The obvious conclusion here, Infosecurity notes, is that automating the firewall audit process would ease up the time constraints. It’s also interesting to note that 75% of the organizations surveyed believe that their current change management processes could put them at risk of a security breach.
Delving into the survey results reveals that 28% of organizations reported that it takes them on average, several hours to several days to design a firewall rule change.
In addition, despite the time spent crafting rule changes, 85% reported that up to 50% of firewall rule changes require modification later on because they were not designed correctly.
66% of the sample, meanwhile, felt their change management processes do or could place the organization at risk of a breach. The main reasons cited were lack of formal processes (56%), followed by manual processes with too many steps or people in the process (29%).
According to Tufin, which specialises in security lifecycle management - with automated audits being high up on its agenda – the annual survey results show that manual processes, and the time constraints they create, are the biggest challenge facing today’s network security professionals.
In addition, despite confirmation that regulatory and corporate compliance requirements such as SOX, PCI DSS and ISO 27001 are driving security operations, only 7% of the sample said they automate the firewall audit process.
As a result, Tufin says 40% of the 100 organizations surveyed spend up to a month or more a year on firewall audits. With 85% of respondents reporting that up to 50% of firewall rule changes require modification because they were not designed correctly, it comes as no surprise that 67% believe their change management processes put them at risk of a breach.
Shaul Efraim, the firm’s vice president of marketing and business development, said that the annual survey results reveal that - more than budget constraints or any other factor - time is the security manager’s most precious resource.
“We were surprised to learn that half the sample is still doing basic tasks manually such as tightening up permissive rules, looking for shadowed rules or re-certifying rules. There is no benefit to having experienced administrators spend their days searching for needles in haystacks”, he said.
“Automating these tasks saves a significant amount of time and money, dramatically increases the accuracy and efficiency of operations, and improves the organization’s overall network security posture. And, with 86% of the sample managing or planning to manage next generation firewalls in the next 12 months, the time to do it is now”, he added.
28% of respondents also reported that it takes them on average, several hours to several days to design a firewall rule change and, despite the time spent crafting rule changes, 85% reported that up to 50% of firewall rule changes require modification later on because they were not designed correctly.
66% of the sample felt their change management processes do or could place the organization at risk of a breach. The main reasons cited were lack of formal processes (56%), followed by manual processes with too many steps or people in the process (29%).
Efraim said that the survey revealed the maturity curve for security lifecycle management is still on the upswing.
“Without process automation, auditing network security systems - especially as organizations continue to use more firewalls in virtualized environments and embrace next generation firewalls - is simply not possible. 60% of the sample cited lack of time as the weakest link in their network security”, he said.
“If that is not business justification for automating fundamental but time consuming, error prone, network security processes, then what is?”, he added.