Policy Generator: APG

Create or Optimize a Security Policy based on Network Traffic

SecureTrackā„¢'s Automatic Policy Generator (APG) is a powerful tool for optimizing an overly permissive security policy, or for creating a new policy for an unprotected network segment. APG creates a policy based on an analysis of:

  • Current network traffic
  • Compliance with organizational and regulatory policies
  • Alignment with industry best practices

The resulting firewall rulebase ensures that business-critical traffic is flowing normally, yet meets corporate and regulatory security standards. APG creates a rulebase that is not too permissive, is optimized for high performance and organized for easy management and maintenance.

Fast and efficient, APG processes thousands of logs to create a new rulebase in minutes. APG also provides security professionals with a powerful new tool for tightening existing firewalls, re-building complex, heavy rule sets, and analyzing the rulebases of firewalls inherited from other organizations, for example, following a merger or acquisition. 

APG Select Rule

Using APG to Secure a New Segment

Since there is a trade-off between the degree of permissiveness and the size of the rulebase, APG allows you to interactively determine how granular you want the rule base to be. APG also optimizes performance by ordering the rules according to usage. Finally, to ensure that the new rule base is not just accurate but also compliant, SecureTrack can be used to check alignment with corporate and regulatory security policies, as well as industry best practices.

Using APG to Optimize Existing Firewalls

APG is also a powerful tool for tightening security and improving efficiency on protected network segments. By analyzing a policy and its traffic logs, APG can identify the permissive rules on any firewall and provide alternatives that are more accurate. APG can be run on a specific rule or a set of rules.

You can use the interactive graph to determine the level of permissiveness and the number of rules created. Afterwards, you can further fine-tune the result with the policy view.

More resources
10.35.4.249;