Announcing Firewall Insights support for firewall policies and trend-based analysis

Firewall Insights helps you understand and optimize your Cloud Firewall rules by providing insights, recommendations, and metrics about how your firewall rules are being used. We are excited to announce new enhancements for Firewall Insights that support hierarchical firewall policies and network firewall policies. These enhancements are now generally available to all customers.

Previously, Firewall Insights provided support for Virtual Private Cloud (VPC) firewall rules. The latest release provides recommendations to optimize your hierarchical firewall policy and network firewall policy configuration in addition to VPC firewall rules. Firewall Insights can assist your migration from VPC firewall rules to network firewall policies by verifying that the VPC firewall rules are shadowed, and firewall policies are hit as intended. More details on migrating from VPC firewall rules to network firewall policies can be found in this blog. 

We are also excited to announce AI-driven trend-based analysis, now available in Public Preview. Before this update, Firewall Insights generated insights about an unused firewall rule when there were no hits during the observation period. Now with trend-based analysis, a machine learning model can identify unused firewall rules based on changes in trends. For example, you might have a previously active firewall rule that is no longer hit after a VM is deleted. Trend-based analysis can produce an insight before the end of the observation period, helping you to identify and delete unused rules quickly. 

Firewall Insights to validate hierarchical firewall policy configuration

Previously, Firewall Insights only supported rules defined for each VPC. With the latest updates for Firewall Insights, we now support hierarchical firewall policies. The insights can be customized based on your needs and offer recommendations for overlapping rules defined at the organization, folder, and VPC network levels. In addition, log-based analysis such as runtime metrics and log-based overly permissive rule insights now cover rules in hierarchical firewall policies. 

Support for hierarchical firewall policies enables you to have a complete understanding of all the firewall rules that impact the operational status of a given VPC, including rules that are inherited from the parent organization and folder. 

How to use Firewall Insights to optimize your firewall configuration 

There are many ways to use Google Cloud Firewall Insights to optimize your firewall rules:

• Shadowed rule insights: Firewall Insights can help you identify rules that are not being used due to overlapping rules with higher priorities. This can help you adjust firewall rule priority to ensure critical rules are hit, or remove redundant rules to reduce complexity in your firewall configuration.

• Overly permissive rule insights: Firewall Insights can provide recommendations to help improve your security posture by providing recommendations on which rules are overly permissive. These recommendations can be used to improve your security and compliance.

• Log-based runtime metrics: Firewall Insights helps you verify that firewall rules are working as intended by providing metrics to track your firewall usage. 

How to use Firewall Insights for your network firewall policy implementation 

We encourage you to use the new Firewall Insights support for network firewall policies to assist in your migration from VPC firewall rules to network firewall policies. When migrating, you can review Firewall Insights to confirm the following: 

• Network firewall policy rules that you have newly created are evaluated and hit as intended

• VPC firewall rules that you will remove are no longer getting hits 

If you are implementing firewall policies for the first time, Firewall Insights can also help ensure your network firewall policies are working as intended by ensuring the firewall policies have hit counts. 

Conclusion 

Firewall Insights can be a powerful tool that can help you improve your security, monitoring, and efficiency. The latest updates in Firewall Insights can help provide recommendations for hierarchical firewall policies, network firewall policies, and adds the new AI-driven trend-based overly permissive rule analysis. These updates can help you with your firewall policy migration, safely adopt Hierarchical Firewall Policies for global control, and to help optimize your firewall rules to get more value from your Google Cloud investment.