Everything you ever wanted to know about security policy management, and much more.
So far, we’ve examined the business case for firewall policy management around the following areas:
In our final segment of this blog series, we’ll examine the value of extending hardware lifespan.
Having been deployed for several years, most firewall policies are cluttered, and contain many rules which are no longer needed by the business. In addition to increasing the likelihood of misconfiguration, this clutter negatively impacts the firewall performance, requiring the firewall to process a significant amount of rules until a rule that “matches” the traffic is found. Ultimately, organizations are required to invest in costly hardware upgrades to counteract the degradation in performance.
But what if you could optimize and clean up these cluttered policies by automatically identifying rules to consolidate (similar rules), and discovering and removing unused rules and objects, as well as shadowed, duplicate and expired rules? What if you could leverage actionable recommendations for reordering rules (i.e. rule 58 gets hit much more often than rule 3, so let’s move #58 ahead of #3) to improve firewall performance – without impacting the business?
You would end up with a firewall running “like new” and most importantly delay the purchase of expensive hardware upgrades, by as much as a year. This claim isn’t smoke and mirrors, but backed by customers with whom I’ve spoken.
For more detailed information on how to optimize your firewall policy to improve performance, I suggest reviewing our whitepaper on Cleaning Up Firewall Clutter.
Receive notifications of new posts by email.