Survey: Administrators Fail To Manage Firewall Rules

data security

Because firewall management is not automated, admins are cheating on audits, a study says

Organisations are struggling to keep track of changes in their networks and to effectively manage their firewall policies, according to a new study.

Nearly 85 percent of network administrators in the 2011 Firewall Management report said half of their firewall rule changes need to be fixed because they were configured incorrectly, Tufin Technologies found in its report released on 16 November.

Lack of automation

Very few organisations have automated their audit process, with 7 percent of the respondents claiming they have an automated system and 40 percent claiming to spend a month or longer each year performing firewall audits, the report found.

More than 20 percent of the survey participants said they knew of someone who cheated on a firewall audit, for such reasons as not having enough time, irrelevant parameters and worries that the results would make the network security team look bad, the report found.

About 23 percent of the organisations in the survey claimed to never have performed a firewall audit at all. About 11 percent claimed to have no idea how much time it takes to perform an audit, according to Tufin.

“This year’s survey reveals that more than budget constraints or any other factor time is the security manager’s most precious resource,” said Shaul Efraim, vice president of marketing and business development at Tufin Technologies.

About 30 percent of the administrators said changing a firewall rule can take their team between several hours to several days on average. About two-thirds of the organisations claimed to be vulnerable to breaches because their change management processes are not formalised and are manual, requiring too many steps and people to complete.

“If that is not business justification for automating fundamental, but time consuming, error prone, network security processes, then what is?” said Efraim.

Manual processes

Nearly half of the respondents said they identify duplicate or redundant firewalls rules manually and a fifth said they don’t have a process in place to find them.

About 43 percent of the survey respondents said they manage firewall rules manually. Even more worrying, 41 percent of the administrators in the survey said they don’t have a way to determine when a firewall needs to be retired or fixed.

It was surprising that many of the administrators were still performing basic tasks, such as tightening up rules, looking for duplicate rules and updating outdated rules, manually, according to Efraim.

“There is no benefit to having experienced administrators spend their days searching for needles in haystacks,” he said.

The lack of automation makes auditing network security systems a challenge, especially as organisations use more firewalls in virtualised environments and adopt next-generation firewalls, according to Efraim.

In a separate Ponemon Institute study released on 14 November, researchers found that about 64 percent of surveyed organisations were using next-generation firewalls to supplement existing security deployments.

The combination of next-generation firewalls and existing security tools creates a more complex network for IT departments to manage, according to the Ponemon Institute.

Another study released by TheInfoPro on 17 November found that 37 percent of information security professionals said their organisations plan to increase security spending in 2012. In the study, application-aware firewalls were one of the more popular technologies named by respondents.