Season Greetings from ManageEngine Firewall Analyzer team!!

We are happy to announce the private availability of Cisco ASA v.8.2 NetFlow logs support in Firewall Analyzer. If you are interested to evaluate, get in touch with us. Please furnish your contact details in the form. We will provide you the link to download the service pack and the procedure to configure Cisco ASA v.8.2 appliance.

Prerequisite:

  • Cisco ASA appliance running on Version 8.2
  • Firewall Analyzer v.6 (build 6000) installed.
Note
To know the current version of the product, click on the 'About' link in the product UI.
If the Firewall Analyzer is of older version, upgrade it to version 6.0.

Feel free to get in touch with us.

Thank you and best regards,
Shri
ManageEngine Firewall Analyzer
Toll Free: +1 888 720 9500
Follow us on Twitter


Firewall Analyzer catches Spam Relays

Dec 08 2009 04:30:05 AM Posted By : Shri Shankar

"Be Proactive than Reactive" is a slogan for any NOC (Network Operations Control) or network specialist. The basic requirement is to ensure that there is no compromise activity on your network, and ensure the policies on your perimeter are intact.

Here is a support case, we faced very recently from an enterprise, which had a very large compromise attempt, and how our SEM (Security Event Management) module provided them enough information to nail down the issue completely.

This enterprise is one of a premium data centers, with multiple Firewalls deployed across the globe. Firewall Analyzer - Distributed edition is deployed, where Log collectors were monitoring their critical Firewalls, and the Admin server was managed by the Network Operations Center (NOC).

The actual request for support with us was to set up mechanism through which they could know the traffic activity for a separate subnet, that holds some critical servers which holds the backed up data, along with  product customization.

Since, the subnet had mail-server, we thought of adding an "Anomaly Profile" which we normally advice to all customers as it's not uncommon for attackers to turn a compromised system into Spam relays. With this in mind, monitoring outbound TCP/25 activity from all systems but your legitimate SMTP servers is an excellent way of catching these transactors.

Withing 15 minutes after the setup, Voila .. we struck gold !! One of their critical server had been compromised (by internal user !!) to spam relays, and some how certain conditions on their PATting rules had a small glitch that added to their existing problem. Surprisingly, it was almost invisible and was done very smartly that nobody thought this as an cause of network chock.

The moral of the story is, explore the possibility of adhering to SIM and SEM objectives to be more "Proactive than being Reactive".

Here are some tips for your review.

1. Ensure to create some alert profiles (Normal / Anomaly), on Firewall Analyzer based on thresholds that best suit your requirement. Firewall Analyzer is a powerful tool, which can warn you the moment there is a compromise attempt on your network.

2. It is best practice for the NOC community to simulate such events by themselves to know how their devices react to these situations. We saw a minor configuration issue on their device policy that permitted this transactions. Always anticipate that the hacker community is more resourceful than you. Always check and double check.

3. Ensure all policies are tuned and optimized to secure their network. Do check Firewalls Rules Report, for more drill down.

4. Firewall Analyzer product throws strong reports and alerts, but a scheduled audit of raw logs by loading the archives to check the activities will surely provide better understanding and this should be translated towards tweaking the policies.

5. We are SIEM vendors, and do check with us constantly for any best practice to be done on the application side and get Out of the box solutions.

Jingle bells are ringing on SIEM clouds!!

We have taken up support for Netflow logs on Firewall Analyzer, with more features on this bundle, probably a Christmas or a New year gift from Manage Engine shop.

For instance, a device's capability to throw Netflow packets were more restricted to devices like routers and switches. Cisco ASA v.8.2 firewall device has capability to throw Netflow packets along with syslogs. This is one of the mile stone achieved by Cisco.

Firewall Analyzer currently supports Syslogs for Cisco ASA device, and we intend to support Netflow logs from these ASA v.8.2 devices, very soon.

We are currently kick started our process to include log analysis for Netflow packets from Cisco ASA v.8.2 devices, apart from Syslog format support.

This being a top priority for us, we welcome your sample Netflow logs to include them in our test bed, and deliver solutions.

This feature enhancement along with a surprise bundle is planned to be premiered as a service pack over our current version,Firewall Analyzer .v.6.

Cisco ASA .v.8.2 users are requested to get in touch with our support for steps to be deployed on your device to generate sample logs, and  get upload links for sending us these sample logs.

Be rest assured, your logs are treated confidential, and used only to test and provide solutions.

