Get to know us better! Gain valuable insights into how we think by visiting our blog, or take a look at the industry events we're frequenting on our events page. You can also geek out with us by attending one of our security management webinars, or dive head first into the products and solutions we provide in our Resource Library. There's lots to keep you busy!
Unless you’re under a rock, you know that the WannaCry Ransomware cyberattack swept worldwide headlines last week.
Organizations scrambled to apply the latest Microsoft security patch to their computers to prevent the spread of the attack. It’s estimated that the ransomware attack hit more than 300,000 victims in 150 countries.
For years, firewall managers have been required to justify why a firewall rule was added to the rule base. In the past, lots of us met that requirement by putting the change control ticket number in the “comments” column of the rule. That method worked for a while, but now that regulations like PCI and NERC require firewall managers to produce the full documentation multiple times a year, we need a new answer – one that does not require days of manpower. One that will survive the next time we change ticket systems (and yes, we will change ticket systems… again).
As security professionals, we don’t hold the responsibility for the risk that any access poses, the business leaders do. But we are responsible for advising on risks that are incurred and presenting the information on why our risk posture is the way it is.
So, explaining our access in terms that the business can understand is critical. If all that we know is a technical definition (like some internet IP address has access to some internal server using SSH), we don’t know very much. But, if we capture the justification for why that rule was put in, then we know “a consultant needs remote access to patch a critical application vulnerability.”
The second example shows the information our businesses need to make good risk decisions. It also gives us the information we need to ask the right technical questions, like, “Does that consultant still require access?”
Spreadsheets & Databases Don’t Work
I know a lot of companies have been documenting their firewall rules with spreadsheets and databases. Those are good point solutions, but they don’t scale for two big reasons: the rules move around, and the updates are still manual.
Firewall rules move, so tracking them based on rule number or position does not work. If you’ve tried this and created documentation, and then revisited that documentation a month later, you can barely recognize the work because the rule base has changed so drastically.
The manual nature of spreadsheets and databases is problematic as well. Updates are often made as an afterthought at end of the change process. These manual updates are difficult to enforce as integral parts of the change process, and so they remain inconsistent afterthoughts.
FireMon knows that good documentation is the cornerstone of firewall management. Making a decision about when to keep access in place or take it out is rarely a purely technical decision. Easily and quickly knowing who that access supports and what the access is providing is the basis for making any good decision.
FireMon’s solution integrates with the appropriate data sources (like change management and vendor administration tools) so that you can create documentation naturally, inside of a normal business process. It tracks the rules as they move up and down the rule base and keeps the documentation tagged to the right rule. And it fully reports on the data, including identifying those changes that were not documented.
From my experience, spreadsheets can’t fully report on anything. If yours can’t either, learn more about FireMon’s rule documentation capabilities at http://www.firemon.com/ruledocumentation.aspx.
So you’ve purchased a new firewall. Now what?
You’ve got to decide which access is allowed, which isn’t allowed and whether or not rules are compliant with internal and regulatory standards.
Things are running along smoothly and then the dreaded “change.” A user submits a new access request and the fun begins. Is this access necessary? Safe? Compliant? And what happens when it’s time to retire unused rules?
How Effective Security Management Can Help Teams Cover the Exponentially Increasing Gap between Technology & the Resources Available to Manage It
Security teams today are under tremendous pressure due to the rising frequency and impact of breaches and a business that wants to move faster and faster. The answer to both of these challenges has always been to add more technology and staff resources.
However, each new technology added creates complexity. More rules are created and more data is generated. As networks continue to evolve, this complexity will only grow. And while staff resources may increase, they will never match the exponential growth of technology.
FireMon calls this phenomenon The Complexity Gap and has set out to help security teams close it.
Join us for this webinar with Frost & Sullivan where we’ll explore the causes of “The Gap” and how workforce multipliers such as intelligence and automation help staff manage their security more efficiently and more effectively.
Helping Enterprise Security Teams Improve Resource Efficiency & Reduce Overall Risk Exposure
Firewall technology has come a long way since its initial, most rudimentary forms. Next-Generation Firewalls (NGFW) are the latest development, and organizations are accelerating adoption to the new technology. But NGFWs aren’t a fix-all solution.