SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.
Annual Firewall Survey Report -...
Transcript of Annual Firewall Survey Report -...
Annual Firewall Survey Report Insights on the state of firewall management
www.tufin.com February, 2013
2Annual Firewall Survey Report /14
Annual Firewall Survey Report
Tufin conducted its annual firewall management insight survey amongst 200 network security professionals. The study found that 93.6 percent of all firewall change requests are application-related, validating that the function of firewalls has evolved to include secure application connectivity, in addition to their traditional role of perimeter security.
•Almosthalfofrespondentsaudittheirfirewallsonlyonceayearand15%neveraudittheirfirewalls;50%spenduptoaweekormoreperquarteronfirewallaudits. •Almost1/5reportedtheyknewofsomeonewhocheatedonanauditbecausetheyeitherfelttheauditwasawasteoftime(39.3%)ortheydidnothaveenoughtime/resources(35.6%). •Almost1/5ofthesamplehasnoideahowcurrenttheirfirewallpolicyis. •40%havenowaytoknowwhenaruleneedstobeexpiredorrecertified. •30%nevertestconfigurationchangesbeforetheyareimplemented. •90%ofthesamplehastoredouptohalfofallnetworksecuritychangesbecause they do not meet design requirements.
Whilesurveydataindicatesfirewallsarebecomingincreasinglyrelevantoutsideoftheirestablishedfunctioninsecurityoperations,theirrolehaveexpanded-notshifted.Firewall management processes can have a significant impact on an organization’s risk posture.
3Annual Firewall Survey Report /14
Q. What is the most common cause for a firewall change request?
New employee
New application
Changetoanexistingapplication
Migrating/movingserverstodifferent location
Decommissioning
Removing access
4.0% 2.3%
Lessthan25%
Between25-50%
Morethan50%
Q.Whatpercentageofnetworksecuritychangesimplementedneedtobemodifiedbecausethedesigndoesnotmeettherequirements?
4Annual Firewall Survey Report /14
Q.Howlongdoesittakefromthetimeachangerequestissubmitteduntilit’scompleted(inproduction)?
Same day
Within1day
2-3 days
1-2weeks
More than 2 weeks
0-20%ofthetime
20-40%ofthetime
40-60%ofthetime
61-80%ofthetime
81-100%ofthetime
Q.Howoftendoesafirewallchangeneedtoberedone?
2.3% 0.6%
5.4%
5Annual Firewall Survey Report /14
Q.Whydofirewallchangesneedtoberedone?
Changewasbasedoninaccurate data
New rule conflicted withanother one
There was a typo in one ofthe fields– human error
Miscommunicationbetweenthe firewall team and theperson that requested the change
Increased communicationsreporting the issue
Automatedsystemalertsustotheproblem
Analternativemethod
Q. How do you know when a firewall configuration change causes downtime?
2.9%
6Annual Firewall Survey Report /14
Q. Do you think your current change management processes put you at riskofasecuritybreach?
Yes
No
Not sure
Q.Whatpercentageofyourrulebaseisobsolete(unused,ornolongerrequired)?
Lessthan5%
Lessthan25%
Lessthan50%
Over50%
I don’t know
7Annual Firewall Survey Report /14
Q.Howdoyouknowwhenafirewallruleneedstoberecertifiedordecommissioned?
Q. How do you tighten overly permissive firewall rules?
Manually,byinspectinglog information
We don’t tighten rules becauseittakestoolong
We use an automated solution
We don’t
Word/Exceldocument
Automatedfirewallmanagement system flags it
Quarterly or annual audit
8Annual Firewall Survey Report /14
Q.Haveyou,oranyofyourcolleagues,everbeenaskedtomakearule/configurationchangeagainstyourbetterjudgment?
Q. What percentage of your organization’s total firewall changes are application-related?
Lessthan50%
Between50-80%
Between80-100%
Yes
No
I don’t know
9Annual Firewall Survey Report /14
Q. How does your organization keep track of application connectivity requirements?
Q.Areyouconfidentthatasateam,youonlyopentheportsrequiredbyyourbusiness?
