Firewalls have been an essential first line of defense in network security for decades, serving as the gatekeeper between internal network resources and the outside world. However, mismanaged or misconfigured firewalls are barely better than having no firewall at all.
The massive Capital One breach last year illustrates the danger. A misconfigured firewall rule enabled overly permissive server access, which a hacker exploited to steal 106 million customer records — the third-largest recorded breach in U.S. history.
It was a costly mistake for the financial services giant. The company’s stock dropped by 15 percent in the weeks after the breach became public, and analysts estimate the company will be on the hook for up to $300 million in fines. There will be substantial additional costs from a class-action lawsuit.
Unfortunately, it was not a particularly unique event. Gartner analysts say up to 99 percent of all firewall breaches are caused by misconfiguration issues rather than any flaws with the technology itself. This is largely because most organizations remain heavily dependent on inefficient and error-prone manual processes for firewall management.
To Err is Human
Firewalls filter incoming and outgoing network traffic based on a set of user-defined rules. But this is not set-and-forget technology — firewall rules require consistent updating to account for ongoing changes to your network environment. Every time you add or remove users, devices, applications or remote sites to the network, firewall rules must be modified. Over time, the rule bases that drive firewall actions can become bloated and inefficient due to expired, obsolete or duplicated policies.
Companies today commonly manage dozens of firewalls with thousands of individual policies and rules, making the entire environment notoriously complex. However, FireMon’s 2019 State of the Firewall report found that more than 65 percent of organizations still rely on spreadsheets, emails and other manual processes for configuration changes. Manual changes create workflow bottlenecks and hinder innovation by tying up staff members who could be working on other crucial projects.
Aggravating the problem is the fact that few organizations regularly conduct audits to ensure firewalls are up to date and working properly. One study found that most organizations audit their firewalls no more than once a year, and up to 20 percent never audit.
Formalize Change Management
Automated firewall administration and policy management can reduce errors, improve security and relieve staffing burdens. These solutions often combine analytics software with data integration, network modeling and vulnerability intelligence modules to automatically track, assess and validate firewall rules changes.
One of the chief benefits is improved change management, which is often an ad hoc process. Automation solutions formalize the workflow, with requests entered through an integrated ticketing system. An impact analysis will assess how changes will affect existing rules and policies and how that might impact security and compliance requirements.
According to Forrester analysts, 55 percent of organizations that use automated firewall management tools experience fewer breaches and 65 percent experience increased productivity. But if firewall automation is outside your organization’s skill sets, you can reap those same benefits by partnering with a qualified managed services provider such as SSD.
Our team monitors your firewalls to ensure they’re operational, and uses well-defined cc to keep them up-to-date and performing optimally. Give us a call to learn how we can help your organization minimize configuration errors and boost your security posture.