Anybody using Tufin Secure Track to audit Ruleset changes etc at all? We're using Tufin for Checkpoint/Cisco Devices, also Bluecoat is supported. Unfortunatly MWG not. However it could be possible to write a plugin using the provided TOP SDK.
How do you fare about auditing changes to the rulebase at all? SIEM solutions or Splunk?
Ok, maybe the question is to software vendor specific. How do you guys audit your policy if at all? We would like to have
- Consolidated Audit Log (centralized logs)
- Monthly Report on Policy Changes (compliance tracking, change management: who, when, where change what)
- Statistics on which Rule is used most (performance tuning and getting rid of old unused rules)
Is there maybe some kind of EPO integration, or policy audit tool from McAfee directly?
I am Eldad form Tufin's Procuct Management team;
I am not 100% sure what is the "MWG" but end of last year we have added "native" support (not TOP SDK) to "McAfee Firewall Enterprize" (MFE) ver 10.x current support in our latest GA release (TOS R14-1) includes:
- Monitoring MFE FWs in real time
- Alerting for policy changes
- Policy View/Compare
- Dashboard browsers - Risk, Change, Cleanup
- Policy Analysis (Check if a cetain traffic is allowed in the FW)
- Policy Change reports (daily, weekly, monthly FW change reports)
- Complaince Policies
- Audit and regulations (PCI-DSS, SOX)
The MWG is what this forum is about: McAfee Web Gateway being a Forward Proxy to enforce access control on all outbound Internet traffic. The used policy is quite close to being a ruleset and for this ruleset it would be nice to have the audit functions centrally managed like Tufin does.
Oops, missed that....sorry.
As you relaized we dont support it, and curently we dont have plans to add it in 2014. We might add some support for web gateways in 2015 but I am not sure for which vendor it would be.
You could write a TOP pugin for it and get r textual based configuration change monitoring. not sure if it will cover your requierment.