A list of rules defining access to and from certain locations or users to specific services or applications is still the basis of operation of all firewalls. Adding, deleting or modifying these rules is the most common change to a firewall. These changes happen at a staggering rate, with enterprises often editing more than 100 rules a week.
However, poor firewall management defeats the purpose of change by ineffectively controlling access and limiting visibility; poor management also increases the cost associated with security management. Changes in general, whether to a firewall, router, application or any other part of the IT infrastructure, and the potential misconfiguration of the equipment, is often the single greatest cause of network outages and data breaches.
The management of a firewall can be addressed with both short-term and long-term activities. Channel partners should position themselves as the experts, advisors and suppliers of solutions in the face of these problems. Customers look to the channel to provide education and guidance and as a result, resellers are well-positioned to provide the products and services to address this burden as a fully managed service and remove this management headache from businesses.
The problem with firewall administration
Managing firewalls configured with thousands of rules places a considerable burden on organisations to make sure that their firewall policies are implemented correctly. With a mix of firewall vendors and different administrators for different business units within the organisation, too often they are faced with poor-quality policies and unused rules, resulting in misconfiguration of network and security systems, errors, downtime, poor device performance, reduced security and increased risk.
Maintaining an effective, efficient and correct firewall policy is a continual process, which requires specialist knowledge and the ability to invest the time into management. There are two key items to consider:
Time / Effort / Cost: With limited time and resources to perform daily responsibilities, care and concern must be paid to how to reduce the effort necessary to achieve the goal of cleaning up the firewall policy.
Business Impact / Risk: Over 80 percent of all network outages are caused by change. Firewall change is particularly risky and has the potential to both open a network up to excessive risk and negatively impact business continuity.
How making changes to your firewall can leave you more insecure
Changes to enterprise firewalls are the result of administrative initiative, and sometimes, malicious intent or mistakes. Each change is an opportunity to improve the integrity of the security policy, but as firewall configurations grow more complex and less understandable, even planned changes are made without sufficient knowledge. That’s when a good change becomes a risky one.
Firewall changes should be managed with a firewall-aware technology and with a partner or specialist that understands the complexity of these systems. The ideal technology solution supports change management by: collecting all configuration changes in real time; offering a change management process specifically for firewalls; providing rule planning, review and verification tools to design and confirm configuration changes; and archiving all configuration changes with supporting documentation. The best solution also integrates into existing enterprise systems intelligently, and enables immediate, incremental documentation of policy changes.
Turning a product into a service
Specialist resellers can benefit from the need for businesses to adopt firewall management processes not only by offering the solution to its enterprise customers but also by recommending it as a managed service. This will unburden the customer from this time-intensive yet vital process of managing the security policies for the growing number and diversity of devices in the corporate network. Businesses are always looking to do more with less, but they can't risk lowering their security and compliance postures. By adopting a managed service offering for its firewall services, they can reduce security and compliance costs without lowering their guard, with the channel benefitting by adding real value to its customers by keeping it one step ahead of its competitors.
Juan Lyall is channel manager EMEA for FireMon
