Firewall Optimization

Least Privilege
Firewall
Optimization

Fine tune your firewall security rules and clean up old
configurations
with Crossconnect Engineering!

Fine tune your firewall security rules and clean up old configurations with Crossconnect Engineering!

Palo Alto,
Cisco, Meraki
& Fortinet
Firewalls

Unchecked Organic Rule
Growth is a Vulnerability

Unchecked
Organic Rule
Growth is a Vulnerability

Palo Alto • Cisco Meraki • Fortinet

Over time, firewall rule bases tend to become large and complicated. They often include rules that are either partially or completely unused, expired or shadowed. Firewall rules are also often imported from an old firewall verbatim due to the organizational fear of breaking production traffic. In other cases, rules are simply too non specific or “loose” to be effective against attackers – This often happens because immediate business requirements take priority over long-term security needs

Over time, firewall rule bases tend to become large and complicated. They often include rules that are either partially or completely unused, expired or shadowed. Firewall rules are also often imported from an old firewall verbatim due to the organizational fear of breaking production traffic. In other cases, rules are simply too non specific or “loose” to be effective against attackers – This often happens because immediate business requirements take priority over long-term security needs

Why Should You Be Concerned?

  • “Loose” rules – such as those containing “any” in either direction, those matching entire subnets, or those not matching a port/protocol – may allow unauthorized access or traffic, exposing your network to potential security breaches. Malicious actors can exploit vulnerabilities and gain entry to sensitive information or systems.
  • “Loose” rules – such as those containing “any” in either direction, those matching entire subnets, or those not matching a port/protocol – may allow unauthorized access or traffic, exposing your network to potential security breaches. Malicious actors can exploit vulnerabilities and gain entry to sensitive information or systems.
  • Unnecessary rules create complexity in managing firewall security controls, resulting in a range of challenges in security management
  • Unnecessary rules create complexity in managing firewall security controls, resulting in a range of challenges in security management
  • Rules that are not utilized or improperly configured present notable security hazards.
    • Improperly configured rules can allow malicious actors to access your network.
    • Outdated rules—those that are not aligned with current security requirements and traffic patterns—cannot protect against attacks. Hackers can exploit outdated rules to gain access to your network.
  • Rules that are not utilized or improperly configured present notable security hazards.
    • Improperly configured rules can allow malicious actors to access your network.
    • Outdated rules—those that are not aligned with current security requirements and traffic patterns—cannot protect against attacks. Hackers can exploit outdated rules to gain access to your network.

Crossconnect’s Least
Privilege Approach

Crossconnect’s
Least
Privilege
Approach

Our Firewall Experts Will:

Our Firewall Experts Will:

Rank rules by qualitative impact ranging five levels
No Issues” to “Critically Insecure

Criteria used:

  • Least Privilege / Lack of Narrowness
  • Incorrect/Insecure Configuration
  • Unused Rules

Rank rules by qualitative impact ranging five levels
No Issues” to “Critically Insecure

Criteria used:

  • Least Privilege / Lack of Narrowness
  • Incorrect/ Insecure Configuration
  • Unused Rules
  • Use logging to identify & safely disable and remove unused rules
  • Manually review high-risk rules identified above
  • Schedule meetings with client to review use cases of high-risk rules and create a remediation plan
  • Use logging to identify & safely disable and remove unused rules
  • Manually review high-risk rules identified above
  • Schedule meetings with client to review use cases of high-risk rules and create a remediation plan

For “loose” rules, use a three-phase process to create “tighter” rules above the loose rule, eventually eliminating the loose rule after logging indicates it is no longer in use

For “loose” rules, use a three-phase process to create “tighter” rules above the loose rule, eventually eliminating the loose rule after logging indicates it is no longer in use

In some rare cases, some rules may be too “loose” to be narrowed to least-privilege in three phases. In these situations, these rules will be individually identified, discussed with the client, and if desired, narrowed for an extended time at additional cost.

In some rare cases, some rules may be too “loose” to be narrowed to least-privilege in three phases. In these situations, these rules will be individually identified, discussed with the client, and if desired, narrowed for an extended time at additional cost.

Pricing

Pricing is by Number of Security Policy Rules

Pricing is by Number of Security Policy Rules

If near the edge of a security policy rule tier, additional rules may be added to the lower tier at $270/security rule. Example: 52 rules may be purchased at $12,540.

If near the edge of a security policy rule tier, additional rules may be added to the lower tier at $270/security rule. Example: 52 rules may be purchased at $12,540.

Let’s Get In Touch

Palo Alto • Cisco • Meraki • Fortinet