ANALYZING FIREWALL POLICY AND OBJECT INTEGRITY: A GRAPH DATABASE APPROACH TO MISCONFIGURATION DETECTION AND PRIORITIZATION

Abstract

Enterprise firewall policy management faces major challenges in ensuring consistent evaluation standards and detecting misconfigurations across large-scale networks. This research introduces and validates a graph-based knowledge framework to improve the accuracy of firewall rule misconfiguration detection compared to traditional manual assessments while enabling audit-ready compliance mapping to international security standards. Using a Design Science Research methodology, the study follows a seven-phase approach: problem identification, data preparation, graph modeling, algorithm execution, scoring, compliance mapping, and validation. The proposed solution incorporates automated detection algorithms addressing five key misconfiguration types: shadow rules, overly permissive access, expired or unused policies, unused objects, and inconsistent object naming. A graph database system processes firewall configuration data via CSV exports, constructs relationship models between policies and network objects, and uses graph traversal to detect rule dependencies and conflicts. Validation combines internal focus group discussions with security professionals, performance benchmarking against prior research, and real-world case study evaluations. Results show the graph-based analysis achieves 85% detection accuracy, identifies 25% more improvement opportunities, and reduces evaluation time by 40% compared to manual reviews. The compliance mapping component links technical findings to NIST cybersecurity standards, offering structured justification for policy assessments aligned with regulatory audit requirements.