Firewall Configuration Assessment and Rule Set Review

Optimizing Your First Line of Automated Defense

Firewalls are a mandatory security control because they regulate the flow of traffic between your network and the outside world. One of the most common weaknesses we see in the network environment is a misconfigured firewall rule set. If your firewall isn’t properly configured, your network could be completely exposed to the Internet with the potential for compromise within minutes, if not seconds. The complexity of the device configuration, the ever-changing business environment and threat landscape, and scarcity of trained resources conspire to create the perfect storm of network insecurity.

The Sage Methodology

Sage assesses your firewall across several different categories, including administrative controls, device access, system logging, and attack protection. Our Firewall Assessment focuses on three key areas:

  • The technical aspect of the configuration and rule set, including syntax.
  • The business aspect of the rule set, involving allowed and disallowed activity.
  • Device management, including the authorization process.

Once we’ve examined the syntax of your configuration file and rule set to verify accuracy, we document your rule set with explanations in both technical and non-technical terminology. We also review your device management to make sure that it complies with best practices and regulatory guidance.

Reports and Recommendations

After our Firewall Configuration Assessment and rule set review, we will provide you with:

  • A management summary documenting our findings, and remediation recommendations, if applicable.
  • A technical report including a Configuration Assessment, configuration documentation, and a line-by- line review of the rule set with questions and comments.


The Sage Cybersecurity Lifecycle

The Sage Data Security Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More