It’s a mess, but someone has to clean it up
Join us for our free “Detoxify Your Firewalls” webinar on Sept. 23
In April this year the Deepwater Horizon drilling rig suffered an explosion that led to one of the worst oil spills in history, dumping an estimated five million barrels of oil into the Gulf of Mexico. The source of the oil has since been capped, but the mess remains. The spill has already caused extensive environmental damage and threatens further damage until it can be effectively cleaned up. The oil is not neatly isolated or easy to find, and even on the surface or in the wetlands where it is easy to spot, it is not trivial to clean up. In simple terms, it is a toxic mess.
There is a disturbing similarity between that disaster and the state of many firewall configurations. Firewall policies are too frequently a mess that needs to be cleaned up. Like the oil spill in the Gulf, the mess was not created overnight but gradually seeped into the policy through years of changes. The issues are not easily isolated in one section of the policy but spread throughout it, and they are not easy to spot in complex policies with nested object groups and hundreds of rules. Even easy-to-spot issues, such as rules that permit “ANY” service to access a server, are not easy to fix without affecting necessary business access. But firewall policy issues must be addressed, as they have severe implications for corporate and customer networks and put data at risk unless action is taken.
As long as a spotlight is not on the issue, it may be simple to ignore. Cleaning up a firewall is not a small task and can be easily overlooked in the midst of other priorities. However, the risk posed by avoiding this responsibility is high, and the task is no longer optional. Recent regulations such as PCI and NERC demand greater accountability for risk associated with allowed access to critical systems. Unmanaged and out-of-control firewall policies can no longer be ignored.
Requirements to audit all firewall rules on a bi-annual basis shine a spotlight on problems. Perhaps an unused rule that has been part of the firewall policy since anyone can remember, and that poses little perceived risk, seems harmless. Now, however, a real cost is associated with maintaining that rule. It must be reviewed. External auditors will ask questions, costing you time and money. And although one extra rule may not seem like a serious issue, thousands of extra rules spread throughout the enterprise are a real problem. And not all of these rules are risk-free. Some of the rules that serve no valid business function put your network and “protected” data at tremendous risk.
However, unlike the cleanup of the Gulf oil spill, the solution can be automated. Automated analysis ensures that mistakes in the firewall policy can be immediately identified and actionable steps defined to remove them without disrupting business. And excessively permissive rules that will undoubtedly cause audit issues can be refined automatically in minutes, rather than in days or weeks of manual effort.
To learn how you can begin to take steps to detox your firewalls, we invite you to attend our upcoming webinar, which will focus on three common firewall policy problems – rule usage, traffic flow and hidden rules – that we’ve spent a lot of time solving. During the webinar, our own Tim Woods, vice president of customer technology services, will demonstrate how one of our FireMon feature sets solves these problems. Tim will show how you can quickly and easily use these features to clean up your rule base, analyze traffic flow and discover hidden rules. Tim will also discuss how to get your firewalls into prime health to better enforce security and ensure compliance with leading regulations, including PCI DSS, HIPAA and NIST.
Please join us on Thursday, Sept. 23, for this free event. To register, click here. Register by Sept. 16 and you will be entered to win a free iPad – we will announce the winner at the end of the webinar.