Centrally managing corporate firewalls by way of virtual systems can reduce the complexity of multiple security policies and varying compliance requirements typically faced by large multinationals.
A San Jose, Calif.-based enterprise gateway security vendor, Secure Computing Corp., seeks to provide that extended control to IT managers with CommandCenter, an add-on to its existing firewall products, Sidewinder and SnapGear.
CommandCenter is designed for companies of varying sizes, but in particular those with disparate enterprise-grade devices or remote offices, said the company's vice-president of product management, Scott Montgomery.
"You may have 75 per cent of the devices that you're managing with CommandCenter at your corporate data centre or data centres, but then you may have more remote regional headquarters or disaster recovery sites or other kinds of remote facilities as well," he said.
By creating virtual instances of the CommandCenter, large multi-nationals, in particular, he said, can centrally manage the configuration of security policies and easily create, validate and distribute those policies. If necessary, he added, policies could be re-used across a number of firewalls.
An IT manager can also control staff administrative access to certain firewalls by assigning someone like an in-house auditor, for instance, with security policy and log viewing privileges but no authority to make policy changes. Access can also be assigned to firewalls in specific business units, geographical locations, or a combination of both.
"It's a central place to manage policies without having to go device by device."
Actually, the often complex issue of regulatory compliance is addressed through assigning security policies geographically because it lets globally-based companies adhere to a particular country's privacy law, he added.
Through virtual interfaces, organizations can assign a dedicated global security team who establishes "overarching rules" for the enterprise, and who can then delegate the more granular administrative capabilities to remote locations, said James Quin, senior research analyst with London, Ont.-based Info-Tech Research Group.
"It's not a case of Bob over in Burma managing the firewall and I have no idea how he's doing it," said Quin.
He added that if an employee violated company policy or made a mistake that jarred with regulatory compliance requirements, it could be monitored and corrected.
With CommandCenter, said Montgomery, the IT manager can manage software updates and patches, eliminating the labour of maintaining individual firewalls across the organization.
And the ability to monitor activity and run reports across a firewall or a group of firewalls, he added, helps assess which systems are operating, for instance, at a higher than expected CPU rate, and which ones bore external attacks and of what nature.
While CommandCenter provides a central management hub, it only grants visibility into the Secure Computing platform, and not to firewalls from other vendors, noted Quin. "It's not a ubiquitous capability. The larger an organization gets, the more likely it is going to have some diversity in its platform utilization."
It may not be a broad-based solution, but it does offer that "master management capability", that enterprises depend upon to oversee the increasingly large number of devices deployed across the organization, said Quin.
In fact, he said, the biggest issue around IT security is the management of that security, making it "a bit of an administrative nightmare."
Quin thinks Secure Computing would benefit from broadening the reach of what is currently a "niche product", and making it capable of managing other firewalls as well – but that would likely involve the cooperation of the other firewall vendors.