Battling with manual firewall analysis
In a survey by Skybox Security, 42% of respondents had more than 100 firewalls to manage, and 67% said they have firewalls from multiple vendors.
In fact, 54% said their firm employs more than 5 full-time people in day-to-day firewall management and security. However, only 21% of the firms use any automated firewall management products at all.
“It’s scary how many large organizations we audit that use a manual system [to manage firewalls]. It’s scary.” This comment, from a PCI Compliance Auditor, underscores the fact that many organizations fail to use automated tools for firewall management.
As the number of firewalls continues to grow, and as many organizations utilize multiple firewall vendors to satisfy their requirements, the use of automated tools becomes an absolute necessity.
Another important issue raised by the survey involves the rapid adoption of next-generation firewalls, coupled with concern about security and management issues. 15% of survey respondents indicated they have already deployed next-gen firewalls, and another 27% plan to deploy within the next 12 months.
Yet adoption brings a new set of concerns. Almost 20% of respondents voiced concern over how to convert existing policies or establish new policies that take into account the finer granularity of control provided by the firewalls.
The time required to define next-gen firewall rules at the user and application level is a big issue for more than 20% of survey-takers. Another common theme is the time and effort it takes to do basic firewall analysis: 25% of respondents raised this as a major concern.
The prevalence of multiple types of firewalls from multiple vendors only exacerbates the problem, as was expressed by 18% of respondents.
The risks involved in manual firewall management are many, and significant. Firewalls are an organization’s first line of network defense. In order to keep them configured properly for maximum security, and in compliance with policy, regular firewall audits are required.
When audits must be done across dozens or hundreds of firewalls, the task is extremely time-consuming and the potential for mistakes is high.