Multi-device, multi-vendor IT security departments lack automation, grow risk

In an online survey of 127 IT security professionals undertaken by AlgoSec, a majority of respondents in midsized and enterprise organizations (55.3%) reported a security breach, system outage, or both, due to complex policies. Most cited “too many policies to manage” as the leading challenge (43.7%) in managing multiple devices. Meanwhile, in multi-vendor environments, about half cited “different expertise is required for each vendor” (49.6%) as a challenge.

The challenge is brought into focus when one considers that an overwhelming majority of survey respondents, 94.4%, use network devices from multiple vendors, and 57.1% have four or more vendor devices to manage. Nearly half have 50 or more devices.

"Information systems’ complexity has grown exponentially yet we continue down the same path - adding more and more layers of complexity," said independent information security consultant Kevin Beaver of Principle Logic LLC, in a statement. "Many IT managers and administrators couldn't tell you how secure their networks are because they simply don't know what's where and what's currently at risk. Complexity - and failing to acknowledge the complexity - are core contributors to the network security problems we face today."

Nonetheless, manual management is still the norm. Nearly 75% of organizations manage their network security manually, even among the largest companies. 51.2% manage their devices manually through each vendor’s console. Another 23.6% manage their network security per device. Again, the picture that emerges is one of an IT security team tasked with too much to oversee.

Consolidation, of course, would yield more simplicity and easier management. Among those who manage network security devices manually using vendor consoles, nearly 60% said that they believe that the greatest benefit of consolidating network security vendors would be simplified management.
Larger organizations tend to have more complex environments, with multiple vendors, many devices and many firewall rules. When it comes to numbers of each, 55.8% of enterprise organizations fell in the top half of the ranking, while only 11.8% of midsized organizations and 4.2% (1 out of 23) of small organizations fell in the top half.

So how complex is complex? About 41.8% of organizations of all sizes manage over 200 rules per firewall. And, as one might predict, a high number of devices correlates with a high number of vendors, but with some exceptions. In the group with less than 10 devices, 79% have relationships with three vendors or fewer. However, two of these respondents use six to 10 vendors, which equates to one or two devices per vendor. At the other extreme, of the respondents with 250+ devices, 56.5% have six vendors or more, and 39.1% have more than 10. Yet, one respondent (in the educational sector) manages more than 250 devices from one vendor.

Whatever the size profile, the trend remains the same: plenty of complexity, and not enough automation and consolidation when it comes to management, the survey concluded.

“The landscape of network security is only becoming more complex and difficult to manage, as security threats become more sophisticated and as new technologies are adopted,” AlgoSec researchers noted in the report. “More is not better when it comes to devices and vendors in a network security environment. When the environment grows so complex that policies are harder to manage and available personnel can’t handle the load, then bigger and better technology doesn’t mitigate risk—it creates risk. Security professionals who manage these complex environments have a new responsibility to simplify, in order to keep their digital assets safe.”

What’s Hot on Infosecurity Magazine?