The role of the firewall has expanded considerably from their traditional role of perimeter security to securing application connectivity, interrogating application traffic, controlling web usage, and blocking spam. By virtue of the firewall’s diversifying role, firewall management and reporting – or lack thereof – has a significant impact on companies’ risk posture.
“Without effective audits and reporting, companies are unable to make intelligent decisions around the configuration of the firewall, and don’t have the insight or agility to respond to threats and vulnerabilities,” says Richard Broeke, national sales manager at Securicom, a managed IT security services vendor.
He says about 50% of administrators audit their firewalls once a year, and about 10% never do it. There is a wealth of excellent information buried in firewall logs that document port scans unauthorised connection attempts, and activity from compromised computers and devices, amongst other things.
While he suggests that logs should be checked weekly if not daily, he concedes that standard firewall reporting tools can’t provide information that facilitates intelligent decision-making because the information logged is oftentimes in a format that is difficult to understand and even more difficult to report on.
“Companies need actionable information on the behaviour of the technology and usage by the company’s users. Technical stats aren’t enough.
“Without proper visibility, companies have no idea if the firewall is configured appropriately or if there are any holes. With standard reporting tools, companies can’t see for instance whether the firewall’s intrusion protection settings are appropriately configured, or see when attacks happen and if they have been stopped.
“It goes without saying, that on-the-fly management and configuration decisions will be a shot in the dark as well.”
According to Broeke, it doesn’t have to be this way for companies using Fortigate Firewalls – the world’s leading and most-trusted Unified Threat Management (UTM) firewalls. With the innovative security incident and event management (SIEM) solution, logMojo, companies with Fortigate Firewalls can get the depth of information that need for effective firewall management and reporting.
logMojo boasts rich reporting features and more detailed analytical tools for the intelligent management of Fortigate Firewalls. Backed by its distributed, parallel processing Cloud, logMojo combines high speed, real-time analysis of FortiGate logs with Intelligent Alerting and Dynamic Drill Down Reporting.
Many reporting solutions offer only the top ‘X’ number of results for specific protocols like http and SMTP; while others only offer general reports not tailored to the detailed information generated from a FortiGate.
logMojo is the only solution for complete, detailed FortiGate reporting on all aspects of its features. This includes all FortiGate system events, traffic information, content filtering, application control, intrusion prevention system, antivirus, anti-Spam, VPN, and authentication. Every single piece of information in or out of a FortiGate can be reported upon quickly and easily with as much – or as little – detail as required.
logMojo’s Executive Reports aka Overview Analysis Reports provide high-level summarized information across all aspects of a FortiGate Firewall. The informative charts and graphs cover all aspects of a unit’s health, usage, status of UTM/NGFW features, geo-IP reports and more.
The short, concise reports are perfect for quick weekly, monthly or quarterly reviews of what has been occurring on – and through – the device. The reports can also be used to aid in compliance with regulations.
logMojo’s Scheduled Reports System allows for reporting upon months of data (which may contain hundreds of millions of events) quickly and to easily spot trends and events needing further investigation. It also allows for reports over multiple devices to be combined together to allow for a global view of security events across the enterprise or distributed business.
Broeke likens logMojo’s alerting and reporting capabilities to an intelligent CCTV system.
“While the average CCTV system will simply monitor and record movement in an environment, an intelligent CCTV system will provide alerts when there is suspicious movement. Likewise, logMojo provides alerts when there is malicious activity. Admins know where to start looking for incidents, and action can be taken immediately.
“Admins can easily analyse logs and more effective decisions on bandwidth management and network security with actionable insight into web site visits, traffic, and employees’ usage of the network. This makes the management of the firewall strategic, focused and effective. When a firewall is effective, companies get return on their investment,” concludes Broeke.