FwChange is the flagship of a modular suite of independent security tools, each built to solve a single problem end to end. They run on their own, and they run better together. A technical portfolio by FwChange, Firewall change management methodology
independent security tools, each solving one problem end to end.
hundreds of
enterprise firewall migrations behind the methodology the suite encodes.
33+
firewall platforms covered across the suite's vendor support.
The tools
Eight independent tools
Each tool solves one problem. Together they map a complete approach to enterprise security engineering: modular, self-hosted, and deployed only where the workflow needs it.
Manage · Flagship
FwChange
Multi-vendor firewall rule management with AI-assisted rule optimization, multi-level approval workflows, ticketing sync and compliance reporting. The flagship the rest of the suite supplements.
Paste a firewall config from one vendor and get a validated translation for another. AI-assisted syntax translation with rule-by-rule verification and a diff you can sign off on before cutover.
Cisco ASA, Palo Alto, Fortinet, Check Point, Juniper SRX
Rule-by-rule validation & diff
Risk analysis before migration
Export-ready config packages
Comply
CompliBot
Upload a security questionnaire as Excel or CSV and CompliBot drafts the answers from your own documentation through retrieval-augmented generation. Weeks of questionnaire work in hours.
RAG answers from your knowledge base
Answer confidence scoring
Multi-framework support
Export completed questionnaires
Test
PentAGI
Orchestrate penetration tests with a multi-agent system: sandboxed Docker execution, a vector knowledge base and an attack-path graph that gets sharper with every engagement.
Multi-agent orchestration
Sandboxed Docker execution
Vector knowledge base & attack-path graphs
Automated reporting
Research
IntelBriefs
Pre-meeting intelligence, competitor scanning and threat research with a three-pass AI synthesis over 40+ source domains, each rated for credibility, with delta detection between briefs.
Quick & deep research modes
40+ source-credibility scoring
Watchlist scheduler & delta detection
Daily, weekly or monthly briefs
Consult
SecSuite
A ten-module security platform built for consultants: risk assessment, phishing simulation, compliance tracking and engagement management, with client-facing reports, in one place.
Ten security modules in one platform
Risk assessment & phishing simulation
Compliance tracker & engagement manager
Client-facing reports
Discover
NetMap
Scan a network with ARP, SNMP and nmap, then auto-generate topology diagrams with one-click export to draw.io XML, classifying devices and flagging the ones nobody knew were there.
ARP, SNMP and nmap scanning
Auto topology diagrams
draw.io XML export
Device classification & unknown-device detection
Assess
C3 Compliance
Assess compliance posture across ISO 27001, GDPR, NIS2, PCI-DSS, the EU AI Act, SOC 2, HIPAA and SOX, with AI-assisted gap analysis and audit-ready evidence behind every score.
Nine regulatory frameworks
AI-assisted gap analysis
Continuous monitoring & risk scoring
Audit-ready evidence generation
Philosophy
Modular, not monolithic
The legacy security platform asks you to buy eight modules to use two, and to wait months to deploy them. This suite takes the opposite position.
The legacy platform
Pay for eight modules, use two
Six- to twelve-month implementation timelines
Closed-source, vendor-controlled deployment
Vendor lock-in by design, annual contracts
This suite
Use only the tools the workflow requires
Deploy in hours, not months
Self-hosted on European infrastructure
Every tool fully independent, no shared lock-in
Use cases
Where the tools combine
Independent on their own, the tools chain naturally for the workflows a security practice runs most.
MSP client onboarding
FwMigrate translates an inherited config to your standard platform, FwChange takes over ongoing changes, and CompliBot completes the client's security questionnaire.
FwMigrateFwChangeCompliBot
PCI-DSS audit prep
FwChange provides the change audit trail and CompliBot auto-fills the QSA questionnaire from it. Two weeks of preparation collapses into a day.
FwChangeCompliBot
Vendor migration
Moving from Cisco to Palo Alto? FwMigrate translates the config with validation, and FwChange tracks every change through the cutover.
FwMigrateFwChange
FAQ
Frequently asked questions
Do the tools share a login or database?
No. Each tool is a fully independent application with its own database, authentication and deployment. The suite is a curated portfolio of independent tools, not a monolithic platform: deploy each one where it makes sense, on-premise, cloud or air-gapped.
How mature is each tool?
FwChange is the production-grade flagship. The other tools are research prototypes built within the same methodology, each a working demonstration of an AI-assisted security workflow rather than a shrink-wrapped product.
How is this different from Tufin or Skybox?
Tufin and Skybox ship monolithic platforms. This suite is modular: each tool is an independent application, and the architecture favors composability over a single all-or-nothing deployment.
Why are the tools published separately?
Each is designed as a standalone application. FwChange is the flagship; the others supplement it for specific workflows, migration, compliance Q&A, pentesting, intel, a full consultant platform, and network mapping.
About this suite
Eight security tools developed by FwChange as part of a enterprise firewall migration research program across enterprise and regulated environments. Each tool is an original technical contribution demonstrating AI-assisted security engineering.