Automate you security policy testing with Firebind Recon
The importance of network security controls testing and auditing has never been greater. Regulations and standards such as PCI-DSS, FISMA, HIPAA, NERC, and the SANS Institute Critical Security Controls dictate a broad range of security requirements for organizations. While many solutions exist in the marketplace to perform assessments and scan for vulnerabilities of individual hosts, far fewer are focused on empirically evaluating security policies of firewalls, IPS/IDS and DLP systems, routers, switches and other network devices that are securing the boundaries between security zones (network segments).
Conducting network device configuration reviews is good practice assuming it’s done regularly, but even with third-party solutions this passive approach is susceptible to infrequent execution, misinterpreted configurations or even vendor bugs that may not implement the policies as intended. Just like a flight simulator is a great theoretical way to prove out a new airplane design, it’s no substitution for an actual test flight.
Actively testing all network segments on an ongoing basis to find missing or misconfigured security policies has simply not been possible with existing tools or budgets allocated to security auditing projects. Using open-source solutions like Netcat or using Nmap in conjunction with a non-intelligent “scan target” requires significant technical expertise to operate. Even with that technical expertise, the tools still can take many hours of hands-on work to evaluate a single device.
Organizations face a big dilemma – configuration validation solutions are helpful, but are still only theoretical, and pentesters can perform empirical testing of policies, but their legacy tools were built for manual assessments, not enterprise-wide, continuous assessments.
Firebind Recon is the world’s first Breach and Attack Simulation (BAS) solution built from the ground up to perform continuous network security controls validation. Firebind recognized that the only truly reliable way to know what traffic a network device might permit or deny is to send actual payloads through the device to see what policies (ACLs, firewall rules, IPS, IDS and DLP rules, etc.) get triggered. Firebind’s patented technology can send custom bi-directional payload sequences over any network path using any or all of the 64k TCP or UDP ports. Highly portable and simple-to-deploy remote agents can be distributed across the organization, on-premises or in the cloud, whether it’s between cities, buildings, VLANs, subnets, or even virtual private clouds. These instances can then be configured to communicate with each other selectively or in a full-mesh fashion, constantly exercising the policies of any in-line network device.
Don’t just review device configs and trust that they work as intended. Use Firebind Recon to test network security policies and find hidden vulnerabilities before they become liabilities. Click here to request a free trial of Firebind Recon.