Get in touch

Firewall Security Review

Security assessments with remediation designed for humans.

Break the cycle of repetitive penetration testing, where the same issues are raised on every test and walk the DevSecOps walk with our Full Stop Remediation™ training. Give your infrastructure team the skills to put security at the heart of every project.

Service Context

Firewalls are critical network security components, key in blocking unauthorised access and filtering incoming and outgoing traffic. However, firewall rules can be complex and difficult to manage, which can result in misconfigurations and vulnerabilities. To ensure that firewalls provide optimal protection, businesses must review their firewall rules regularly. Cyber Alchemy’s Firewall Rule Review Service offers a comprehensive approach to achieving this objective.

Key Benefits

  • Proactive identification of firewall rule misconfigurations and vulnerabilities.
  • Detailed reports with a clear understanding of the vulnerabilities present in firewall rules.
  • It can be performed on firewalls deployed on-premise or in the cloud.
  • Operational benefits from actioning the recommendations of the firewall review, such as easier administration of firewalls.
  • Clear prioritisation of risks in a detailed and digestible report, reducing the effort and time needed to fix vulnerabilities.


Why Cyber Alchemy?

Expertise in on-prem, cloud, and hybrid deployments: Our team of consultants have extensive expertise in assessing firewall configurations that are deployed on-premises, in the cloud, and as a holistic hybrid deployment. Our team of experts understands the challenges businesses face with diverse IT environments, including traditional on-premises setups and cloud-based services such as AWS, Azure, and GCP. We assess the effectiveness of on-premises firewalls, evaluate cloud firewall configurations, and ensure seamless security integration in hybrid infrastructures.

Contextual understanding: Contextual understanding of your business and its unique requirements is key in every Cyber Alchemy engagement. We take the time to understand what you are trying to achieve with your firewalls as well as any regulatory and technology constraints. This approach ensures that our recommendations enhance security and support your broader business goals

Bundling with dynamic infrastructure testing: Our firewall review service is often bundled with dynamic infrastructure testing, providing a comprehensive security assessment. By simulating real-world attack scenarios, we take a holistic view of your security landscape, enabling targeted improvements to enhance your overall cybersecurity defences.


What is a Firewall Security Review?

A Firewall security review is a periodic assessment that offers a comprehensive approach to reviewing the security of firewalls and their rule base. This assessment is performed our team of experts who use industry-leading tools and their years of experience to identify vulnerabilities and provide recommendations for remediation. A Firewall security review can be performed on firewalls that are deployed on-premise or in the cloud.

Why do I need a Firewall Security Review?

Our Firewall Security Review Service ensures that firewalls offer the protection you need and that their rules are optimized for maximum security. By performing an in-depth analysis of firewall rules, businesses can identify misconfigurations and vulnerabilities that may go unnoticed. Identifying and remediating these vulnerabilities can prevent cyber-attacks and protect sensitive data from theft or destruction. A firewall security rule can also be essential to achieving compliance with standards such as PCI-DSS.


Our Approach

The first stage of the engagement will define what needs to be tested, what the testing needs to achieve and why the testing is being conducted. Cyber Alchemy’s experts will guide you through this process, ensuring the Firewall rules and infrastructure will be tested with an appropriate approach based on the context of the networks, infrastructure and organisation. Once complete, the output of this stage will be a clear proposal of the work to be carried out and timescales.

Our CREST or Cyber Scheme certified consultants use their expertise to review the firewalls and their rules from both a security and operational perspective, protecting and optimising the deployment.

Firewall Device Security Review: Review the firewall’s configuration settings to ensure they align with industry best practices and security standards. This includes examining access controls, authentication mechanisms and patch analysis, among other areas.

Context Driven Rule Review: Reviewing the firewall’s configuration settings to ensure they align with industry best practices and security standards. This includes examining rulesets, access controls, and authentication mechanisms. As part of the assessment, recommendations will be made to optimise the rule base. This could include removing any obsolete or legacy firewall rules or objects to streamline the rule set. Finally, the order of the rules will be appraised to ensure optimal functionality and rule processing.

VPN Configuration Review: Ensuring that devices connected to the network cannot communicate with each other, unless required, to prevent adversaries from attempting to compromise other devices on the network.

