First introduced in the late 1980s, the firewall is one of the original network security tools — and it remains one of the most important. However, improperly maintained firewalls open the door to security breaches and regulatory failures.
Firewalls exist to prevent unauthorized network access. Naturally, they have become more complex and sophisticated in response to increasingly treacherous threats. Today’s next-generation firewalls (NGFWs) offer a far more comprehensive set of security features than their precursors. With that comes the need for greater levels of monitoring, management and updating.
Many organizations aren’t meeting those requirements.
Security experts say that too many organizations fail to update their firewalls or conduct basic maintenance. In-house IT staff may struggle with complex firewall interfaces, which increases the likelihood of misconfigurations.
Firewall Misconfigurations Create Risk
Modern firewalls offer robust protection against cyberattacks — if they’re configured properly. However, multiple studies have shown that misconfigured firewall rules create security gaps and vulnerabilities. According to Gartner analysts, misconfigurations cause 99 percent of all firewall breaches.
An alarming case in point: Leak-Lookup, a service that allows people to search for information compromised in data breaches, suffered a breach itself that exposed 26 billion records. Leak-Lookup attributed the incident, which is being called the Mother of All Breaches, to a firewall misconfiguration.
Many organizations also neglect the regular audits needed to ensure that firewalls are up to date and working properly. Surveys find that most organizations audit their firewalls no more than once a year, and up to 20 percent never audit. There are also reports of widespread cheating on audits by organizations that feel the process is too complex and time-consuming. In many cases, those who say they audit their firewalls are doing nothing more than checking a box indicating there is a firewall in place.
The Importance of Firewall Audits
Failing to audit is risky on a number of fronts. In addition to increased exposure to security threats, organizations can also face significant penalties for regulatory violations. PCI-DSS, HIPAA, SOX and many other data security and privacy standards include firewall audits as part of the compliance requirements.
In truth, conducting a rigorous firewall audit is time-consuming and complex. It should involve a thorough examination of the firewall rule base, an assessment of the change process and an analysis of activity logs to identify rule violations and abnormal traffic patterns. An audit should also identify outdated access rules and encryption protocols, decommissioned systems, unneeded user accounts and more.
While absolutely vital, such a thorough process is a burden for organizations with limited IT staff. Without dedicated expertise, an IT generalist isn’t likely to know how current the firewall policy is, whether rules need updating or whether configuration changes have been properly tested.
Managed Services Can Relieve the Burden
This is why more organizations are turning to managed service providers for firewall management. Qualified MSPs have expertise in firewall configuration and management and can ensure that firewalls are properly patched, updated and audited.
Additionally, ongoing monitoring will produce much greater insight than most organizations ever get from their firewalls. The MSP will respond to alerts indicating potentially threatening events and review logs to identify potential problems. Best-in-class MSPs provide regular reports about firewall security and performance and will recommend upgrades as needed to support growing numbers of users and devices.
A firewall is one of the oldest and most important elements of network security, but it isn’t a set-and-forget solution. It requires careful configuration, continual monitoring and ongoing updates. Verteks can monitor, administer and support your firewalls through our managed security services. It’s all part of a comprehensive strategy designed to thwart even the most advanced threats while improving regulatory compliance.