About Us

FireMon launched FireMon Policy Analyzer 

FireMon launched FireMon Policy Analyzer, a free firewall assessment tool. It offers organizations a detailed diagnostic report outlining the health of a firewall policy, complete with best practices and recommendations to strengthen their security posture. 

Jody Brazil, CEO of FireMon stated, “The potential for misconfiguring a firewall in a rapidly expanding organizational environment poses real risk to organizations today. Understanding firewall policy security posture and minimizing the potential for human errors when it comes to setting up and managing this complexity cannot be overstated. 

The financial and reputational repercussions of a firewall compromise can potentially result in fines, lost revenues, lawsuits, and long-term damage to the health of the business. Visibility is key to identifying and addressing weaknesses in firewalls and other network security elements. With FireMon Policy Analyzer we provide organizations with an intuitive, powerful and insightful free tool to strengthen their operational environment almost immediately.” 

According to Gartner, configuration mistakes are to blame for 99% of firewall and cloud security failures. Misconfigurations, particularly with regard to a company’s firewalls, are a well-documented cause of the widening cybersecurity gap. Small configuration errors and out-of-date rules can quickly accumulate, making it difficult to manage traditional rules-based firewall setups effectively as environments grow. If these errors are not found and fixed, they can lead to catastrophic network vulnerabilities. 

Organizations can reduce security risks brought on by improperly managed firewall policies by using FireMon Policy Analyzer, which gives security teams a potent tool without the need for setup, installation, or specialized hardware. For typical firewall configurations, Policy Analyzer safely collects the necessary configuration data from a firewall, analyzes the firewall policy, and provides security posture results in seconds. 

Synopsys and The Chertoff Group partners to Provide Policy-Driven Software Security Solutions

Synopsys, Inc. announced a new partnership with The Chertoff Group, a worldwide advisory services company that offers security expertise, technology insight, and policy intelligence to help clients build resilient organizations, gain a competitive edge, and drive growth.

When it comes to helping clients make more secure software faster, Synopsys joins forces with leading solution providers around the world. A strategic partnership with The Chertoff Group will enable companies to deliver cutting-edge application security solutions and help clients gain confidence in their software investments. Clients can now benefit from the advisory services of The Chertoff Group and the application security domain expertise of Synopsys to ensure that cloud migration and digital transformation projects run smoothly.

“The Chertoff Group’s partnership with Synopsys is powerful because it combines market-leading software security and cyber risk management capabilities. As we’ve learned from the spate of disruptive technology supply chain compromises, organizations must unify their approach to product security with enterprise cyber defense. By combining The Chertoff Group’s cyber risk capabilities with Synopsys’ software security expertise, we help clients overcome that compounded challenge,” said David London, a managing director at The Chertoff Group.

“Organizations are increasingly realizing that software risk equates to business risk. This is a central focus of the partnership between Synopsys and The Chertoff Group, which was born out of a desire to educate organizations on policies and standards and how they can be directly applied to development and deployment teams,” said Tom Herrmann, vice president of channels and alliances at the Synopsys Software Integrity Group.

Web Application Firewall – Everything You Need to Know

Web Application Firewall – Web Application Firewall (WAF) is a form of application firewall that protects web service from various attacks. Application protection is a security layer that can defend against a variety of application layer security threats that aren’t normally covered by a traditional network layer Intrusion Detection Systems. By inspecting HTTP/HTTPS request packets and web traffic patterns, the WAF ensures that the web service is not jeopardized. It defends web applications against cross-site scripting (XSS), file inclusion and SQL injection attacks. The WAF prevents attacks by blocking HTTP requests and IP addresses when it detects some kind of security threat in compliance with the configuration file.

Why Web Application Firewall ?

Web applications are easily available and provide a convenient entry point to useful data, hence they are a prime target for cyber-attacks. These online services must be protected from current and emerging cyber-threats without compromising efficiency and quality. Because of the consistent changes in applications, security teams struggle to keep up with updating security rules that properly protect web services. This can lead to security flaws and vulnerabilities that cybercriminals can take advantage of, resulting in expensive data breaches. Additionally, businesses seek out security technologies that can scale with their applications to meet rising consumer demand, ensuring that the web as a service remains viable and are adequately protected without compromising the customer’s experience.

Features of Web Application Firewall are –

  • Configuration and Control – Administrators can use the Web Application Firewall to build policies for compliance, regulatory, and security purposes. Administrators can build comprehensive and flexible policies as required, including URL rewriting, SSL/TLS validation and compliance, using the WAF policy engine. WAF detects attack chains automatically, from eavesdropping to data theft and backdoor setup. Instead of working through thousands of possible attacks, security experts are only alerted to the most critical threats. Security teams can specify the protection level for each program, and WAF can determine what to do in various scenarios. In the event, if the device configuration fails, previously saved settings can be restored automatically eliminating the manual work.
  • Reporting and Analytics – WAF provides real-time insight into your web traffic and can be used to generate new dashboard reporting rules or warnings. It gives security teams fine control of how the metrics are displayed, allowing them to track anything from individual rules to all inbound traffic. In addition, WAF provides detailed logging by collecting the header data of each inspected web request that can be used in analytics and security automation. WAF takes a large number of warnings and condenses them into a limited, manageable collection of security events, this gives security professionals a frictionless operating experience.
  • Integration and Security – WAF virtual application can be installed and scaled up easily on-premises with no special hardware to purchase or maintain. WAF can easily integrate into a company’s information security management system, which aids in the provision of advanced multilayer security. Administrators can develop special rules to detect confidential data like account numbers, passwords, financial transactions and insurance records. In addition, rules may be used to hide information from third parties, including administrators that use WAF. WAF aids in the monitoring of all traffic.

The majority of previous time-consuming and physical activities are automated with online services in all enterprise sectors like IT, finance, manufacturing, telecom, media to government. With the rise in cyber-attacks, these organizations must secure their online applications and the safest and most commonly used solution is a Web Application Firewall.