Do get in touch with us, in case you need a quick sneak peak on our next feature pack. 

Thank you and Best regards,
Shri
Firewall Analyzer - Team



The Drudgery of Deploying Enterprise Solution

Customer satisfaction through innovation is a way of life in ManageEngine. Normally, deployment of log management (SIEM) solutions of top brands are not so simple. You require a number of files to be downloaded. Innumerable installations, configurations, and tuning etc., to start the deployed application. Often times, without the assistance of consultants it will be impossible to deploy a enterprise solution. To start running the solution and get the desired output, will be a tough task. For IT managers/administrators, deploying any enterprise solution will surely give few sleepless nights.

Escape from the Drudgery!

Embrace  ManageEngine!!

ManageEngine Firewall Analyzer deployment for enterprises is a child's play.

1 - 2 - 3

Deployment in three steps.

#1

Download, install Distributed edition as Admin server in your central office/head quarters. (very few install time configurations).

Run the application.

#2

Send the downloaded file or send the application download link (same file doubles as Admin and Collector server. How Simple!!) and the Admin server details to the geographically remote location (your branch/sub office). Get it installed as Collector server in the remote location (here again, very few install time configurations). Get the Firewalls configured to monitor.

Run the application.

Replicate this step in all remote locations.

#3

Wait for 10 minutes.

Open Admin client UI in a browser. The reports of Firewalls in different parts of the world are there. Check it out.

The Solution: Firewall Analyzer 6 Distributed Edition

The procedure may not take more than an hour, staring from download to report roll out.

No cumbersome downloads. No consultant required. No training required. Minimal configurations. Global deployment can't get any simpler.

Scalability and feature set exceeds any other enterprise SIEM solution. Distributed monitoring very few have.

Experience it to believe it. Try Firewall Analyzer 6 Distributed Edition.


Read the blog post in EventLog Analyzer blogs about the Gartner report on security software by companies and the need of the high quality and less cost security products like ManageEngine.

Have a look at Firewall Analyzer Enterrpise Solution (Distributed Edition).

Drum roll please…..

The Firewall Analyzer team is happy to announce the beta release of our latest version 6.0.

There has been a lot of hustle bustle in the Firewall Analyzer team; it’s a Race to the Finish to get the Final build of our latest version 6.0 ready for release. Mean while, we have the Beta release for you to play with and shout out to us if you find any kinks in it.

Gone are the days for large enterprises struggling with Multiple Firewalls distributed across their perimeter, and are forced to install an application to monitor their perimeter devices. They had to either install it on each single device per server basis or for a cluster of devices per server.

The concept of Log analysis relies on Style of Deployment, and Style of Data management, and of course, reports on Traffic and security and many more Dynamic features offered by such an application.

Our current version, Firewall Analyzer 5.0, does all the above, presenting you with great reports and alerts for such linear deployments. However, we’ve had to think beyond these deployment styles and meet the requirements for enterprises with large geographically distributed networks.

Version 5.0 is a great piece of work capable of handling such requirements but only to an extent. It has the *conditions apply tag to it and some of those were:

  1. The collection of Devices should not exceed the flow rate of 1500 logs per second to Firewall Analyzer server.
  2. Requires access to each individual firewall analyzer server in the network, to manage the attached firewall device.
  3. In the event of the main server crash, no data will be received from any of the devices and no alerts can be generated too.  
  4. Firewall Analyzer server and the Device should ideally be deployed in the same time zone. 

Sounds Familiar? We decided it was time to get rid of the *conditions apply tag and developed a better version of Firewall Analyzer.

Sneak Peek into Firewall Analyzer 6.0

We understand that style of deployment varies on case to case basis, some might like it the linear way or some may need to look at a more distributed setup. Keeping such requirements in mind, we now have 2 editions: Stand Alone Edition and Enterprise Edition.

Some of the Top 10 features of Version 6.0

  1. New set of Heterogeneous Devices & Log formats Supported
  2. Interface based Live Report with SNMP support for interface details and dashboard view for last 24 hours bandwidth utilization for each interface.
  3. Timezone normalization support for firewall logs based on Firewall Analyzer server timezone across geographies.
  4. Spam Reports support, Top Blocked URL's report, False positive filtering for all reports and more.
  5. 64 bit OS Support
  6. Exporting & Importing of Report & Alert Profiles
  7. Re branding FWA web client logo, images and links.
  8. Option to Manage/UnManage device(s) license(s).
  9. Option to export Live Report in PDF format
  10. SMS Alert notification for Alert module.

