Renowned security professional Bruce Schneier has said that “complexity is the worst enemy of security.”
In our Dangers of Network Security Complexity survey, we found that organizations continue to add more devices and adopt newer technologies, and in turn see a rise in network and security policy complexity. The impact of this complexity is significant – a Gartner research note from November 28, 2012 stated that “Through 2018, more than 95% of firewall breaches will be caused by firewall misconfigurations, not firewall flaws.”
A firewall, or any other network device for that matter, is only as good as how it is configured and the policies that it enforces. The simple fact is that the workload of the network administrator has increased – in many organizations, audits and changes across multiple firewalls that incorporate thousands of interdependent rules have grown well beyond what any admin, short of being Superman, can manage.
In our State of Network Security 2012 survey, more than half of the respondents cited time-consuming, manual and error-prone processes (including poor change management) as the greatest challenges of managing network security devices. We’ve heard firsthand from many conversations with administrators some of the horror stories where something as simple as a mistyped IP address in the firewall rule caused serious damage – whether that be opening a security gap or causing an outage… or both.
Firewall configuration errors are all too common. Think about it – manually pouring through what could be thousands of lines of rules and having to enter or change information such as Source, Destination, Service, Application, etc. leaves a lot of risk at the fingers of an overburdened administrator. So the question becomes how can you enable the administrator to do his/her job and remove as many opportunities for error as possible?
While we add more tools to manage and as business changes need, the admin has more on the plate than ever before. Let’s give the administrator a fighting chance!
Receive notifications of new posts by email.