Annual Firewall Survey Report Insights on the state of firewall management

www.tufin.com February, 2013

2Annual Firewall Survey Report /14

Annual Firewall Survey Report

Tufin conducted its annual firewall management insight survey amongst 200 network security professionals. The study found that 93.6 percent of all firewall change requests are application-related, validating that the function of firewalls has evolved to include secure application connectivity, in addition to their traditional role of perimeter security.

•Almosthalfofrespondentsaudittheirfirewallsonlyonceayearand15%neveraudittheirfirewalls;50%spenduptoaweekormoreperquarteronfirewallaudits. •Almost1/5reportedtheyknewofsomeonewhocheatedonanauditbecausetheyeitherfelttheauditwasawasteoftime(39.3%)ortheydidnothaveenoughtime/resources(35.6%). •Almost1/5ofthesamplehasnoideahowcurrenttheirfirewallpolicyis. •40%havenowaytoknowwhenaruleneedstobeexpiredorrecertified. •30%nevertestconfigurationchangesbeforetheyareimplemented. •90%ofthesamplehastoredouptohalfofallnetworksecuritychangesbecause they do not meet design requirements.

Whilesurveydataindicatesfirewallsarebecomingincreasinglyrelevantoutsideoftheirestablishedfunctioninsecurityoperations,theirrolehaveexpanded-notshifted.Firewall management processes can have a significant impact on an organization’s risk posture.

3Annual Firewall Survey Report /14

Q. What is the most common cause for a firewall change request?

New employee

New application

Changetoanexistingapplication

Migrating/movingserverstodifferent location

Decommissioning

Removing access

4.0% 2.3%

Lessthan25%

Between25-50%

Morethan50%

Q.Whatpercentageofnetworksecuritychangesimplementedneedtobemodifiedbecausethedesigndoesnotmeettherequirements?

4Annual Firewall Survey Report /14

Q.Howlongdoesittakefromthetimeachangerequestissubmitteduntilit’scompleted(inproduction)?

Same day

Within1day

2-3 days

1-2weeks

More than 2 weeks

0-20%ofthetime

20-40%ofthetime

40-60%ofthetime

61-80%ofthetime

81-100%ofthetime

Q.Howoftendoesafirewallchangeneedtoberedone?

2.3% 0.6%

5.4%

5Annual Firewall Survey Report /14

Q.Whydofirewallchangesneedtoberedone?

Changewasbasedoninaccurate data

New rule conflicted withanother one

There was a typo in one ofthe fields– human error

Miscommunicationbetweenthe firewall team and theperson that requested the change

Increased communicationsreporting the issue

Automatedsystemalertsustotheproblem

Analternativemethod

Q. How do you know when a firewall configuration change causes downtime?

2.9%

6Annual Firewall Survey Report /14

Q. Do you think your current change management processes put you at riskofasecuritybreach?

Yes

No

Not sure

Q.Whatpercentageofyourrulebaseisobsolete(unused,ornolongerrequired)?

Lessthan5%

Lessthan25%

Lessthan50%

Over50%

I don’t know

7Annual Firewall Survey Report /14

Q.Howdoyouknowwhenafirewallruleneedstoberecertifiedordecommissioned?

Q. How do you tighten overly permissive firewall rules?

Manually,byinspectinglog information

We don’t tighten rules becauseittakestoolong

We use an automated solution

We don’t

Word/Exceldocument

Automatedfirewallmanagement system flags it

Quarterly or annual audit

8Annual Firewall Survey Report /14

Q.Haveyou,oranyofyourcolleagues,everbeenaskedtomakearule/configurationchangeagainstyourbetterjudgment?

Q. What percentage of your organization’s total firewall changes are application-related?

Lessthan50%

Between50-80%

Between80-100%

Yes

No

I don’t know

9Annual Firewall Survey Report /14

Q. How does your organization keep track of application connectivity requirements?

Q.Areyouconfidentthatasateam,youonlyopentheportsrequiredbyyourbusiness?