Secure Configuration: Should the firewall also be used as a VPN, the configuration of virtual private network (VPN) connections on the firewall can be assessed to ensure secure remote access. This includes checking encryption protocols, authentication methods, and access controls.

For organisations needing greater assurance around their Firewalls or must comply with standards such as PCI-DSS, Cyber Alchemy can build on the standard assessment and appraise the following elements.

Review the Change Management Processes: To ensure accurate execution, tracking, and ongoing compliance, it is essential to have a robust change management process for firewall modifications. Our consultants will assess the process across its entire lifecycle, checking that detailed information is included, adequate authorisation and reviews are conducted, and robust testing is done both before and after a change, to name just a few. Inadequate documentation and insufficient verification of the network’s impact are prevalent issues encountered in change control.

Evaluate the Firewall Logging and Monitoring: Assessing the firewall’s logging capabilities and configuration to ensure that all relevant events are logged and monitored effectively. This helps in detecting and responding to security incidents and in making informed decisions about firewall management and rule configurations. Examples of checks that our experts will perform include how logging is performed, what is logged on the device, how logs are secured from unauthorised modification, how logs are reviewed and whether alarms are configured for important events. All of these questions are answered in the context of the organisation, ensuring that all recommendations are actionable and fit for purpose.

Security Policy Review: Reviewing the organisation’s security policies and ensuring that the firewall’s configurations align with these policies. This includes examining policies related to remote access, user management, and traffic filtering.

High Availability and Redundancy Assessment: Evaluating the firewall’s high availability and redundancy mechanisms to ensure continuous protection and minimal downtime in the event of a failure or attack.

Performance Analysis: Assessing the firewall’s performance to ensure it can handle the network traffic volume without compromising security. This includes examining CPU and memory utilisation, throughput, and latency.

Detailed and digestible describe the outputs of every Cyber Alchemy engagement. Typically, this will be in a documented report with a follow-up meeting to discuss the assessment and the vulnerabilities found, ensuring every stakeholder understands the risks and the next steps to reduce those risks.

For organisations requiring in-depth and continuing remediation, every engagement has the opportunity to use our Full Stop Remediation™ service. Bespoke training delivered by our expert trainers covers the issues discovered in your systems and gives your system administration team the skills to ensure the same issues don’t creep back into your infrastructure. Full details of our reporting and Full Stop Remediation™ can be found below.

The report contains the scope, technical approach, executive summaries, dynamic risk visualisations, prioritised vulnerabilities based on likelihood vs impact, and bespoke mitigation advice for each finding. Each report has three distinct and dedicated board, management, and technical personnel sections. Report clarity ensures understanding and enables informed decisions. Every Cyber Alchemy report will include the following:

  • Background: An overview of the assessment’s general purpose, scope, methodology, and timing.
  • Management Summary: A detailed but digestible summary of the results, such as key critical findings requiring immediate attention, system or recurring issues, and other general findings. This could also include strategic recommendations, offering long-term remediation actions to ensure ongoing risk reduction.
  • Technical Details: Comprehensive vulnerability results, including a description of the vulnerability observed, the impact, evidence of where the vulnerability was observed, step-by-step demonstrations of exploits performed which give teams the ability to internally verify the issues, and detailed remediation recommendations which give administrators the steps to address every reported issue.
  • Methodology: A detailed recap of what was tested, the methodologies used, and the related historical information required for audiences such as auditors to understand the specifics of the test approach.
  • Attack Surface Analysis: Additional content and guidance, such as recommended post-assessment activities that provide added value to the audience of the report.

After every engagement, we offer a focused meeting to discuss the testing and outcomes. This allows system administrators and risk owners to ask specific questions to our expert consultants, ensuring all parties understand the context of the vulnerabilities, root cause and the real-world likelihood and impact of successful exploitation in the context of the organisation. The potential mitigation steps will be discussed, allowing for the implementation of robust measures and the possible effort to be understood.

We don’t believe that report delivery marks the end of the engagement; in fact, it’s just the beginning for us. We’re in every client relationship for the long haul, providing ongoing support to ensure that issues are robustly addressed in line with your organisation’s requirements.

After every engagement, we offer a focused meeting to discuss the testing and outcomes. This allows system administrators and risk owners the opportunity to ask specific questions to our expert consultants, ensuring all parties understand the context of the vulnerabilities, alongside the likelihood and impact of successful exploitation.

