Perimeter report

All basic security strategies require the implementation of a firewall for the enterprise, that limits outside access to data. This essential part of the system is typically (although not necessarily) tracked by BMC Defender Server by monitoring packet dropped events and other firewall messages.

The BMC Defender Perimeter report facility provides the unique function of scanning messages to detect external addresses of the enterprise. These messages come from firewalls but might also come from HTTP servers, VPN servers, and any other device capable of sending messages that contain IP addresses as part of the message content.

The report facility scans the list of received messages and tabulates key metrics for each external address. The report is especially useful to auditors, because it easily furnishes evidence of a firewall's performance on the system, as is required by a variety of security specifications and standards.

The Perimeter report facility does not have a complementary screen (or catalog of messages) in the same fashion as the User Activity, and Device Activity reports discussed previously. Rather, the Perimeter report contains special logic to scan messages, extract IP addresses, and determines if any of these IP addresses are external address. If an external address is found, the address is recorded and statistics (such as message counts and geo-location) are tabulated.

This section provides information about the following topics: