Faddom offers a comprehensive top-down view of your inter-subnet traffic, allowing you to verify the effectiveness of your firewall and security policies and easily identify necessary adjustments. The subnets shown are based on the data sources added to Faddom and the subnets contained within them. Faddom will define the subnets automatically based on the data sources added. Anything outside of this discovery scope will be classed as external. You can add subnets to the discovery scope if you need.
It enhances your security posture through three key functionalities:
Eye-in-the-Sky Overview: Gain a complete overview of your entire topology from the subnet level.
Subnet Organization: Group your subnets into categories like DMZ, LAN, and PROD, and observe dependencies at the group level.
Policy Definition and Alerts: Define policies for allowed cross-subnet traffic and receive alerts for any policy violations.
Subnet Groups
Subnet Groups are created automatically by Faddom based on the initial discovery and will update automatically if any changes (e.g. a subnet is added/removed) are made. The default Subnet Groups are based on a /16 and above subnet. You can create and edit your groups should you wish.
They allow you to easily see how your subnets interact with each other. It also allows you to see any communication outside of the defined subnets that are included in the Discovery Scope. The External entity on the map will show any subnets not included in the Discovery Scope or that you have excluded from discovery. You can edit which subnets are included in discovery and add missing subnets by following our guide How to Amend Subnets Discovery.
Subnet Maps
The Subnet Map shows you the top-level subnet and allows you to drill down through all your subnets, by double-clicking. When you get to the last level it will show you a map of the subnet itself, equivalent to performing an Advanced Search where the source and target is the subnet CIDR block.
The map shows you all the successful connections between subnets, and the thicker the line, the more traffic is passing between the subnets. The arrows indicate the direction of communication, whether it is one-way or two-way, and by clicking on the connection, you will get a list of the cross-subnet connections. When any node is selected, the connection line/s turns black to indicate it is selected and by clicking on the group, it opens up the Properties Panel.
In the bottom left of the screen, you will see the legend that explains what the different colors and symbols mean.
Creating and Editing Subnet Groups
If you wish to create or amend an existing Subnet Group you can do this by clicking on Edit Subnet Groups in the top right. You will then be taken to the Edit Subnet Groups screen. Here you can see how the subnets are grouped.
Subnet Traffic Policy
You can get alerts on illegal traffic between subnets by setting a Subnet Traffic Policy. This tells Faddom what traffic cross-subnet traffic is allowed and can be set automatically by clicking Generate Policy. This creates allowed policies based on observed traffic. You can refresh these policies by clicking on Generate Policy again.
Additionally, you can create policies manually by clicking on New Policy and inputting the source, target, and port (if applicable). You can also delete one or more policies by selecting them and clicking Remove from policy.
You will then receive Notifications and Events on any traffic detected that violates any of the policies.
Properties Panel
When you click on an entity, the Properties panel for the entity will open. Here you will see two sections Inventory and Dependencies.
Inventory - shows the subnets and/or servers that are a member of the entity chosen.
Dependencies - shows the communication between subnets, broken down by port. You will see three of six columns in this section depending on what has been selected
βSubnet - this shows the subnet that is the target of communication - both inbound or outbound
Count - this shows the total number of connections across all ports. Click the >arrow to open up the Count. You will see the connections broken down by port with the option to manually allow a connection.
Source - this shows the source subnet
Target - this shows the target subnet
Alerts - this shows the number of alerts that potentially violate one of the Subnet Traffic Policies. Click the >arrow to open up the Count. You will see the connections broken down by port with the option to manually allow a connection.
ββ