Is it required in your company to conduct a security review before purchasing a firewall? Also, do you need to perform reviews after (how often)?
What are the common materials you use in the review? Do you have any tips or advice?
Any pitfalls to watch out for?
Yes, I recommend doing a security review regularly. Not necessarily before a firewall purchase unless you have not done one lately. Having the results of the review will help you understand what capabilities you need in a firewall. As an example, if you get a ton of login attempts from outside your country of origin but have no customers or partners outside the country you will want to have "country blocking" capabilities. There are a number of tools that can be used for evaluations. We currently use RMM and Security tools from SolarWinds.
We have other tools as well. To perform a security review you have to have tools do the work. It simply is not possible for an individual to perform a thorough check without significant automation. We offer this as a service as well.
Pro's: SolarWinds has a free version of some of the useful tools such as SIEM Security Information and Event Management (SIEM) Tool. You can rent some tools by going though a partner (such as us BayStateTechnology.com)
Con's: Tools to purchase are a bit expensive. Performance checks that RMM uses is not accurate on large busy machines. Support leaves much to be desired.
CEO & Sr. Information Security Consultant at a tech services company with 1-10 employees
23 July 18
The only question for a review would be based on your requirements. For example, does the firewall meet Common Criteria standards or other security controls.
Generally, we suggest pursuing a NGFW and our initial recommendation is Fortinet. Good news is the NSS results put Fortinet as the #1.