SecureTrack

SecureTrack provides configuration change monitoring, reporting, and alerting features specifically for corporate firewalls. Check Point, Cisco PIX, and Juniper/Netscreen firewalls are all supported.

The product is deployed on a central Red Hat (Enterprise Linux, CentOS) server. For Check Point firewalls, the product tracks all changes made by admins (watching for policy saves or installs) logged onto a Check Point SmartDashboard or Provider-1 GUI (the Provider-1 or SmartCenter servers being monitored should be of version NG FP3 or higher). When such changes are noted, the central server uses OPSEC to retrieve the policy, storing it in its own internal DB for subsequent analysis. For Cisco PIX (v 5/6/7) and Juniper/Netscreen firewalls, the product periodically logs into the firewall via SSH, retrieving the firewall's policies and ACLs and translating them into the product's internal XML rule base format.

In both cases, once the policies are stored on the device, they are analyzed for changes; with alerting features supported to notify specified individuals as needed. Notifications can be sent in the form of E-mail reports, syslog messages, or SNMP traps.

SecureTrack leverages this configuration change repository to perform multiple monitoring/alerting features especially for security administrators or compliance officers. For example, organizational policies can be defined, with SecureTrack automatically providing notifications whenever a firewall configuration has been changed such that it violates those policies (such as allowing inbound telnet access). The vendor states that change reports detail both who made the change, and what firewalls were affected.

Other features include:

- Store and compare incremental policy changes in a graphical side by side view, with changes highlighted

- Report on the history of a specific rule; i.e., how and when it was changed over time

- Report on expired rules

- Generate rule usage reports which detail which rules are most-, least-, or un-used

- Support for usage analysis at the object level for Check Point, allowing for the identification of unused network and service objects

- Included best practice settings allowing for the generation of automated security audits of Check Point firewall configurations

- Support for the monitoring of Check Point FireWall-1 OS components; including network interfaces, routing tables and system resources (including CPU usage, memory, and disk space)

- Support for Cisco and Juniper Virtual Firewalls

Also available from the vendor is an appliance-based version of the product. Two appliances are initially available: The T-500, for medium-to-large organizations; and the T-1000 for Service Providers or large Enterprise.

New to SecureTrack is the inclusion of the PCI-DSS Audit Report for security devices, which is based on PCI-DSS v1.1. The PCI-DSS Audit Report is expected to be available on June 30, 2008.

SecureTrack is available now. Base pricing is $5,000 for the software version and $6,000/$16,500 for the T-500 and T-1000, respectively (appliance pricing includes 1-year next business day onsite support and 24x7 helpdesk support).

Contact Tufin Software Technologies for further information.