AlgoSec is the market leader in network security policy management. AlgoSec enables security and operations teams to intelligently automate the policy management of firewalls, routers, VPNs and other network devices, improving overall security while reducing costs. In addition to greatly improving their network security, our customers typically report a 60% improvement in network operations, 50% reduction in audit preparation time and a 50% reduction in the time required to process security policy changes.
In the following interview, Dr. Avishai Wool, CTO, AlgoSec discusses 1:1 with Rake Narang, Editor-in-Chief of Info Security Products Guide, why organizations must turn to automated tools that can discover risks in the policy, flag unused and duplicate rules, and even reorder rules for optimal performance.
Rake Narang, Editor-in-Chief: How serious is the current threat scenario for businesses? What challenges do most businesses that deploy firewalls really face?
Dr. Avishai Wool: Misconfigured firewalls pose a number of serious threats to businesses. First and foremost, there is the risk that an attacker would be able to penetrate the firewall, reach the organization’s network, and access sensitive resources. According to analyst reports, 80% of the firewalls examined in a breach investigation are misconfigured, and are not properly blocking traffic that they should.
But the challenges do not stop there. Because of the critical role firewalls have in protecting an organization’s networks, firewall policy management is often regulated and subject to audit. Failing a firewall audit can have a serious impact on an organization’s business, up to personal accountability of senior executives (e.g., in the case of non-compliance with SOX) or restrictions on credit-card processing (in the case of non-compliance with PCI-DSS). To ensure compliance with the relevant regulations, organizations must use the right technical solutions.
Finally, since firewalls must filter all traffic going into and out of the organization, they need to work efficiently or risk becoming a traffic bottleneck. Therefore their policies need to be cleaned up to eliminate any “policy clutter” that accumulates over the years (rules that are no longer being used, conflicting or redundant rules and objects, etc.) |
Rake Narang: What exactly is the root cause of most firewalls ending up being misconfigured? And why are manual changes to security policy not really the best bet here?
Dr. Avishai Wool: There are several factors that contribute to firewall misconfiguration. For starters, firewalls are one of the oldest technologies deployed for protecting the network. Over the years, firewall policies accumulate thousands and even tens of thousands of rules and objects. While new rules are constantly added to protect against new threats and meet evolving business needs, old rules are seldom deleted in fear of disrupting business applications or introducing risks.
To make matters worse, most enterprise environments include firewalls from different vendors that are configured differently. These firewalls are often geographically distributed and managed by different teams. Given this complexity, it is not surprising that manually managing a complex firewall policy proves nearly impossible. There are simply too many rules and objects, too many traffic variations and too many potential risks for humans to manually analyze.
Rake Narang: What are some of the major challenges of firewall policy management and what steps can businesses take to address them?
Dr. Avishai Wool: Firewall policy management introduces challenges at a number of levels. From a security perspective, organizations need to assess the risks in their policy, and ensure unwanted traffic is blocked. From a compliance perspective, firewall policies need to comply with relevant regulations such as PCI-DSS or SOX, as well as internal mandates. Finally, firewall policy management also has important implication for network operations. A bloated ruleset negatively impacts firewall and network performance, and complicates the introduction of changes which results in slow IT response to business needs.
To effectively manage firewall policies, organizations must turn to automated tools that can discover risks in the policy, flag unused and duplicate rules, and even reorder rules for optimal performance. Automating the change process, by ensuring changes are implemented in an optimal fashion and without introducing new risks or breaking compliance, also hold tremendous benefits for organizations.
Gartner predicts, “by 2015, tools and automation will eliminate 25 percent of labor hours associated with IT services”, and firewall policy management is certainly a worthy candidate. |
