Network security VARs, take note: AlgoSec’s FireFlow network policy change
workflow management software is the next hot-ticket item for customers. But
VARs will have to wait until 2009 to get their hands on it.
AFA (AlgoSec Firewall Analyzer) was a big hit with Lightwave Security’s
customers, says Lightwave CEO Joseph Dell.
But while AFA analyzes firewall configurations and operations and provides
security risk management, it left out a crucial piece of the puzzle: network
security policy change life-cycle management.
OK, that’s quite a mouthful. But it’s really pretty simple, says Dr. Avishai
Wool, co-founder and CTO of Algorithmic
Security. FireFlow automates the life cycle of policy change requests all the
way from submission through audit.
"This is one of the first things our customers asked for, way before
the FireFlow product was announced; they wanted to automate their change
management process," Dell says. He adds that change management is a hot
networking and security topic for his customers, many of whom have been
struggling to address policy change workflow management for years.
Why is this so important? Because with some companies dealing with as many
as 50 to 100 security policy changes each week, effectively managing and
tracking network security policy changes can mean the difference between secure
and vulnerable.
Network security policy changes can be triggered because of new technology
partnerships forged between companies, the introduction of new applications,
redesigned networks, reassigned servers or employees joining or leaving the
company, Wool says.
"The enterprise, and therefore its network security policy, has to be
in a constant state of flux. Because of these changes, large organizations have
to deal with a large volume of requests to change the way their firewalls in
particular are configured," Wool says.
Companies often dedicate significant staff to handling these changes and
tracking the change requests, but Wool says when the numbers move into the
double and triple digits, it’s easy to forget to implement a requested change,
miss a change that needs to be made or incorrectly track a change that was
made, all of which compromises security.
"I’m always looking for the next big thing, that significant emotional
event that makes people want to buy a product immediately. As soon as I heard
about AlgoSec I knew that was where I had to be," Dell says.
He says while enterprises all jumped on the firewall bandwagon 10 years ago,
the crucial element now is managing not just network traffic but also corporate
policy and policy changes.
"The care and feeding of these ever-changing firewalls is the part
that’s most frequently forgotten about," Dell says. Companies that have
been struggling with change management over the last three or four years can
use AFA and FireFlow to gain needed visibility and control over network
security policy, not just for their own sakes but, in many cases, for the sake
of compliance auditors, he says, for those end customers that are required to
prove compliance with the Sarbanes-Oxley Act or HIPAA (Health Insurance
Portability and Accountability Act), for instance.
FireFlow is compatible with products from Cisco Systems, Juniper Networks
and Check Point Software Technologies, says Wool, making the solution
compatible with 90 percent of the install base of firewalls worldwide. Since
the market for firewall-specific workflow management solutions is new, the
space is a wide open frontier for VARs and resellers, especially those that
want to go back to existng customers for upsell and services sales.
Wool says while EMC, Hewlett-Packard and
CA have very generic workflow management systems, they don’t compete directly
with FireFlow. Those systems are large, complex, difficult to install and
manage and don’t address firewall policy change management directly, according
to Wool. FireFlow does, however, integrate with these workflow management
systems for additional policy management insight, he says.
While AlgoSec announced the product June 16, it will only be available as a
beta in the third quarter of 2008. It won’t be generally available until early
2009, though Wool says AlgoSec is ramping up to get awareness out.
"We have about 200 worldwide customers currently on AFA, and they’ve
shown a substantial amount of interest already," Wool says.
Dell adds that most, if not all, of his customers will
want to get their hands on FireFlow, though they will have to cool their heels
for a while. "Whereas before, sure, maybe we could shoehorn some policy
change management functionality in, now we’ll be able to say, ‘Yes, we have a
product that can do that for you,’" Dell says.