Yes

No

Not sure

ExcelorWorddocument

Comments in the firewall rulebase

Ahome-grownsystem

We don’t

10Annual Firewall Survey Report /14

Q.Hasyourorganizationhadasecuritybreachduetoanapplication-relatedrule change?

Q.Howoftenhasyourorganizationexperiencedapplicationservicedisruptionsduetonetwork configuration changes?

Yes

No

Not sure

Morethan20times/year

Between10and20times/year

Lessthan10times/year

Not sure

11Annual Firewall Survey Report /14

Q.Howfrequentlydoyouperformcorporateand/orregulatoryaudits?

Never

Once a year

Everysixmonths

Everyquarter

Everymonth

1-2days/quarter

3-7days/quarter

Over7days/quarter

Less than a day per quarter – it’s automated

We don’t do audits

Q.Howmuchtimedoesthenetworksecurityteamspendonfirewallaudits,bothinpreparation and in the audit itself?

12Annual Firewall Survey Report /14

Q. Do you know anyone who ever cheated on an audit?

Yes

No

Notenoughtime/resources

The areas they were auditingwereirrelevanttothebusiness

The audit was a waste of time

Worriedaboutthemselvesorsomeoneelselookingbad

Q.Ifyouanswered“Yes”tothepreviousquestion,pleaseexplainwhy

13Annual Firewall Survey Report /14

Q.Whatpercentageofyoursecuritybudgetisspentonitemsthatdon’timprove security?

Ahugeamount

Quite a lot

Alittle

Not much

I don’t know

Allthetime

Most of the time

For critical changes only

Never

Q. Do you test or simulate configuration changes for potential risk and compliance violationsbeforeyouimplementtheminproduction?

14Annual Firewall Survey Report /14

Conclusions

This report reveals that the role firewalls play in managing application connectivity is bothacauseandeffectofsweepingtrendsinenterpriseIT.Itisclearthatmoreneedstobedoneintermsofeducationandunderstandingoftheadvantagesthatfirewallsecurityautomationbringstothebusinessefficiencytableandhowitallowstherightsetoforganizationalprocessesbetweentherelevantstakeholderstobedefinedandimplemented.

LearnmoreabouthowTufinhasaddressedtheseenterpriseITtrendsfromthe2012launchofSecureApp,tothenewreleaseofTufinSecuritySuite(TSS),itsawardwinningSecurity Policy Management solution.

ReadtheSIXGroupcasestudytolearnhow–withSecureApp–theycannowreportdramatic improvements in application connectivity-related change management processes.

Jointhediscussionaboutthisreport,oranyothersecuritypolicymanagementissues.

Your Opinion MattersTwitter:http://twitter.com/TufinTechFacebook:http://www.facebook.com/TufintechGoogle+:https://plus.google.com/s/tufinLinkedIn:http://www.linkedin.com/companies/tufin-technologiesYouTube:http://www.youtube.com/user/TufintechTheTufinBlog:http://www.tufin.com/blog

About Tufin Technologies Tufin™istheleadingproviderofSecurityPolicyManagementsolutionsthatenablecompanies to cost-effectively manage their firewall, switch and router policies, reduce securityandbusinesscontinuityrisks,andensureContinuousCompliancewithregulatory standards. The award-winning Tufin Security Suite provides security teams with powerful automation that slashes the time and costs spent managing change andsuccessfullypassingaudits.Foundedin2005,Tufinservesmorethan1,100customers in industries from telecom and financial services to energy, transportation and pharmaceuticals. Tufin partners with leading vendors including Check Point, Cisco, JuniperNetworks,PaloAltoNetworks,Fortinet,F5,BlueCoat,McAfeeandBMCSoftware, and is known for technological innovation and dedicated customer service.

©2008,2009,2010,2011,2012,2013TufinSoftwareTechnologies,Ltd.Tufin,SecureChange,SecureTrack,SecureApp,AutomaticPolicyGenerator,andtheTufinlogoaretrademarksofTufinSoftwareTechnologiesLtd.Allotherproductnamesmentioned herein are trademarks or registered trademarks of their respective owners.