With the furious rise in cybercrime, well maintained and audited network firewalls are a critical line of defense. However, firewalls are apparently spinning out of the control of IT, at least according to a recent survey by Tufin Technologies, which makes software for automating security processes. Given the source you are free to take the survey results with a grain of salt, but if there’s even a modicum of truth to the survey, it points to some real problems.
Firewall change management is a sticking point
For starters, 67% of the 100 network security professionals surveyed, all of whom are involved in firewall management and auditing, believe their change management processes do or could put them at risk of a breach. And some of them, 28%, are spending an inordinate amount of time crafting rule changes, from several hours to several days.
But it’s not helping, as 85% reported that up to half of their rules have to be changed again later because they weren’t designed correctly.
Surviving a firewall audit
Firewalls, of course, come into play during audits for compliance with regulations such as SOX, PCI and the like. So you’d think these folks would know something about the audit process, but results here are mixed. Many of the respondents (41%) have no way of knowing when a firewall rule needs to be recertified or decommissioned while another healthy chunk (43%) manage that process manually.
Similarly, nearly half the respondents (47%) locate redundant or overlapping rules manually, but that’s better than the 20% who have no way of locating them at all.
Given all that, how do these folks survive audits? Increasingly, apparently, they cheat. As Tufin puts it:
Perhaps the greatest indicator that the problem is reaching critical mass is that 22% of the sample knew of someone that cheated on an audit, citing lack of time as the main reason – up from 10% in Tufin’s April 2010 survey. Also disturbing is how many organizations don’t audit their firewalls at all – almost a quarter of the sample (23%) has never conducted a firewall audit.
Other reasons for cheating on audits include the parameters of the audit being irrelevant to the business, cited by 30% of respondents, and concerns that the network security team would look bad, also cited by 30%. That latter 30% might want to consider how the security team is going to look if the company suffers a security breach, which audits are intended to prevent, after all.
Solving the firewall management problem
Tufin’s solution to the problem (surprise, surprise) is to employ its tools to help automate the firewall management process, so employees don’t have to spend an inordinate amount of time tracking rules. Such automated procedures also generally improve accuracy as compared to manual procedures.
If you’d like to learn more about how to keep your firewalls updated against the latest security threats, as well as in compliance, contact the security experts at Carousel.