We recognise that remediation of all issues doesn’t just happen overnight, and our technical team will be happy to answer any questions while remediation is happening over the following months. We find this approach allows for better integration of security into development and helps reduce the number of issues we see when retesting.

For clients who require further support, we offer our Full Stop Remediation™ post assessment training, which incorporates real-world examples from the assessment into the training course. This tailored approach delivers lessons to system administrators in a familiar context and environment, allowing the lessons learned to be immediately applied to existing projects and ensures long-term risk reduction. More information about Full Stop Remediation™ can be found below.


Full Stop Remediation™ – Secure Infrastructure Operations Training

From the results of a penetration test, or series of assessments, our consultants can provide bespoke training to system administrators on how to remediate the issues found in the assessment and SecOps best practices. This powerful remediation offering allows total remediation for now and the future, giving infrastructure teams the skills to identify vulnerabilities before they make it to production. Other benefits of this remediation package include the following:

  • Cost savings: Investing in remediation training helps your organisation save money in the long run. By preventing security incidents and potential breaches, you avoid the financial impact of data loss, system downtime, regulatory penalties, and reputation damage.
  • Long-term Risk Mitigation:Our remediation service equips your team with the skills and knowledge to address vulnerabilities in the present and future. By building a strong foundation of security practices, you create a sustainable framework for ongoing risk mitigation.
  • Better collaboration: When system administrators understand how to build and maintain secure systems, they can work more effectively with security teams and other stakeholders, resulting in a more secure and cohesive infrastructure estate.
  • Foster a “Security First” culture: With better awareness of security issues and the knowledge to address them, a culture of security can be developed. With a strong security culture comes greater security, shared accountability and efficiency, forming the basis of any successful security program.
  • Empowered Internal Teams:Our training empowers system administrators to handle remediation tasks independently. They gain the knowledge and skills needed to efficiently address vulnerabilities, reducing reliance on external security consultants for routine remediation efforts.

Contact us today for more information on how Full Stop Remediation™ can accelerate your SecOps program and put security at the heart of your infrastructure administration team.


FAQs

A technical contact (somebody who knows the ins and outs of what’s being tested) and 30 minutes to an hour. Our technical team will arrange a call, and then we can discuss all of the aspects of the assessment.

Specifically, for your firewalls, that question will be answered at the end of a scoping call with our technical team. The test duration depends on various factors, such as the number of firewalls and rules in scope. Generally speaking, depending on the project size and requirements, it can range from a day to a few days

It depends. The cost of an assessment can vary based on factors such as the number of firewalls and rules in scope. After the scoping call, our consultants will be able to provide a detailed quote which outlines what we will do and what the outputs of that work will be.

We don’t just wine, dine and dash. We’re in every client relationship for the long term. Like most providers, after the penetration testing is complete, you will receive a detailed report outlining the vulnerabilities identified, their severity levels, and recommendations for remediation. Where we differ is in the post-test support. We recommend to all clients that debrief meetings are scheduled after the assessment is completed, allowing for discussions around real-world risk, prioritisation and the best way to approach specific remediation actions. We recognise that remediation of all issues doesn’t just happen overnight, and our technical team will be happy to answer any questions while remediation is happening over the following months. This approach allows operation teams to address issues while keeping their business moving forward.

Of course, what good is a security assessment if the issues aren’t addressed?! Our team will be here to support remediation efforts for months after the end of the assessment. Our recommended post-engagement debriefs calls, and detailed reports provide all the information that is often required to remediate all issues, but if it can be of any more use, then we will be on hand to help.

We understand that timescales can sometimes be tight, and things need to get done. In these cases, we will attempt to accommodate all requests from our clients. If we don’t have the capacity, we will know a trusted partner who can. Typically, we ask for a lead time of at least two weeks, however. For people who book far in advance, we can often offer reduced rates as our thank you for being super prepared.

The frequency of firewall security reviews depends on various factors, including the systems’ criticality and the organisation’s risk appetite. As a general rule, conducting an assessment at least once a year or whenever significant changes are made to the systems is recommended.

Our objective is not to cause any disruption to systems during testing, but that doesn’t mean that problems can’t (and don’t) occur. It is highly unlikely that a firewall security review will cause any issues due to the nature of the testing involved.