Are You Scared of the Zombies on Your Network?

With Halloween approaching, it’s a good time to talk about hunting zombies – not the walking undead kind, but rather those outdated, obsolete or unknown business applications that are wandering around your IT estate, consuming resources, bandwidth and money like their counterparts consume flesh.

Recent research discovered that the top 7000 businesses in the UK spend £2.57 billion every year on supporting unnecessary, abandoned or obsolete ‘zombie’ applications, and that the average enterprise application estate could be reduced by 60-80%, saving hundreds of thousands in licensing costs and operational overhead. That’s a lot of money to be wasting on useless and mostly dead things.  With many organizations looking to cut costs and become more efficient, this is one area where they can easily make savings.

Zombie applications don’t just have financial implications though – they pose potential significant security risks while they inhabit your network.  During routine security assessments, it’s not unusual to find publicly-accessible web apps that have been running under IT’s noses, offering cyber-criminals an open attack surface on your network. This is a subject that Kevin Beaver blogged about earlier this year. With cloud computing, it’s now so quick, easy and cheap for ’shadow IT’ to spin up applications in the cloud for development or testing purposes, and just as easy for them to forget about the application once the project has moved into production (or died).  But if IT isn’t aware of the application, it’s unlikely to be covered by the appropriate security controls, leaving it vulnerable to being reanimated by an attacker to target your networks.

Obviously, leaving these zombies to their own devices is never a good idea; obsolete applications should be decommissioned and their associated network policies removed, but this in itself can be technically challenging for network security teams.  Application-related rule changes are one of the most common causes of network outages and issues, since many organizations share rules across applications to make their networks more efficient and less cluttered – and manual processes for handling firewall rule changes are prone to errors. Additionally, IT must be able to extend security controls to all publicly accessible applications – no more applications lurking in the shadows.

To do this, you first need visibility across the entire enterprise, including all the traffic and access points into your corporate network. This will help you identify all the applications you didn’t know existed. Second, you need to be able to extend security policy management across your entire enterprise environment – whether on premise or in the cloud. When everything is seen and nothing can slip under the radar, IT will no longer be responsible for mitigating security risks for applications it doesn’t know exist.

Once you have visibility and control, you need to identify the network access rules that are connected to the decommissioned (or unused) applications. An automated security policy management solution should be able to provide reports which show rule usage and identify the rules that aren’t hitting any traffic, giving you the information you need to go in and remove unnecessary policies, while avoiding impact on the real business applications in use. Automation also makes the handling of these rule change processes much easier, and minimizes the risk of mistakes and unplanned outages.

It’s never a good idea to leave zombies wandering loose, because you never know when they might bite you. In the end, killing them will save you money, boost performance and most importantly improve your security posture.