In the second of this three-part series examining the stages of firewall management maturity, we look at next generation firewall technology. Read More
Firewall Management Maturity Stage 1: Basic Firewall ManagementIn the first of this three-part series examining the stages of firewall management maturity, we look at traditional firewall technology. Even for organizations just looking for the minimum value from a basic firewall solution, there is work involved. By: Leo Kershteyn
The marketplace is flooded with numerous security products, and in the midst of the latest and greatest thing capturing the market's attention, the firewall almost has become an afterthought. And that's understandable. A firewall comes with base configuration instructions that provide some level of immediate protection. That's why more often than not, it is not configured by a security professional.
But even for companies who require the basics, those out-of-the-box settings aren't enough. The plug-and-play approach may not protect you.
Our experts know this as well as anybody – we have managed firewall appliances from the vast majority of the major vendors and monitored firewall traffic for nearly two decades, and we have watched firewall functionality expand exponentially. At the end of the day, the firewall remains one of the key components of any company's security approach and should be configured to take full advantage of all its functionality.
Straight out of the box, firewalls come with the aforementioned base policy configuration designed to get a new client up and running. Our experience is once traffic begins traversing through the firewall, the inevitable question arises – has it been configured effectively, and does it provide optimal protection based on the vendor guidelines and the specific client environment?
That's why one of the first things we do is conduct a firewall policy audit. During the audit, we look for policy conflicts, aging and many other factors that can impact firewall's ability to effectively secure the network.
Firewalls also produce a lot of event data. Some of it is benign. Some of it could represent a valid security or a system health risk. Maybe what appears to be a threat turns out to be a false positive or even worse, a false negative? Without a robust SIEM or expert analysis, it is hard to tell. It's important to have the ability to correlate events to attack vectors, then know what actions to take to protect your environment. These could result in changes to the firewall policy or trigger a health ticket. And if you're doing it without help, it's up to your IT staff (or security staff if you can afford it) to have the expertise – and time – to figure it out.
Hiring security experts to join your team is easier said than done. A recent study predicts there will be 1.8 million unfilled cybersecurity jobs in the next five years, a 20 percent increase from 2015 estimates. Companies need that expertise to manage firewalls for full effectiveness, and not just during business hours, but after hours and on weekends (threat actors do not work 9-to-5). Experience on one firewall brand often does not translate to another brand. Different firewalls possess different capabilities that your staff may understand, or may not. Partnering with a cybersecurity company provides the breadth of knowledge gained from working with diverse environments and their relationship with leading product vendors.
Even with basic firewall technology, the task of getting the most effectiveness out of your investment grows over time as network usage and need for more advanced features increases. There also are maintenance activities, policy auditing, adding and deleting rules, patching and updates required to make sure your firewall is operating at peak efficiency and engaging the vendor to resolve bugs. When faced with these unexpected complexities, many companies can benefit from third-party expertise to help move toward security success, even for seemingly simple firewall environments.
 Global Information Security Workforce Study, Center for Cyber Safety and Education and (ISC)2, 2017