Ok if this hasn’t whetted your curious minds, shoot us an email at fwanalyzer-support@manageengine.com to get the download links for the Beta release.

Or Just Use this form

P.S: This post has been co-authored by Shri (shrishankar@zohocorp.com), our very own support guru!


Don't Burn with multiple Firewalls!

Jul 03 2009 03:49:05 AM Posted By : pooja

We've heard this one before, firewall management has always been a time consuming and manpower draining task.

Let's imagine a Strategy Role Playing Game (SRPG) where our network is our kingdom, expanding quickly and as we do, our defenses get harder to manage. A sentry at each gate on the line of defense requires large labor resource, this vital resource could have been utilized in crucial tasks, if we had more sophisticated security defenses. We also then require leaders to manage these sentries and ensure every gate has adequate security. Now with a vast kingdom consisting of numerous gates, managing sentries can be very difficult, with greater challenges when threatened with impending attack.

This is similar to how our IT networks are set up with large portions of our staff dedicated to monitoring our networks, managing firewall rule sets across multiple firewalls, sifting & analyzing firewall logs to determine intrusions.

As the Help Net Security article indicates, IDC's survey found that most IT managers / administrators found that they were unable to perform firewall rule sets gap analysis due to the large number of rules. Respondents also indicated that losses from data breaches were equivalent to more than 75 percent of their costs for operating firewall architecture.

Now, in our SRPG,  would we turn a blind eye to any spies entering our lines of defense? How would we determine if all our gates are adequately equipped, have all sentries reported for duty?

Like the wizard who will give you that extra special item which you unlocked after some hard hours at work, I give you ManageEngine's Firewall Analyzer. Just let Firewall Analyzer (FWA) do the sifting and analyzing of firewall logs. Don't get lost with those firewall rules, FWA lets you determine which rule sets are actually effective in protecting your network. Optimize your firewall architecture by analyzing the reports generated by FWA and meet compliance audit requirements.

Need to know who's trying to attack your network, need to watch over those who pass through your gates (firewall), setting up alerts like this will give you enough time to actually enjoy some SRPG. Of course, not while your working right!

Head over to www.fwanalyzer.com to download a free 30 Day Trial and defeat those firewall monsters.



Disclaimer: This author doesn't imply that playing SRPG at work is acceptable! 


 

How to maximize Bandwidth Usage?

Nov 18 2008 03:51:28 AM Posted By : pooja

In today's uncertain economic climate we are left trying to figure out how best we can manage our resources till we are sure of a rebound from this global financial crisis. Every small saving is a step towards saving our future growth. Budgets are getting slashed, spending tightened and every IT administrator is scrambling to reduce their IT expenditure. A huge dent on IT budgets is internet bandwidth costs and there is never enough amount of bandwidth for an enterprise. In such tough economic scenario maximizing our resources is the key to sustaining ourselves; IT Administrators can do so by having better control on bandwidth usage. Being aware of how the bandwidth is being utilized and by eliminating any non-business usage or high bandwidth intensive applications, IT administrators can go a long way in reducing their bandwidth costs.

For example in the Kingdom of Saudi Arabia (KSA), bandwidth charges are significantly higher and as shown below, even a little judicious usage of bandwidth can lead to considerable savings.

  • Average cost of Bandwidth in KSA ~ $40 per GB
  • Average number of Business Days per month = 25 Days
  • Worst case Scenario:

If 1 GB of Bandwidth is saved per day, then 25 GB is saved per month.

Bandwidth Cost Savings: 25 GB × $ 40 = $1000 per month.

These savings could potentially be much higher when deployed in real life environments. Now you must be thinking how do we implement this? Let me assume you already have an IT infrastructure in place with Firewalls included in your network. Firewall Analyzer is a solution that lets you figure out the bandwidth usage patterns in your network as a result you can effectively make changes to your IT policies to ensure judicial usage of bandwidth thereby reducing bandwidth charges.

When deployed, Firewall Analyzer can generate reports to display the top websites that are accessed by the network. Also it displays the top hosts/users/protocols that use the bandwidth most. This enables Network Administrators to determine any rogue site which is causing a bandwidth hog or any user who maybe using the bandwidth for non-business use and thereby gives control over the usage. This information can enable a network administrator to block any unwanted websites from their network which are taking up excessive bandwidth. Therefore you can effectively control your bandwidth usage which automatically translates into cost savings.

