The Security Suite

Eight security tools. One firewall lifecycle.

FwChange is the flagship of a modular suite of independent security tools, each built to solve a single problem end to end. They run on their own, and they run better together. A technical portfolio by FwChange, Firewall change management methodology

8

independent security tools, each solving one problem end to end.

hundreds of

enterprise firewall migrations behind the methodology the suite encodes.

33+

firewall platforms covered across the suite's vendor support.

The tools

Eight independent tools

Each tool solves one problem. Together they map a complete approach to enterprise security engineering: modular, self-hosted, and deployed only where the workflow needs it.

Manage · Flagship

FwChange

Multi-vendor firewall rule management with AI-assisted rule optimization, multi-level approval workflows, ticketing sync and compliance reporting. The flagship the rest of the suite supplements.

  • AI shadow-rule & conflict detection
  • Multi-level approval workflows & policy-drift detection
  • Jira & Taiga bi-directional sync
  • PCI-DSS, ISO 27001 and NIS2 reporting

Migrate

FwMigrate

Paste a firewall config from one vendor and get a validated translation for another. AI-assisted syntax translation with rule-by-rule verification and a diff you can sign off on before cutover.

  • Cisco ASA, Palo Alto, Fortinet, Check Point, Juniper SRX
  • Rule-by-rule validation & diff
  • Risk analysis before migration
  • Export-ready config packages

Comply

CompliBot

Upload a security questionnaire as Excel or CSV and CompliBot drafts the answers from your own documentation through retrieval-augmented generation. Weeks of questionnaire work in hours.

  • RAG answers from your knowledge base
  • Answer confidence scoring
  • Multi-framework support
  • Export completed questionnaires

Test

PentAGI

Orchestrate penetration tests with a multi-agent system: sandboxed Docker execution, a vector knowledge base and an attack-path graph that gets sharper with every engagement.

  • Multi-agent orchestration
  • Sandboxed Docker execution
  • Vector knowledge base & attack-path graphs
  • Automated reporting

Research

IntelBriefs

Pre-meeting intelligence, competitor scanning and threat research with a three-pass AI synthesis over 40+ source domains, each rated for credibility, with delta detection between briefs.

  • Quick & deep research modes
  • 40+ source-credibility scoring
  • Watchlist scheduler & delta detection
  • Daily, weekly or monthly briefs

Consult

SecSuite

A ten-module security platform built for consultants: risk assessment, phishing simulation, compliance tracking and engagement management, with client-facing reports, in one place.

  • Ten security modules in one platform
  • Risk assessment & phishing simulation
  • Compliance tracker & engagement manager
  • Client-facing reports

Discover

NetMap

Scan a network with ARP, SNMP and nmap, then auto-generate topology diagrams with one-click export to draw.io XML, classifying devices and flagging the ones nobody knew were there.

  • ARP, SNMP and nmap scanning
  • Auto topology diagrams
  • draw.io XML export
  • Device classification & unknown-device detection

Assess

C3 Compliance

Assess compliance posture across ISO 27001, GDPR, NIS2, PCI-DSS, the EU AI Act, SOC 2, HIPAA and SOX, with AI-assisted gap analysis and audit-ready evidence behind every score.

  • Nine regulatory frameworks
  • AI-assisted gap analysis
  • Continuous monitoring & risk scoring
  • Audit-ready evidence generation

Philosophy

Modular, not monolithic

The legacy security platform asks you to buy eight modules to use two, and to wait months to deploy them. This suite takes the opposite position.

The legacy platform

  • Pay for eight modules, use two
  • Six- to twelve-month implementation timelines
  • Closed-source, vendor-controlled deployment
  • Vendor lock-in by design, annual contracts

This suite

  • Use only the tools the workflow requires
  • Deploy in hours, not months
  • Self-hosted on European infrastructure
  • Every tool fully independent, no shared lock-in

Use cases

Where the tools combine

Independent on their own, the tools chain naturally for the workflows a security practice runs most.

MSP client onboarding

FwMigrate translates an inherited config to your standard platform, FwChange takes over ongoing changes, and CompliBot completes the client's security questionnaire.

FwMigrate FwChange CompliBot

PCI-DSS audit prep

FwChange provides the change audit trail and CompliBot auto-fills the QSA questionnaire from it. Two weeks of preparation collapses into a day.

FwChange CompliBot

Vendor migration

Moving from Cisco to Palo Alto? FwMigrate translates the config with validation, and FwChange tracks every change through the cutover.

FwMigrate FwChange

FAQ

Frequently asked questions

Do the tools share a login or database?

No. Each tool is a fully independent application with its own database, authentication and deployment. The suite is a curated portfolio of independent tools, not a monolithic platform: deploy each one where it makes sense, on-premise, cloud or air-gapped.

How mature is each tool?

FwChange is the production-grade flagship. The other tools are research prototypes built within the same methodology, each a working demonstration of an AI-assisted security workflow rather than a shrink-wrapped product.

How is this different from Tufin or Skybox?

Tufin and Skybox ship monolithic platforms. This suite is modular: each tool is an independent application, and the architecture favors composability over a single all-or-nothing deployment.

Why are the tools published separately?

Each is designed as a standalone application. FwChange is the flagship; the others supplement it for specific workflows, migration, compliance Q&A, pentesting, intel, a full consultant platform, and network mapping.

About this suite

Eight security tools developed by FwChange as part of a enterprise firewall migration research program across enterprise and regulated environments. Each tool is an original technical contribution demonstrating AI-assisted security engineering.