Now a days, its relatively easy for vendors to implement email/SMS alerts in Firewall Managers. So, make sure you check whether your Firewall Manager has ability to alert you using most common mechanisms such as Email/SMS. If it does, then it should score high in your buying decision.
If it doesn’t then that probably means the vendor hasn’t really developed the firewall for your use. Stay away from it!
4. Recoverable, allows full backup and restore.
This particular feature is required to handle the the worst case scenarios. Let’s hope that your firewall never fails and you don’t ever have to use this feature.
But what if one day your firewall drops dead?
When it does, you don’t want to find out that there is no way for you to get back previous state. Therefore, just like you buy insurance for your valuables or backup important data (I really hope you do!), you need to maintain backup your entire firewall configuration.
Ideally, your next Firewall Manager should be able to automate this step to take recurring backups at some frequency. That way, you won’t have to expend your time and energy to make sure you have a backup.
5. Provides traceability of the Firewall configuration changes.
We often fat-finger configuration and when that happens you don’t want to find out that your firewall manager didn’t keep track of the changes. If it’s not you who fat-fingered, then you would also want to know who made the changes for variety of reasons.
So make sure that your next Firewall Manager tracks as well as logs all the configuration changes you or anyone else makes. This data will be useful for general usage analysis, audit or compliance purpose in the future.
You should also check whether your Firewall Manager can generate standard reports for such audit data, so that you don’t have to spend time on creating one, should one be required.
By the way, if you are managing your own firewall because of regulatory or compliance reasons then make sure such reports showing compliance for specific regulatory standards, are available or else what’s the point of buying that firewall?
So that is it, those are the top 5 must have features that come to my mind. What do you think?