Market for Network Firewall Auditing Tools on the Upswing

Forrester Research expects the market for tools to help enterprises manage and audit their firewall policies to jump 25 percent this year due to the requirements of PCI-DSS. Third-party vendors are competing to take advantage of interest in the space by attempting to surpass the capabilities offered by companies such as Cisco and Juniper Networks.

Forrester Research expects the market for firewall auditing tools to jump 25 percent this year on the back of compliance regulations.

Right now the market is relatively small, standing at about $30 million today, Forrester analyst John Kindervag said. But the requirements of the Payment Card Industry Data Security Standard are forcing enterprises to pay closer attention to managing their firewall rules, he added.

"It says at least twice you have to audit all your firewall rules, and for a large organization that can be pretty darn challenging," he explained. "I think that that's where the growth in this space is coming from."

It is not unheard of in enterprise environments for network administrators to be dealing with thousands of firewalls, and making sure the rules governing them do not contradict or negate one another can be a long and involved process. So much so that a survey of IT pros by Tufin Technologies - which specializes in firewall auditing tools - found that many had cheated on their firewall security audits.

In response, companies such as Tufin, Exaprotect, Secure Passage and AlgoSec are trying to carve out a niche in the space by picking up where management tools from major firewall vendors leave off.

"Firewall vendors are in a position to improve management of their systems, however, we see it as unlikely that they will ever replace the need for third-party firewall management solutions," said Jody Brazil, CTOof Secure Passage. "A key limiting factor for the firewall vendors solving this problem is the need to provide multivendor solutions. Another significant issue for the firewall vendors is that they must remain flexible to meet all the needs of their customers. What may be seen as a compliance issue at one customer is not a requirement for another customer."

It's likely that as consumer demand for the capabilities increases, companies such as Cisco, Check Point Software Technologies and Juniper Networks will look to acquire or partner with some of the third-party vendors, Kindervag said.

"I think clearly there are a lot of problems in managing firewall rules sets," he said. "If you think about it right there's always a change management process for putting in a rule...but there's no process to get rid of rules."