Network World
- Newsletters
- Videos
- Events
- Resources
- Communities
- The Challenges of OS Migration
- Citrix's Mobile Enterprise 360
- Cloud Powered Work
- The Essential Guide to Managing Power
- Get an Integrated Approach to Data Management
- Oracle Cloud KnowledgeVault
- Virtualization Boosts SMBs
- Your IT Journey — Your Way
- Research
- Aruba Networks Bring Your Own Device
- BlackBerry: Build up your BlackBerry® 10 knowledge
- CA Technologies Transform Your IT Strategy
- HP + Microsoft Data Management Appliances & Architectures
- Network World The Next Generation Firewall Challenge
- Network World Data Center Challenge 2012
- Riverbed Accelerate Business Performance Solution Center
- Riverbed Cascade® Solution Center
- View all Solution Centers
- Insider
- More
- Linked In
Firewalls: The security tool we love to hate
Can't live with them, can't live without 'em.
By Alan Shimel on Wed, 03/06/13 - 2:01pm.If someone says "firewall," what do you think of first? For many in the security industry and IT in general, we think "are they still around, do we still use them?" But the fact a recent study by Wendy Nather of 451 Group found that if you asked Chief Information Security Officers (CISOs) to name their top three technology solutions they would implement in a green-field situation, firewalls and anti-virus still make the list. As much as people say AV and firewalls are useless, we still all use them. As Tufin Technologies CEO Ruvi Ktov told me, "Firewalls are the security tool we love to hate".
Why is that? Could it be the view that they are frumpy, old technology? Could it be that after all these years they have lost their sizzle? Yes, NGFW (next-gen firewalls) have given the industry a lift and most vendors have NGFW offerings, but overall Firewalls may not be the sexiest layer in your security stack.
[Killer Open Source Admin Tools]
We should not confuse sexy with practical and useful, though. NGFW or not, despite the naysayers, we all use firewalls. In fact, a recent study by Tufin shows while we almost all have firewalls, there are some ways we could be a lot more effective using what we have. Some of the survey results are:
- Almost half of respondents audit their firewalls only once a year and 15% never audit their firewalls; 50% spend up to a week or more per quarter on firewall audits.
- Almost 1/5 reported they knew of someone who cheated on an audit because they either felt the audit was a waste of time (39.3%) or they did not have enough time/resources (35.6%).
- Almost 1/5 of the sample has no idea how current their firewall policy is.
- 40% have no way to know when a rule needs to be expired or recertified.
- 30% never test configuration changes before they are implemented.
- Half of the sample has to redo more than 25% of all network security changes because they do not meet design requirements.
Further findings show:
- 62.4% either believe or are not sure if their change management processes put them at risk to be breached.
- 54.7% say their application connectivity management processes could or might create unnecessary IT risk; about 1/3 make 100 or more application-related firewall changes per month.
- 41.5% of those sampled track application connectivity changes via comments in the firewall rule base, almost 1/6 don't track these changes at all.
- 46.9% report they might have or did have a breach due to an application-related rule change.
- 70% of respondents report application service disruptions up to 20 times per year due to configuration changes.
- 60% of respondents were asked to make a change against their better judgment.
- 1/3 of respondents report that much of their security budgets is spent on items that don't improve security; 1/3 had no idea how well their security budgets were spent.
Of course, I think year-over-year these numbers are actually pretty static. One result that was interesting to me was that over 93% of firewall change requests are application-related. This validates that we are moving to an app-centric world.
This app-centric view is shared not only by Tufin's team, but by Algosec, a Tufin competitor. Algosec, like Tufin, recently launched a new module for their firewall management solution that seeks to reach out to devops and application teams to include their application focus into firewall management. I had a chance to speak with Yuval Baron, CEO of Algosec, and Nimrod (Nimmy) Reichenberg, the company's Vice President of Marketing and Business Development. Both Yuval and Nimmy agree that firewall management is still a growing market. There are more gains to be made by better managing what we have now than going out and buying new firewalls and new technologies.
Both Algosec and Tufin claim to have record years and solid year-over-year growth, which lends credence to their views. Another company in the space that has experienced a great year of growth and record revenues is Firemon.
I caught up with Jody Brazil, President of Firemon, at RSA as well. Jody reinforced what I heard from the other two companies. Jody thinks that there are some common myths around firewall management that need to be debunked. In fact, look for more on that from Firemon soon. But among these Jody says Firemon's own research shows that most attacks are not due to inadequate firewalls or the technology being obsolete. Most of the time it is due to misconfigurations that lead to successful breaches.
While people are all too quick to blame those stodgy old firewalls, it seems better firewall management is the real key to shining up these old relics and making them once again the workhorses of our network security strategies. So while we love to hate them, using Firewalls smarter might still be the best bang for your buck.
Recent Blog Posts
- About Open Source Fact and Fiction
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.
-
-
Most Discussed Posts
- Blog Roll
-
Network World, Inc
The Connected Enterprise