General
Albarius is a centralized platform for managing, building, and optimizing firewall policies across different vendors. It offers a unique solution for policy management, significantly saving time and improving security compared to competitors.
Full Automation
Albarius provides full automation for policy building and optimization, including the ability to run scheduled processes that automatically enhance firewall policies.
Administrators retain full control, choosing between:
Partial Autonomy: The system suggests optimized policy, firewall admins review, exports the full report and using it to create the suggested policy.
Full Autonomy: The system suggests optimized policy, firewall admin reviews and accept, then the system will create the actual objects and rules.
Building Accurate and Secure Policies
Albarius always strives to create the most precise policies using “least-privilege” methodology. Admins can configure policies suggestions based on:
Address ranges (Segments) that accepted to be permissive (Usually for users/printers, etc) and the system will suggest to open whole subnets.
Specific objects (for more granular control), usually used for applications, so the rules will be suggested and built with application objects.
Thus, the system maintains minimal rule sets without compromising security.
Long-Term Traffic Collection
Albarius collects and effectively stores firewall traffic logs based on available storage, not time. Each unique session stored only once. As long as storage is available, older logs are retained, enabling reliable policy building even for infrequent traffic patterns — unlike other systems which only store limited logs.
Change Management
Every change inside or outside platform related to firewall policy or object is fully documented. Each optimization/cleaning suggestion (whether implemented or not) is logged in "Revisions," enabling full audit trails of changes made to the firewalls.
Unified Management for Micro-Segmentation and Classic Firewall Solutions
Albarius supports a wide variety of firewalls:
Classic Firewalls: FortiGate, Checkpoint, Palo Alto.
Micro-Segmentation: NSX-v, NSX-T
In micro-segmentation environments, Albarius automatically creates Security Groups based on Security Tags, and handles external IP-based firewall rules as well.
Organizational Customization Capability
Albarius allows extensive customization:
Connecting to organizational DNS servers to create informative object names.
Defining networks as Segments.
Grouping servers and applications.
Excluding specific networks from suggestions (e.g., internal FW internet rules).
New customizations are continuously added to minimize manual work.
Time Saving
Albarius significantly reduces the time required to build or optimize policies.It independently finds the best placement for each rule and performs all necessary actions, far outperforming manual efforts and other systems.
Business and Technological Values Provided by Albarius
Risk Reduction:
Reduce permissive rules.
Identify and eliminate unused rules.
Enforce Zero Trust policies via micro-segmentation.
Operational Efficiency:
Centralized firewall policy management across vendors.
Smart automation reduces manual work and human errors.
Structured change management with immediate rollback capability.
Improved Control and Governance:
Unified control over policies and objects.
Automatic identification and replacement of duplicate objects.
Policy quality scoring and improvement plans.
Flexibility and Adaptability:
Continuous monitoring of network traffic and recommended remediation plan adjustment.
Dynamic adjustment of unused policies and/or objects based on real traffic.
Ability to recommend policies based on organization thresholds and topology.
Compliance and Audit Readiness:
Full documentation of every change.
Integration with SIEM systems.
Ready-made audit reports.
Cost Reduction:
Reduced maintenance costs by cleaning unnecessary rules.
Optimized configurations to lower resource consumption.
Less manual labor for firewall management.