Here's a case study that illustrates how Firewall Analyzer helped Professional Engineers Ontario, Canada gain control of their Bandwidth usage. This provides a real life example of the challenges faced by the organization and how effectively their bandwidth usage was controlled on implementing Firewall Analyzer. More info about ManageEngine Firewall Analyzer can be found at http://www.fwanalyzer.com.


Yes!

AdventNet ManageEngine is hosting Roadshow in countries across the European Union.

If perimeter security of your enterprise network is your concern, then you must visit ME Euro Roadshow 2008.

We are available in your town. Feel free to seek any information about Firewall Analyzer.  Join us at the Roadshow in your country, register here 

Check complete details about the Roadshow, visit the link: http://manageengine.adventnet.com/euroroadshow/

We are happy to announce that we have become Fortinet Technolgy Partner by joining their Global Alliance Partner Program.

AdventNet Joins Fortinet Global Alliance Partner Program

AdventNet’s ManageEngine Firewall Analyzer Extends Fortinet’s Unified Threat Management Solution

PLEASANTON, CA–(Marketwire - June 20, 2008) - AdventNet, Inc., the leading provider of enterprise IT management & security software, today announced it has joined Fortinet’s Global Alliance Partner Program as a technology partner. Fortinet’s partner program includes manufacturers, consultancy firms, service providers, global system integrators and other technology firms who complement and extend the unique value proposition of Fortinet’s leading unified threat management (UTM) solutions for helping to protect customers against current and evolving threats. Through this partnership, AdventNet’s ManageEngine Firewall Analyzer helps Fortinet® to complement its network security technology by monitoring firewall usage and policies.

With the enterprise IT security market getting consolidated, IT managers and security administrators are looking for unified solutions instead of point products. Typically, point solutions also include a firewall and log analysis application, which may either offer inadequate features for log management or does not support the log format of the deployed firewall. As such, IT managers are demanding unified solutions with integrated and interoperable firewall devices and log analysis applications. This market situation makes the AdventNet-Fortinet partnership a step ahead in offering an integrated solution to their customers and a good fit for a unified security information and event management (SIEM) solution.

ManageEngine Firewall Analyzer is an enterprise-class, vendor-neutral software for Firewall, VPN, IDS/IPS and Proxy server log analysis. It enhances the availability and security of the network by continuously collecting, analyzing, and reporting on logs from edge-devices, and helps track intrusion, manage user access, audit traffic and manage network bandwidth efficiently. Firewall Analyzer successfully passed Fortinet’s FortiVerified™ process, a rigorous testing process designed to certify interoperability and guarantee proper integration with the FortiGate™ multi-threat network security appliance.

“We are pleased to have AdventNet as a technology partner and member of the Fortinet Global Alliance Partner Program,” said Michael Rivers, Vice President of Business Development at Fortinet. “The Firewall Analyzer performs an important function, which now works seamlessly with FortiGate products to provide a robust security solution.”

“With Firewall Analyzer interoperating with Fortinet devices, Fortinet strengthens its unified threat management offering. This agreement also testifies to our reputation as the industry’s leading SIEM vendor,” said Shailesh Kumar, VP Engineering, AdventNet, Inc. “I am sure with the integration of our Firewall log analysis tool there will be a tremendous value-add to Fortinet customers,” he added.

More information about Firewall Analyzer is available at www.fwanalyzer.com

Try the 30-day free trial from www.fwanalyzer.com/download.html

About Fortinet

Fortinet is the pioneer and world’s leading provider of Unified Threat Management (UTM) security systems that enable secure business communications and deliver the best security, performance and total cost of ownership available. Fortinet’s award-winning security systems and subscription services protect the networks of more than 20,000 customers worldwide — including telecommunications carriers, service providers and enterprises of all sizes. Visit Fortinet at www.fortinet.com

About AdventNet

Enabling Management Your Way™

Founded in 1996, AdventNet is a software company with a broad portfolio of elegantly designed, affordable products and web services. AdventNet offerings span a spectrum of vertical areas, including network & systems management (www.ManageEngine.com), security (www.SecureCentral.com), collaboration, CRM & office productivity applications (www.Zoho.com), database search and migration (www.SQLOne.com), test automation tools (www.QEngine.com). AdventNet has a large and rapidly growing global customer base, and has presence in all the major markets. The company is based in Pleasanton, California with offices worldwide. Visit us at www.adventnet.com