Anyone running multiple firewalls in a complex, enterprise environment knows how difficult it can be to catch misconfigurations, avoid conflicting rules, identify vulnerabilities and meet auditing and compliance mandates.
Firewall operations management challenges
Firewalls form a crucial part of most service providers and enterprises’ security platforms. Maintaining firewall rules and policies is essential to ensure that these firewalls work efficiently and are able to react quickly to any threats. Through our experience working with thousands of organisations, we have encountered many challenges.
Enterprises typically have hundreds of firewalls, routers and switches. Each device’s configuration is very complex, involving hundreds of rules. Multiply the two together, and the landscape becomes very difficult to navigate.
Large organisations usually have from tens to hundreds of changes per week.
Configuration errors can easily lead to service downtime.
Most change requests are related to application changes and poor communication between the application development and IT security teams.
There is a growing number of standards: PCI-DSS, SOX, NERC, etc. Audit preparation is very intricate and resource-intensive.
These challenges commonly result in the following situation:
- Rules bases become large and tangled over time, due to:
- Unused rules and objects
- Rules with overlap and shadow
- Performance is degraded
- Potential security loopholes are not remediated
- Maintenance is complex and costly
We find it important that firewall operations management solutions for security orchestration are policy and application-centric. This will automate risk analysis, design, provisioning and auditing of network security changes. This solution allows for the simplification and automation of security policy management.
Firewall operations management solutions should provide multi-vendor device support for leading enterprise networks. No matter what industry you work in.
The key features of a firewall operations management solution must include:
- Single pane of glass for network security
- Application-centric security and connectivity management
- Network security change automation
- Compliance and audit automation
- Interoperability with IT service management, ticketing and third party systems
- Firewall policy optimisation
- Unified visibility and management across cloud and on-premise
- Proactive risk assessment and management