Create or Optimize a Security Policy based on Network
SecureTrack™'s Automatic Policy Generator (APG) is a powerful
tool for optimizing an overly permissive security policy, or for
creating a new policy for an unprotected network segment. APG
creates a policy based on an analysis of:
- Current network traffic
- Compliance with organizational and regulatory policies
- Alignment with industry best practices
The resulting firewall rulebase ensures that business-critical
traffic is flowing normally, yet meets corporate and regulatory
security standards. APG creates a rulebase that is not too
permissive, is optimized for high performance and organized for
easy management and maintenance.
Fast and efficient, APG processes thousands of logs to create a
new rulebase in minutes. APG also provides security professionals
with a powerful new tool for tightening existing firewalls,
re-building complex, heavy rule sets, and analyzing the rulebases
of firewalls inherited from other organizations, for example,
following a merger or acquisition.
Using APG to Secure a New Segment
Since there is a trade-off between the degree of permissiveness
and the size of the rulebase, APG allows you to interactively
determine how granular you want the rule base to be. APG also
optimizes performance by ordering the rules according to usage.
Finally, to ensure that the new rule base is not just accurate but
also compliant, SecureTrack can be used to check alignment with
corporate and regulatory security policies, as well as industry
Using APG to Optimize Existing Firewalls
APG is also a powerful tool for tightening security and
improving efficiency on protected network segments. By analyzing a
policy and its traffic logs, APG can identify the permissive rules
on any firewall and provide alternatives that are more accurate.
APG can be run on a specific rule or a set of rules.
You can use the interactive graph to determine the level of
permissiveness and the number of rules created. Afterwards, you can
further fine-tune the result with the policy view.