“Misconfiguration” – New Code Word for Human Error, Sets Stage for Increased Automation

Tim Woods

Digging into the results of our sixth annual 2019 State of the Firewall Report, it came as no surprise that a lack of automation remains a key challenge for security teams. But more significantly, it’s leading to firewall misconfigurations due to human error—the kind that raise the risk of a data breach.

It’s a widespread problem too. This year’s report had more respondents than ever and the misconfiguration theme resonated with many people responsible for security at their organization, whether as a C-level executive or someone in the operational trenches, all of whom are dealing with a lot of manual changes to firewalls—anywhere from 25 to hundreds per week. When you’re steering a massive ship in stormy seas, you’re bound to end up with water where it doesn’t belong.

The recent Capital One breach is an excellent example, as it was in fact an Amazon Web Services (AWS) breach because of a security services misconfiguration. While AWS has distanced itself by stating the system worked as designed and that it came down to human error, it was still a firewall misconfiguration that caused the breach. It’s a phenomenon that has been quantified by research from Gartner, which states that “through 2023, 99% of firewall breaches will be caused by firewall misconfigurations, not firewall flaws.1”.[1]

As the volume of manual firewall changes increases, the lack of automation FireMon saw in the latest State of the Firewall Report will manifest into more misconfigurations because the law of averages dictates human error will creep in no matter how skilled and seasoned your security crew is.

Security Teams are Flooded by Manual Processes

This year’s report corrals the insight of 573 respondents, including network and security engineers, IT operations managers, C-level executives and others on why it’s more necessary than ever to automate processes to prevent misconfigurations and data breaches.

FireMon’s 2019 State of the Firewall Report illustrates how the significant reliance on manual processes that result in misconfigurations and inaccuracies that require rework are putting additional burden on resource-strapped security teams. Just as most firewall breaches are found to be caused by misconfigurations, not firewall flaws, Gartner states that “by 2021[2], 50% of enterprises will unknowingly and mistakenly have some laaS storage services, network segments, applications or APIs directly exposed to the public internet, up from 25% at YE18.2

Our latest survey found a shocking 65 percent of respondents are not using automation to manage their environment, while 36 percent said inaccuracies, misconfigurations or issues on the network account for 10 to 24 percent of the changes that require rework. It also found 45 percent of respondents process between 10-99 change requests each week, and of those, 57 percent indicated manual processes are used as part of the firewall change. These manual processes are often a part of broader, ad-hoc change management process that involve email requests to firewall administrators and spreadsheets. However, even if the change management system is automated, including rule engineering, pre-change assessments and approvals, the technical firewall change remains a manual task.

More Deckhands Doesn’t Mean Smoother Sailing

With the increasing complexity of security in the multi-cloud era, throwing more people at the problem—assuming you have the budget, of course—is not a long-term solution. While you may able to keep the ship on an even keel during calm seas, when a storm hits, getting every manual configuration correct becomes a lot more challenging. That storm could be a major application deployment or hardware upgrade, or increased transactions on your network because the business is in the middle of its busy season, such as a financial services company at tax time or online retailer between Black Friday and Boxing Day.

The problem is the stormy weather rarely lets up. Many organizations are already faced with an insurmountable amount of complexity combined with tremendous firewall bloat because of high volumes of rules, unused rules and redundant rules—all of this unnecessary junk creeps into firewalls over time. And when waves never stop crashing over you, you’re bound to make a mistake, and the business risk goes up.

To continue the marine analogy, a sailing ship requires that a crew works together, adjusting the sails and rudders in concert, but unlike boats on the water, many organizations are seeing a great deal of fragmentation of responsibilities that aren’t well coordinated, in large part because there’s a lack of automation.

And because of the acceleration of business, application owners are starting to take responsibility for their own deployment, including their data security controls. However, no one is navigating with the same map. With so many hands on deck managing security control configurations manually, the ramifications of not automating are further amplified.

To learn more about our 2019 State of the Firewall report, here are a few resources:

Webinar: FireMon will host a live webinar, 2019 State of the Firewall, Thursday, November 14 at 1 p.m. CT
The Report: Download the 2019 State of the Firewall Report
The Data: Download the key findings in an infographic
Social Media: Track the conversation #SoFR19

1 Kaur, Rajpreet, Hils, Adam, and Watts, John. “Technology Insight for Network Security Policy Management.” Gartner, Inc. 21 February 2019.
2 MacDonald, Neil. “Innovation Insight for Cloud Security Posture Management.” Gartner, Inc. 25 January 2019.