Season Greetings from ManageEngine Firewall Analyzer team!!

We are happy to announce the private availability of Cisco ASA v.8.2 NetFlow logs support in Firewall Analyzer. If you are interested to evaluate, get in touch with us. Please furnish your contact details in the form. We will provide you the link to download the service pack and the procedure to configure Cisco ASA v.8.2 appliance.

Prerequisite:

• Cisco ASA appliance running on Version 8.2
• Firewall Analyzer v.6 (build 6000) installed.

"Be Proactive than Reactive" is a slogan for any NOC (Network Operations Control) or network specialist. The basic requirement is to ensure that there is no compromise activity on your network, and ensure the policies on your perimeter are intact.

Here is a support case, we faced very recently from an enterprise, which had a very large compromise attempt, and how our SEM (Security Event Management) module provided them enough information to nail down the issue completely.

This enterprise is one of a premium data centers, with multiple Firewalls deployed across the globe. Firewall Analyzer - Distributed edition is deployed, where Log collectors were monitoring their critical Firewalls, and the Admin server was managed by the Network Operations Center (NOC).

The actual request for support with us was to set up mechanism through which they could know the traffic activity for a separate subnet, that holds some critical servers which holds the backed up data, along with  product customization.

Since, the subnet had mail-server, we thought of adding an "Anomaly Profile" which we normally advice to all customers as it's not uncommon for attackers to turn a compromised system into Spam relays. With this in mind, monitoring outbound TCP/25 activity from all systems but your legitimate SMTP servers is an excellent way of catching these transactors.

Withing 15 minutes after the setup, Voila .. we struck gold !! One of their critical server had been compromised (by internal user !!) to spam relays, and some how certain conditions on their PATting rules had a small glitch that added to their existing problem. Surprisingly, it was almost invisible and was done very smartly that nobody thought this as an cause of network chock.

The moral of the story is, explore the possibility of adhering to SIM and SEM objectives to be more "Proactive than being Reactive".

Here are some tips for your review.

1. Ensure to create some alert profiles (Normal / Anomaly), on Firewall Analyzer based on thresholds that best suit your requirement. Firewall Analyzer is a powerful tool, which can warn you the moment there is a compromise attempt on your network.

2. It is best practice for the NOC community to simulate such events by themselves to know how their devices react to these situations. We saw a minor configuration issue on their device policy that permitted this transactions. Always anticipate that the hacker community is more resourceful than you. Always check and double check.

3. Ensure all policies are tuned and optimized to secure their network. Do check Firewalls Rules Report, for more drill down.

4. Firewall Analyzer product throws strong reports and alerts, but a scheduled audit of raw logs by loading the archives to check the activities will surely provide better understanding and this should be translated towards tweaking the policies.

5. We are SIEM vendors, and do check with us constantly for any best practice to be done on the application side and get Out of the box solutions.

Jingle bells are ringing on SIEM clouds!!

We have taken up support for Netflow logs on Firewall Analyzer, with more features on this bundle, probably a Christmas or a New year gift from Manage Engine shop.

For instance, a device's capability to throw Netflow packets were more restricted to devices like routers and switches. Cisco ASA v.8.2 firewall device has capability to throw Netflow packets along with syslogs. This is one of the mile stone achieved by Cisco.

Firewall Analyzer currently supports Syslogs for Cisco ASA device, and we intend to support Netflow logs from these ASA v.8.2 devices, very soon.

We are currently kick started our process to include log analysis for Netflow packets from Cisco ASA v.8.2 devices, apart from Syslog format support.

This being a top priority for us, we welcome your sample Netflow logs to include them in our test bed, and deliver solutions.

This feature enhancement along with a surprise bundle is planned to be premiered as a service pack over our current version,Firewall Analyzer .v.6.

Cisco ASA .v.8.2 users are requested to get in touch with our support for steps to be deployed on your device to generate sample logs, and  get upload links for sending us these sample logs.

Be rest assured, your logs are treated confidential, and used only to test and provide solutions.

Do get in touch with us, in case you need a quick sneak peak on our next feature pack. 

The Drudgery of Deploying Enterprise Solution

Customer satisfaction through innovation is a way of life in ManageEngine. Normally, deployment of log management (SIEM) solutions of top brands are not so simple. You require a number of files to be downloaded. Innumerable installations, configurations, and tuning etc., to start the deployed application. Often times, without the assistance of consultants it will be impossible to deploy a enterprise solution. To start running the solution and get the desired output, will be a tough task. For IT managers/administrators, deploying any enterprise solution will surely give few sleepless nights.

Escape from the Drudgery!

Embrace  ManageEngine!!

ManageEngine Firewall Analyzer deployment for enterprises is a child's play.

1 - 2 - 3

Deployment in three steps.

#1

Download, install Distributed edition as Admin server in your central office/head quarters. (very few install time configurations).

Run the application.

#2

Send the downloaded file or send the application download link (same file doubles as Admin and Collector server. How Simple!!) and the Admin server details to the geographically remote location (your branch/sub office). Get it installed as Collector server in the remote location (here again, very few install time configurations). Get the Firewalls configured to monitor.

Run the application.

Replicate this step in all remote locations.

#3

Wait for 10 minutes.

Open Admin client UI in a browser. The reports of Firewalls in different parts of the world are there. Check it out.

The Solution: Firewall Analyzer 6 Distributed Edition

The procedure may not take more than an hour, staring from download to report roll out.

No cumbersome downloads. No consultant required. No training required. Minimal configurations. Global deployment can't get any simpler.

Scalability and feature set exceeds any other enterprise SIEM solution. Distributed monitoring very few have.

Experience it to believe it. Try Firewall Analyzer 6 Distributed Edition.

Read the blog post in EventLog Analyzer blogs about the Gartner report on security software by companies and the need of the high quality and less cost security products like ManageEngine.

Have a look at Firewall Analyzer Enterrpise Solution (Distributed Edition).

Drum roll please…..

The Firewall Analyzer team is happy to announce the beta release of our latest version 6.0.

There has been a lot of hustle bustle in the Firewall Analyzer team; it’s a Race to the Finish to get the Final build of our latest version 6.0 ready for release. Mean while, we have the Beta release for you to play with and shout out to us if you find any kinks in it.

Gone are the days for large enterprises struggling with Multiple Firewalls distributed across their perimeter, and are forced to install an application to monitor their perimeter devices. They had to either install it on each single device per server basis or for a cluster of devices per server.

The concept of Log analysis relies on Style of Deployment, and Style of Data management, and of course, reports on Traffic and security and many more Dynamic features offered by such an application.

Our current version, Firewall Analyzer 5.0, does all the above, presenting you with great reports and alerts for such linear deployments. However, we’ve had to think beyond these deployment styles and meet the requirements for enterprises with large geographically distributed networks.

Version 5.0 is a great piece of work capable of handling such requirements but only to an extent. It has the *conditions apply tag to it and some of those were:

1. The collection of Devices should not exceed the flow rate of 1500 logs per second to Firewall Analyzer server.
2. Requires access to each individual firewall analyzer server in the network, to manage the attached firewall device.
3. In the event of the main server crash, no data will be received from any of the devices and no alerts can be generated too.  
4. Firewall Analyzer server and the Device should ideally be deployed in the same time zone. 

Sounds Familiar? We decided it was time to get rid of the *conditions apply tag and developed a better version of Firewall Analyzer.

Sneak Peek into Firewall Analyzer 6.0

We understand that style of deployment varies on case to case basis, some might like it the linear way or some may need to look at a more distributed setup. Keeping such requirements in mind, we now have 2 editions: Stand Alone Edition and Enterprise Edition.

Some of the Top 10 features of Version 6.0

1. New set of Heterogeneous Devices & Log formats Supported
2. Interface based Live Report with SNMP support for interface details and dashboard view for last 24 hours bandwidth utilization for each interface.
3. Timezone normalization support for firewall logs based on Firewall Analyzer server timezone across geographies.
4. Spam Reports support, Top Blocked URL's report, False positive filtering for all reports and more.
5. 64 bit OS Support
6. Exporting & Importing of Report & Alert Profiles
7. Re branding FWA web client logo, images and links.
8. Option to Manage/UnManage device(s) license(s).
9. Option to export Live Report in PDF format
10. SMS Alert notification for Alert module.

Ok if this hasn’t whetted your curious minds, shoot us an email at fwanalyzer-support@manageengine.com to get the download links for the Beta release.

Or Just Use this form

P.S: This post has been co-authored by Shri (shrishankar@zohocorp.com), our very own support guru!

In today's uncertain economic climate we are left trying to figure out how best we can manage our resources till we are sure of a rebound from this global financial crisis. Every small saving is a step towards saving our future growth. Budgets are getting slashed, spending tightened and every IT administrator is scrambling to reduce their IT expenditure. A huge dent on IT budgets is internet bandwidth costs and there is never enough amount of bandwidth for an enterprise. In such tough economic scenario maximizing our resources is the key to sustaining ourselves; IT Administrators can do so by having better control on bandwidth usage. Being aware of how the bandwidth is being utilized and by eliminating any non-business usage or high bandwidth intensive applications, IT administrators can go a long way in reducing their bandwidth costs.

For example in the Kingdom of Saudi Arabia (KSA), bandwidth charges are significantly higher and as shown below, even a little judicious usage of bandwidth can lead to considerable savings.

• Average cost of Bandwidth in KSA ~ $40 per GB
• Average number of Business Days per month = 25 Days
• Worst case Scenario:

If 1 GB of Bandwidth is saved per day, then 25 GB is saved per month.

Bandwidth Cost Savings: 25 GB × $ 40 = $1000 per month.

These savings could potentially be much higher when deployed in real life environments. Now you must be thinking how do we implement this? Let me assume you already have an IT infrastructure in place with Firewalls included in your network. Firewall Analyzer is a solution that lets you figure out the bandwidth usage patterns in your network as a result you can effectively make changes to your IT policies to ensure judicial usage of bandwidth thereby reducing bandwidth charges.

When deployed, Firewall Analyzer can generate reports to display the top websites that are accessed by the network. Also it displays the top hosts/users/protocols that use the bandwidth most. This enables Network Administrators to determine any rogue site which is causing a bandwidth hog or any user who maybe using the bandwidth for non-business use and thereby gives control over the usage. This information can enable a network administrator to block any unwanted websites from their network which are taking up excessive bandwidth. Therefore you can effectively control your bandwidth usage which automatically translates into cost savings.

Here's a case study that illustrates how Firewall Analyzer helped Professional Engineers Ontario, Canada gain control of their Bandwidth usage. This provides a real life example of the challenges faced by the organization and how effectively their bandwidth usage was controlled on implementing Firewall Analyzer. More info about ManageEngine Firewall Analyzer can be found at http://www.fwanalyzer.com.

Yes!

AdventNet ManageEngine is hosting Roadshow in countries across the European Union.

If perimeter security of your enterprise network is your concern, then you must visit ME Euro Roadshow 2008.

We are available in your town. Feel free to seek any information about Firewall Analyzer.  Join us at the Roadshow in your country, register here 

Check complete details about the Roadshow, visit the link: http://manageengine.adventnet.com/euroroadshow/