Acquired by SolarWinds, 2012
An easy-to-use tool to analyze firewall configurations and identify security risks and exposures in the associated firewall configuration policies. Typically, firewall configuration policies that extend beyond a certain size are impossible to audit by simply reading the policy rules. The solution was to comprehensively analyze the configuration files to determine the traffic allowed and disallowed by the firewall from all sources to all destinations for all services. Audit reports would flag dangerous or potentially risky services allowed by the policy. Configuration cleanup reports would identify redundant, shadowed, and unused rules and objects, enabling configurations to be simplified and compressed while retaining the original policy. A comparison capability would enable different versions of a configuration to be compared to determine the impact of changes on firewall policy. Impact monitoring would send notifications to firewall administrators when changes to the firewall policy violated compliance with security policies. Change modeling would enable network engineers to design the correct changes in firewall policies to implement change requests.
In addition, the tool would integrate with Network Compliance Management (NCM) products to track configuration versions and to facilitate impact monitoring and change modeling.
A variety of solutions were built around this core capability that resulted in several point products that would be useful for network and security engineers of organizations of all sizes.
Athena's solutions help Cisco, Check Point, and Juniper Netscreen customers struggling with ballooning corporate network complexities, ad hoc change processes, and demanding compliance requirements.
The product performs security analytics on layer 3 network devices. Network engineers run Athena solutions to perform what-if analysis that reduces the reliance on diagnostics and validation by testing. In addition to automating audits for exposures to critical assets, the product offers advanced operational support for policy optimization.
Athena also provides unique solutions for cross-vendor migration support, Payment Card Industry (PCI) compliance and mass change object standardization.
The need to model firewall devices comprehensively required that the team develop a mathematical model of the firewall based on its configuration file and compute reachability across the firewall based on multi-dimensional space. Traffic passing through the device is computed by intersections of the address space of the traffic with the allowed address spaces of the firewall. To make these computations within a reasonable amount of time and using an optimum amount of memory required complex mathematical modeling.
The results provided users with surprising information about unknown exposures that resided in their firewall configurations at the layer 3 and layer 4 of the network.
Incubated at LisleTech, which invested $3 million. No outside financing was raised. The company was completely bootstrapped internally and was sold to Solar Winds in August 2012.