printer friendly version

Change management could lead to a network security breach

Tufin Technologies has found that 75% of organisations believe their current change management processes could put them at risk of a security breach. Having sampled 100 network security professionals directly involved in firewall management and auditing, this year’s survey reveals that manual processes - and the time constraints they create - are the biggest challenge facing today’s network security professionals.

Despite confirmation that regulatory and corporate compliance requirements such as SOX, PCI DSS and ISO 27001 are driving security operations, only 7% of the sample automates the firewall audit process. As a result, 40% of organisations spend up to a month or more a year on firewall audits. With 85% of respondents reporting that up to 50% of firewall rule changes require modification because they were not designed correctly, it comes as no surprise that 67% believe their change management processes put them at risk of a breach.

“This year’s survey reveals that, more than budget constraints or any other factor, time is the security manager’s most precious resource,” said Shaul Efraim, vice president of marketing and business development, Tufin Technologies. “We were surprised to learn that half the sample is still doing basic tasks manually such as tightening up permissive rules, looking for shadowed rules or recertifying rules. There is no benefit to having experienced administrators spend their days searching for needles in haystacks. Automating these tasks saves a significant amount of time and money, dramatically increases the accuracy and efficiency of operations, and improves the organisation’s overall network security posture. And, with 86% of the sample managing or planning to manage next generation firewalls in the next 12 months, the time to do it is now.”

Perhaps the greatest indicator that the problem is reaching critical mass is that 22% of the sample knew of someone that cheated on an audit, citing lack of time as the main reason – up from 10% in Tufin’s April 2010 survey. Also disturbing is how many organisations do not audit their firewalls at all - almost a quarter of the sample (23%) has never conducted a firewall audit.

The survey also unearthed interesting trends across all three components of security lifecycle management: firewall operations, risk management and compliance, and security change automation. Highlights include:

Tufin’s firewall management survey was executed online via Survey Monkey, and sampled 100 administrators worldwide from companies ranging from less than 500 people (40%) to more than 5000 (30%) in a wide range of verticals including telecommunications, financial services, energy, pharmaceuticals, and transportation.

Share this article:

Further reading: