Single-console for Total Security Change Management
Via the SmartDashboard graphical user interface, the SmartWorkflow Software Blade provides an intuitive and easy-to-use security management console to centrally manage the editing, reviewing, approving and auditing of policy changes.
Automated Security Change Management
Administrators have a constant need to make firewall changes. These changes are often done manually and hurriedly and can result in mis-configurations and duplication of rules. The SmartWorkflow Software Blade helps administrators track these changes in entities called sessions—logical units that contain a set of changes made within SmartDashboard. Administrators can track changes made to rule bases, network objects, security policies, users, administrators, groups, OPSEC applications, VPN communities and servers.
Visual Change Tracking and Reporting
Changes made to rules and objects are easily viewed in SmartDashboard, enabling administrators to review the impact of the changes on the entire rule-base.
Figure 1: Easily view changes made to the rule base
Administrators can scroll through the changes in chronological order or they can generate a summary change report that provides a comprehensive picture of the changes that were made during the current session. Clicking on a link in the “name” column of the summary change report will generate a detailed list of how the specific object has changed, who changed it as well as the previous time it was modified and by whom.
Figure 2: Policy change summary report
Session Approval & Flexible Authorization
SmartWorkflow adds an extra layer of security by requiring a manager’s approval before installing a changed security policy (the “four-eyes” principle). Authorized managers can either approve the session or request that modifications be made to the session. In addition, SmartWorkflow can adapt to existing change management approval processes. It can be configured so that only managers can approve a change or the administrator can approve his own changes or, in the case of an emergency, it can be configured so that a policy can be installed without official approval and the appropriate password.
Policy Revisions and Baseline Comparisons
Prior to approving a session, a manager can review the security configuration change summary report and see the objects that were added, changed or deleted and compare these changes to the security policy that is currently installed. In addition, via the SmartDashboard “read-only” mode, managers can review the changes between any two sessions or they can view the changes of a single session.
SmartWorkflow enables administrators to track changes that have been made to objects, security policies and session events over an extended period of time. These changes are recorded in SmartView Tracker as audit logs.
Integrated into Check Point Software Blade Architecture
The SmartWorkflow Software Blade is integrated into the Software Blade Architecture. It can be easily and rapidly activated on existing Check Point security management servers, saving time and reducing costs by leveraging existing security infrastructure.