Design

Utilize Solsoft ChangeManager’s visual policy interface to design and test your security rules for multi-vendor networks of firewalls, routers, switches, VPNs and IPs. This visual business-oriented, drag-and-drop approach works with business and network-level rules, rather than specific device-level instructions providing a simple, scalable model that can represent the most complex policies. ChangeManager’s policies automatically recalculate optimal configurations across the network and provide true end-to-end optimization and security.

Network Security Policy Designer Click to expand

Project Browser, Managing Projects Click to expand

Timed-Expiring Rules

ChangeManager provides optional expiration dates for any rule (regardless of vendor device support). Engineers or policy auditors are alerted and can run reports on when rules will expire and who set or changed them. Rules are not automatically removed, so that teams always have a chance to check if access is still required. This prevents “rule-creep” -- the continuous adding, but never removing, of security rules.

Role Base Access, PCI Compliance and Collaboration

ChangeManager ensures separation of global firewall approvals to meet PCI compliance by providing granular role based access and a built-in workflow approval process. Different users can be designated with different roles to provide additional layers of flexibility and accountability. All user actions are logged and tracked. For instance, some users may be able to define firewall policy, but not implement it until it is approved for deployment. Others may deploy, but not design, new policies. Auditors and Operators can access device level security rules in high level read only mode to document compliance.

VPN Change Management

ChangeManager guarantees interoperability between multi-vendor VPN products by calculating the parameters that all the VPN peers can meet to create a VPN session. Our high level interface only requires definition of gateway VPN devices and can automatically create the IPSEC proposal and generates pre-shred keys for hub-spoke, fully meshed and DMVPN networks. Re-generation of pre-shared keys can be scheduled saving valuable engineering time.

Historical Versioning Control and Unlimited Rollback

All policy changes are automatically saved as a new version-- these security policy versions can be then easily deployed, compared or rolled-back on a global scale.

Your organization can save a pre-defined security policy based on special threat level conditions (e.g. Orange Level) for fast responses to new security threats or operational conditions. Contrast this with trying to manually reconfigure all devices based on new threat conditions.

Compliance and Security Reporting

Flexible reporting capabilities are built into ChangeManager—including a dashboard that provides at-a-glance information on key statistics, versioning issues, rule summaries, and deployment status. Instant search is available for quick access and more extensive reports can be auto-generated and customized as needed.

For instance, reporting templates include:

• Quick Compare: Audit any two sets of policies to identify and understand the differences of what services, or objects were added or deleted.
• Expiring Rules: See what rules are about to expire or will/did expire on a certain date.
• Device Compare: What changes have been made to individual devices outside ChangeManager?
• Service/Port Report: All rules dealing with a specific service/port.
• Device Report: see all flows in/out a specific firewall or other device.

Auditing

Extract audit and change history information from a centralized repository of network security policies. IT managers and auditors can now see in seconds what the current settings are for one or multiple devices, who changed what and when, and if your network is in compliance with industry or corporate guidelines. Records are securely stored and audit-ready.

Import/Migration and Flexibility

ChangeManager reduces migration time by 80% from one vendor’s firewall technology to another. ChangeManager can import your organization’s existing device security configuration, allow for some rule clean up, and then convert the rules to a new vendor platform (e.g. from Check Point to Cisco, Juniper, Fortinet…, etc.). Enjoy the flexibility of moving to lower cost hardware platforms and deploying defense in-depth security without the need to learn another management interface.

Integration with Exaprotect Solutions

When incorporated with a SIEM solution such as Exaprotect’s LogManager or EventManager, ChangeManager responds in real-time to security threats, providing you instantly with potential remediation. ChangeManager has an open API so it can work as a vendor-neutral tool with both devices and event systems.  Exaprotext also offers a software developers kit (SDK) for device manufacturers so their solutions ship ChangeManager-ready.  ChangeManager’s flexibility provides you with centralization and interoperability whatever your preferred mix of vendors.

Supported Vendors

ChangeManager can generate and manage security rules (ACL, NAT, VPN, IPS) for the industry’s leading firewalls, routers, switches, and VPN vendors such as Cisco, Juniper, Checkpoint, Fortinet, NetScreen IBM/ISS and Linux. We have strategic partnerships with many of these vendors and provide quarterly device pack releases. See the latest list of compatible systems.