Most IT professionals believe their corporate firewall base rules are in a mess

(27/05/2009)

According to a survey conducted by Tufin Technologies, if you are unlucky enough to suffer a major security failure during the last 5 minutes of a major football match like tonight’s UEFA champions league, 39% of IT professionals say the problem will have to wait until the footie is over! On the flip side that does leave an incredibly loyal 61% who would right their company’s IT problems before watching the footie.

The survey was commissioned to find out attitudes into “Firewall Management & the Security Implications” and focused the survey at mainly IT security managers and technical staff from multinational organisations and government departments employing 1000 to 5000+. The key finding of the survey has found that 51% of IT professionals believe their corporate firewall base rules are in a mess.

The survey also found that 1 in 5 IT professionals admit that either they or a colleague has cheated to get an audit passed and a staggering 9% have avoided having any audit conducted on their firewall base rules. 63% only check and audit their firewalls from anything between 3 months to a year.

This does beg the question: are the billions of pounds that companies spend on firewalls actually doing what they are supposed to do to keep out the infiltrators?

Ruvi Kitov, CEO at Tufin Technologies said “If your firewall rules are out of synch, then it’s almost impossible to police and to gauge who has access to your network. Managing and configuring firewalls can be a nightmare without the right automation tools, which is why it’s no surprise to us that people are admitting that their firewall rules are in a mess and some are even cheating to get them through the audit process.”

The survey also found that 22% of firewall audits take anything from a few weeks to a few months, with 70% saying that their audits take a few days.

“From a security perspective with audits not being undertaken frequently and with many taking time to conduct, it can mean that many companies have firewalls that at best are running under par, and at worst, contain shadowed or obsolete rules that introduce unnecessary risk to the organisation such as potential violation from infiltrators who look for anomalies that they can break through,” said Kitov.

Tufin also found that more companies than ever before are buying IT hardware off e-bay, a discovery that a Tufin Sales Director found when he visited one of the biggest metal manufacturers in the world, who admitted to buying the majority of their IT products over auction sites such as e-bay. The Tufin survey found that almost a quarter of companies (24%) would buy from e-bay if it meant that they would save money.

“With the growing demands of compliance (PCI, SOX, Basel 11 etc) CISOs are finding compliance a labour intensive activity and a threat to the overall IT goal of reducing OPEX. With this in mind it’s interesting to see the growing number of companies who are prepared to buy second hand security equipment if they could save money and reduce costs,” said Kitov.

Clearly the area of cost savings are a high priority to all companies in the current economic climate, however in the area of IT security and compliance, 52% of companies have revealed that their organisation has not made them focus on cost cuttings as security and compliance are still a priority that budget will be allocated to, so that they will continue to meet all the growing compliance requirements.

Related topics:  Firewall   Security management and policies 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources