Firewall Analysis can be split broadly in to two categories. One is, the operation of the Firewall captured in security and event logs. The other is, the administration of Firewall captured in configurations, policies and rules files.
Firewall log analysis provides insight in to the security threats and traffic behavior.
In depth analysis of the security logs provides critical network intelligence about attempts to breach security and attacks like virus, trojan, denial of service, etc. These network security threats pose a grave risk to the critical resources in the network. From the security log reports of firewall analysis, security administrators will be able to visualize network threat scenario and plan their strategy to protect from those threats.
Analysis of traffic logs provides valuable information about bandwidth usage, employee internet usage, bandwidth guzzling web sites, and interface wise traffic. From the traffic log reports of firewall analysis, network/security administrators will be to monitor fair usage of the bandwidth for business purposes and plan for the future requirements of bandwidth capacity.
Firewall configuration analysis provides information to optimize the performance of firewalls.
Deeper analysis of the policies/rules provides information about the frequency of usage or non-usage of the rules. This information can be used by the security / network administrators to find out the adequacy of the rules, requirement of a particular rule, rule usage resulting in security policy implementation. From the rules / policy reports of firewall analysis, the administrator can decide whether to delete unused rules, modify the moderately used rules and add new rules to meet the security policy requirements.
Analysis of firewall configuration provides information about wrong configurations, sub-optimal configurations, etc. With this information, the administrator will be able to correct / fine tune the configurations for optimum firewall performance.