A firewall security review is a detailed analysis and test of a firewall that has been implemented to protect a client’s information, applications, systems and overall business operations. A firewall security review examines vulnerabilities associated with a specific vendor’s solution, susceptibility of the firewall to focused connection and information driven attacks and exploits, and miss-configurations that allow an attacker to overcome specific firewall protections.
Firewalls are complex systems that by their function restrict or grant network connectivity to and from the Internet for a company. The very process to configure and modify firewalls to support dynamic business requirements introduces the risk of permitting unintentional and potentially harmful access into or out of an organization’s network. Firewalls that are initially set up, configured and patched undergo constant change to support evolving business needs. The risks, threats and impacts of changes tend not to be fully considered particularly when business timelines and commitments become immediate. Firewall security reviews help the organization to verify that their firewalls adequately protect critical business information and data as required. Firewall reviews are a key requirement within a number of industry related standards and regulations, such as PCI and HIPAA.
GRC360 Firewall Security Review Services help our clients to improve and maintains their security perimeter against the actions of hackers who attempt to disrupt business operations and data; and steal, modify or destroy sensitive information. Our services coverall all major firewalls, switches and routers; and tests for vulnerabilities, configuration and administration flaws, and non-compliance with industry standards and regulations such as PCI and HIPAA.
GRC360’s Firewall Security Review Service identifies vulnerabilities within the external/internal network security architecture and can be aligned to different industry standard requirements such as PCI DSS, ISO/IEC 27001.
The GRC360 Managed Compliance Services team uses Nipper, RAT and proprietary analytical tools and techniques, to help identify and remediate firewall security vulnerabilities and resolve miss-configurations.
All firewall vulnerabilities and configuration issues that are identified are presented to the client together with an assessment of impact and recommendations for mitigation or a technical solution.
GRC360 Firewall Security Review Services can be performed as a standalone service or can be bundled with other GRC360 Managed Compliance Services as desired.
Firewall Security Reviews can are performed to occur on a routine schedule (e.g., quarterly or bi-yearly) and/or to coincide with a major security upgrade or application launch. The service can be run remotely or locally. A number of our clients run the scanner themselves and provide the raw data to the GRC360 Managed Compliance Services team for detailed analysis.