Fight firewall sprawl with AlgoSec, Tufin, Skybox suites

These three security policy management toolsets deliver orchestration and automation.


New and innovative security tools seem to be emerging all the time, but the frontline defense for just about every network in operation today remains the trusty firewall. They aren’t perfect, but if configured correctly and working as intended, firewalls can do a solid job of blocking threats from entering a network, while restricting unauthorized traffic from leaving.

The problem network administrators face is that as their networks grow, so do the number of firewalls. Large enterprises can find themselves with hundreds or thousands, a mix of old, new and next-gen models, probably from multiple vendors -- sometimes accidentally working against each other. For admins trying to configure firewall rules, the task can quickly become unmanageable.

That is where Security Policy Management comes into play. These products used to be called firewall managers, and in truth, they mostly still just manage firewalls - though some also help with routers and switches. They allow administrators to define security policies, and then rely on the programs to - somewhat automatically – make it happen.

We looked at security policy management programs from AlgoSec, Tufin and Skybox. Each suite was deployed and tested in a virtual and physical environment stacked with firewalls from all the top vendors including Palo Alto, Cisco, WatchGuard, Check Point and others. We deployed new security policies, tracked and identified traffic flow complications, decommissioned old or non-functional rules and checked configurations against desired security policies and regulatory requirements.

While each suite did an excellent job, we were most impressed with AlgoSec, although not every organization might agree with us. What set AlgoSec apart was that it allowed end users, not just security teams, to help share the burden and take ownership of managing security policies as they related to their areas of responsibly within an organization.

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.