Imagine a small nonprofit operating with tight budgets and limited IT staff, depending on a single firewall. Alarmingly, 43% of all cyberattacks in 2023 targeted small businesses, and 61% experienced a breach in the past year. Misconfigurations are a leading culprit: data shows 80% of security exposures involve misconfigured credentials or firewall rules.

These incidents inflict serious damage: 60% of small businesses go out of business within six months of an attack, with losses averaging $200,000 per incident. Despite this risk, 47% of businesses with fewer than 50 employees have no cybersecurity budget at all, and 51% of small businesses have no formal defenses in place.

On top of the human and financial toll, manual firewall reviews are inefficient. Teams could spend hours poring over docs, yet many breaches slip through. We ask:

How can under-resourced organizations secure their network systems without hiring full-time specialists?

This agentic solution makes network security accessible for organizations who need it most and closes critical vulerabilities before they’re exploited.

FireWize autonomously analyzes and remediates firewall configurations through an agentic workflow. It:

• Normalizes diverse firewall exports from Cisco ASA CLI, iptables JSON, SonicWall, and cloud security groups into a unified schema ({chain, protocol, src, dst_port, raw}) for consistent downstream analysis.

• Runs a deterministic static scan engine that detects critical misconfigurations using a curated library of rules based on security best practices, compliance guidelines, and real-world CVEs. This includes detections for:

  • Exposed management ports (SSH, RDP, Telnet)
  • Broad NAT and open any-any rules
  • Missing default-deny rules
  • Risky outbound DNS or DB port access
  • Unencrypted protocols like FTP

• Encodes these scan results into structured prompts and invokes a Groq-powered LLM from within an Orkes workflow, which transforms low-level scan data into:

  • Executive summaries
  • Severity-labeled issue breakdowns
  • Human-readable remediation steps
  • Vendor-specific configuration commands (e.g., Cisco ACL CLI)

• Presents an interactive UI via Streamlit, displaying:

  • A severity breakdown chart
  • Expandable vulnerability details
  • Live agentic remediation logs
  • Integrated Groq-backed assistant for real-time Q&A

This is how I structured the system.

• Parsing Modules: Regex- and JSON/XML-based parsers for each firewall format, producing a unified rule schema.
• Static Scan Engine: Encodes basic vulnerabilities and firewall management principles to detect critical exposures early.
• LLM Integration (Groq): Packages normalized rules and scan results into structured prompts; calls Groq’s API for sub-second inference and receives a JSON output with summary, issues, and remediation data.
• Workflow Orchestration throughout (Orkes + MCP): Defines tasks for parsing, scanning, AI analysis, decision branches for follow-up, vendor translation, notifications, and report finalization; the agent drives the flow dynamically with audit logs.
• Streamlit Frontend: Initiates the pipeline, shows progress logs, displays summary and charts, lists vulnerabilities with copy-paste commands, simulates remediation sequence, and offers a chat window backed by the same Groq endpoint.
• Notifier: Sends summaries or alerts to Slack or other channels as part of the workflow.

• Parsing variability: Handling subtle differences in CLI syntax and cloud export formats without false positives.
• Learning how to use MCP and agents: It's my first time working with both MCP and Orkes so it was a bit of a learning curve to determine how to build.
• Reliable LLM outputs: Crafting prompts so Groq consistently returns well-structured JSON for issues and remediation.

• Built an MVP for a creative & niche problem
• Delivered an end-to-end agentic pipeline where FireWize “connects,” analyzes, and applies fixes in a simulated control panel with live logs.
• Achieved sub-second Groq inference, enabling instant vulnerability Q&A and remediation.
• Implemented Orkes workflows that record audit trails and dynamically branch on LLM outputs.
• Built a polished Streamlit UI: clear summary, aligned severity chart, expandable details, remediation simulation, and integrated chat.
• Demonstrated real efficiency gains: tasks that take hours manually are completed in seconds.

• Orchestrating AI workflows with MCP and Orkes: designing tasks, handling dynamic decision points, and capturing audit logs.
• Prompt engineering for consistent JSON structure from a low-latency LLM endpoint.
• Parsing real-world firewall configurations and encoding reliable static scan heuristics.
• Integrating Groq inference for privacy-preserving, high-performance AI.
• Crafting a user-friendly security UI that balances clarity, interactivity, and professionalism.

• Live firewall connectivity I couldn't figure out a demo for this in the time frame, but I want to implement direct SSH integration with supported firewalls.

• Security compliance mapping Many small businesses handle sensitive data that requires compliance frameworks, and this is another time-consuming pain point. FireWize will ingest policy frameworks like PCI-DSS and HIPAA, and automatically map config rules to relevant controls, surfacing compliance gaps and remediation steps.

• Scheduled scans & historical intelligence So teams can track rends in exposure risk, and see the impact of fixes over time.

• Expanding support Expanding parser support for more firewalls commonly used by small businesses.