Get to know us better! Gain valuable insights into how we think by visiting our blog, or take a look at the industry events we're frequenting on our events page. You can also geek out with us by attending one of our security management webinars, or dive head first into the products and solutions we provide in our Resource Library. There's lots to keep you busy!
Unless you’re under a rock, you know that the WannaCry Ransomware cyberattack swept worldwide headlines last week.
Organizations scrambled to apply the latest Microsoft security patch to their computers to prevent the spread of the attack. It’s estimated that the ransomware attack hit more than 300,000 victims in 150 countries.
Firewall rules don't get added because a security engineer thinks it would be fun to add a rule. They usually get added because there was a business demand for new access. And that request for new access is not always well defined; I need to get access to the new ERP system. Just you or your team? To just the front end or the back end too? What kind of access? Some of these questions may get answered if time permits, but necessity of access NOW may override the perceived luxury of security.
Too often, business needs trump security prudence. Rules get added to firewalls that permit too much access. A rule to that new ERP system may allow access from the user's network to both the front end and back end with 'ANY' service. The access works; the business is happy; but you know security could be better.
So why not just go back and fix it? Time of course is one consideration. When do you ever have extra time to improve something that is already working. A second consideration is your own job. Security of the network is important, but job security isn't bad either. Although refining the overly permissive rules in a firewall is good for security, blocking business access to a critical resource is detrimental to your own job security. And that is a likely consequence if a project to refine access in a firewall is undertaken without significant care.
It is possible to secure both: the network and your job. Refining access is such a risky proposition because it requires such in-depth knowledge of required access. One solution to the problem is to use a Traffic Flow Analysis from FireMon that will automate the traffic analysis through these rules to identify the actual used traffic patterns. Once analyzed, it is possible to refine the existing rule, drastically reducing the access permitted.
Of course, the simple determination that a rule is used does not mean it is necessary. A full review of the business need and an acceptance of risk are necessary to fully justify the necessity of any remaining access. Rule review is a complicated effort, and one that should be undertaken. That is a big project and a topic better left to another post.
In the meantime, improve the security of your network without risking your job.
So you’ve purchased a new firewall. Now what?
You’ve got to decide which access is allowed, which isn’t allowed and whether or not rules are compliant with internal and regulatory standards.
Things are running along smoothly and then the dreaded “change.” A user submits a new access request and the fun begins. Is this access necessary? Safe? Compliant? And what happens when it’s time to retire unused rules?
How Effective Security Management Can Help Teams Cover the Exponentially Increasing Gap between Technology & the Resources Available to Manage It
Security teams today are under tremendous pressure due to the rising frequency and impact of breaches and a business that wants to move faster and faster. The answer to both of these challenges has always been to add more technology and staff resources.
However, each new technology added creates complexity. More rules are created and more data is generated. As networks continue to evolve, this complexity will only grow. And while staff resources may increase, they will never match the exponential growth of technology.
FireMon calls this phenomenon The Complexity Gap and has set out to help security teams close it.
Join us for this webinar with Frost & Sullivan where we’ll explore the causes of “The Gap” and how workforce multipliers such as intelligence and automation help staff manage their security more efficiently and more effectively.
Helping Enterprise Security Teams Improve Resource Efficiency & Reduce Overall Risk Exposure
Firewall technology has come a long way since its initial, most rudimentary forms. Next-Generation Firewalls (NGFW) are the latest development, and organizations are accelerating adoption to the new technology. But NGFWs aren’t a fix-all solution.