Strategies to Improve Firewall Policy Management

I know it’s shocking that a firewall policy management vendor would write a blog about firewall policy management, but I want to share some anecdotes from customers and lessons learned. Depending on the organization… its size, network composition, culture and depending on which side of the house you are speaking with (IT Ops, Security, Audit or maybe a step up at a CIO level), different pain points come out when discussing this challenge of firewall policy management.

• From the security side, it’s about making sure rules aren’t too permissive, that a combo of rules doesn’t create a vulnerability and that firewall changes are being validated, tested and approved by the proper resources.
• From the IT ops side, it’s all about network performance and availability. From a firewall perspective this means not getting bogged down in troubleshooting traffic issues or optimizing firewall rulesets.
• From a CIO approach, it’s proving compliance, getting the most out of the overall IT budget and resources (operational efficiency and cost savings are two things that come to mind here), and ensuring that the business is up and running – otherwise money can’t be made.

For the sake of keeping this blog post brief I’ve overly simplified the above painpoints, especially when you start talking about networks that span multiple locations and contain many heterogeneous firewalls, including newer technologies such as next-generation firewalls. All of this adds complexity to the network and complexity makes the above groups’ work that much more challenging.

I’ve spoken with end-users who have had to spend 2-3 weeks just to conduct an audit on one firewall. I’ve spoken with others who have spent more time and money than they’d like to remember doing the “heavy lifting” of managing firewall policies and the continuous stream of change requests, sucking time away from tasks that could help make the business more secure and efficient. None of this is truly feasible without having significant domain expertise, solid processes and organizational structure, and also technology that can help automate these functions.

In our webcast on Wednesday, we will be drilling into these challenges and examining some key strategies that organizations can implement to reduce this burden of managing firewall policies. I encourage you to register here. We will be joined by Infosecurity Consultant and Author (i.e. Hacking for Dummies among many other titles) Kevin Beaver, to learn from his hands-on experience with clients and to also get his perspective (in addition to that of ours) on what you should be doing. I look forward to your participation on Wednesday.