Who really made that Firewall Rule Change?

A lot of thought goes into the decision to change, add or delete a firewall rule. Or at least a lot of thought should go into it. Is there a business justification due to a change in organizational policy? If the rule already exists, is it obsolete or duplicative and needs to be removed?

Once it is determined what the rule change will be, a security organization needs to decide when to implement the change. For example, should the change be made during the midnight to 2 AM window when most people are off of the network or on a weekend or holiday before the busy work week begins?

Then there is the decision of who on the security team will actually make the committed change. That last question is critical, especially when things go wrong or the organization wants to know more specifics about a particular change. Who better to go back to than the person who implemented the change in the first place?

It seems like a simple thing to know – who made the change; however, for some firewall vendors, the answer to that question has been elusive – until now.

The Granular Change Report for Palo Alto Networks
Granular Change Report for Palo Alto Networks

Recently, FireMon, in collaboration with Palo Alto Networks (PAN), introduced a new report in its Security Manager platform that filters a list of changes down to a small window of time and displays the users who performed the committed changes that were saved and implemented through the Panorama™ management system.

Security Manager reports that information back to the change tracking system as proof of the change only including details for the actual committed change rather than change recommendations made by other users.

With this report, user accountability and system accuracy increase with regard to change management records.

This capability is available on FireMon’s Security Manager platform beginning with version release 8.13. To request a demo, contact us here >>