Yes
No
Not sure
ExcelorWorddocument
Comments in the firewall rulebase
Ahome-grownsystem
We don’t
10Annual Firewall Survey Report /14
Q.Hasyourorganizationhadasecuritybreachduetoanapplication-relatedrule change?
Q.Howoftenhasyourorganizationexperiencedapplicationservicedisruptionsduetonetwork configuration changes?
Yes
No
Not sure
Morethan20times/year
Between10and20times/year
Lessthan10times/year
Not sure
11Annual Firewall Survey Report /14
Q.Howfrequentlydoyouperformcorporateand/orregulatoryaudits?
Never
Once a year
Everysixmonths
Everyquarter
Everymonth
1-2days/quarter
3-7days/quarter
Over7days/quarter
Less than a day per quarter – it’s automated
We don’t do audits
Q.Howmuchtimedoesthenetworksecurityteamspendonfirewallaudits,bothinpreparation and in the audit itself?
12Annual Firewall Survey Report /14
Q. Do you know anyone who ever cheated on an audit?
Yes
No
Notenoughtime/resources
The areas they were auditingwereirrelevanttothebusiness
The audit was a waste of time
Worriedaboutthemselvesorsomeoneelselookingbad
Q.Ifyouanswered“Yes”tothepreviousquestion,pleaseexplainwhy
13Annual Firewall Survey Report /14
Q.Whatpercentageofyoursecuritybudgetisspentonitemsthatdon’timprove security?
Ahugeamount
Quite a lot
Alittle
Not much
I don’t know
Allthetime
Most of the time
For critical changes only
Never
Q. Do you test or simulate configuration changes for potential risk and compliance violationsbeforeyouimplementtheminproduction?
14Annual Firewall Survey Report /14
Conclusions
This report reveals that the role firewalls play in managing application connectivity is bothacauseandeffectofsweepingtrendsinenterpriseIT.Itisclearthatmoreneedstobedoneintermsofeducationandunderstandingoftheadvantagesthatfirewallsecurityautomationbringstothebusinessefficiencytableandhowitallowstherightsetoforganizationalprocessesbetweentherelevantstakeholderstobedefinedandimplemented.
LearnmoreabouthowTufinhasaddressedtheseenterpriseITtrendsfromthe2012launchofSecureApp,tothenewreleaseofTufinSecuritySuite(TSS),itsawardwinningSecurity Policy Management solution.
ReadtheSIXGroupcasestudytolearnhow–withSecureApp–theycannowreportdramatic improvements in application connectivity-related change management processes.
Jointhediscussionaboutthisreport,oranyothersecuritypolicymanagementissues.
Your Opinion MattersTwitter:http://twitter.com/TufinTechFacebook:http://www.facebook.com/TufintechGoogle+:https://plus.google.com/s/tufinLinkedIn:http://www.linkedin.com/companies/tufin-technologiesYouTube:http://www.youtube.com/user/TufintechTheTufinBlog:http://www.tufin.com/blog
About Tufin Technologies Tufin™istheleadingproviderofSecurityPolicyManagementsolutionsthatenablecompanies to cost-effectively manage their firewall, switch and router policies, reduce securityandbusinesscontinuityrisks,andensureContinuousCompliancewithregulatory standards. The award-winning Tufin Security Suite provides security teams with powerful automation that slashes the time and costs spent managing change andsuccessfullypassingaudits.Foundedin2005,Tufinservesmorethan1,100customers in industries from telecom and financial services to energy, transportation and pharmaceuticals. Tufin partners with leading vendors including Check Point, Cisco, JuniperNetworks,PaloAltoNetworks,Fortinet,F5,BlueCoat,McAfeeandBMCSoftware, and is known for technological innovation and dedicated customer service.
©2008,2009,2010,2011,2012,2013TufinSoftwareTechnologies,Ltd.Tufin,SecureChange,SecureTrack,SecureApp,AutomaticPolicyGenerator,andtheTufinlogoaretrademarksofTufinSoftwareTechnologiesLtd.Allotherproductnamesmentioned herein are trademarks or registered trademarks of their respective owners.