Majority of Firewall Rules Are Improperly Configured, Managed, Survey Finds

A Tufin Technologies study found that the lack of automation in firewall management is resulting in improper firewall rule configuration and cheating on audits.

Organizations are struggling to keep track of changes in their networks and to effectively manage their firewall policies, according to a new study.

Nearly 85 percent of network administrators in the 2011 Firewall Management report said half of their firewall rule changes need to be fixed because they were configured incorrectly, Tufin Technologies found in its report released Nov. 16.

Very few organizations have automated their audit process, with 7 percent of the respondents claiming they have an automated system and 40 percent claiming to spend a month or longer each year performing firewall audits, the report found.

More than 20 percent of the survey participants said they knew of someone who cheated on a firewall audit, for such reasons as not having enough time, irrelevant parameters and worries that the results would make the network security team look bad, the report found. About 23 percent of the organizations in the survey claimed to never have performed a firewall audit at all. About 11 percent claimed to have no idea how much time it takes to perform an audit, according to Tufin.

"This year's survey reveals that more than budget constraints or any other factor time is the security manager's most precious resource," said Shaul Efraim, vice president of marketing and business development at Tufin Technologies.

About 30 percent of the administrators said changing a firewall rule can take their team between several hours to several days on average. About two-thirds of the organizations claimed to be vulnerable to breaches because their change management processes are not formalized and are manual, requiring too many steps and people to complete.

"If that is not business justification for automating fundamental, but time consuming, error prone, network security processes, then what is?" said Efraim.

Nearly half of the respondents said they identify duplicate or redundant firewalls rules manually and a fifth said they don't have a process in place to find them. About 43 percent of the survey respondents said they manage firewall rules manually. Even more worrying, 41 percent of the administrators in the survey said they don't have a way to determine when a firewall needs to be retired or fixed.

It was surprising that many of the administrators were still performing basic tasks, such as tightening up rules, looking for duplicate rules and updating outdated rules, manually, according to Efraim.

"There is no benefit to having experienced administrators spend their days searching for needles in haystacks," he said.

The lack of automation makes auditing network security systems a challenge, especially as organizations use more firewalls in virtualized environments and adopt next-generation firewalls, according to Efraim.

In a separate Ponemon Institute study released Nov. 14, researchers found that about 64 percent of surveyed organizations were using next-generation firewalls to supplement existing security deployments.

The combination of next-generation firewalls and existing security tools creates a more complex network for IT departments to manage, according to the Ponemon Institute.

Another study released by TheInfoPro on Nov. 17 found that 37 percent of information security professionals said their organizations plan to increase security spending in 2012. In the study, application-aware firewalls were one of the more popular technologies named by respondents.