A network security consultant recalls receiving a phone call from an irritated customer just a few days after a firewall installation project. “I think your firewall is messed up,” the customer grumbled. “My office is getting really hot.”
Of course, network firewalls have nothing to do with actual fires, but the story serves as a reminder that not everyone in an organization is technology-savvy. That can be a problem when it comes to firewalls. Configuration errors and rule base weaknesses can create gaping security holes.
Although many organizations think firewalls are plug-and-play solutions, they must be updated and patched regularly. However, firewall interfaces tend to be complex and not very intuitive, increasing the likelihood of mistakes.
Costs and Risks
According to a recent study conducted by Coleman Parkes Research, network misconfigurations, including firewall misconfigurations, cost organizations about 9 percent of revenue, and the true cost is likely higher. Survey respondents reported identifying an average of 59 misconfigurations in the preceding 12 months. Three misconfigurations were “critical” issues that could have caused a serious security breach.
In light of the risk, 92 percent of IT teams said validating configurations is a Top 3 priority. However, 51 percent assess configuration settings just once a year, with another 16 percent performing assessments about once every six months.
Organizations without the expertise or manpower for dedicated firewall management should strongly consider a managed firewall service to reduce their risk. A managed firewall service provides updates, tuning and around-the-clock monitoring by security experts with specific expertise in firewall configuration and maintenance.
Benefits of Managed Services
The service provider can work with you to determine your unique requirements, guide you through the process of crafting appropriate policies and rules, and then configure and implement your firewall solution. Updates and patches are applied remotely.
Ongoing monitoring will produce much greater insight than most companies ever get from their firewalls. Your service provider will review and analyze logs and events and provide regular reports about firewall performance, active users and traffic patterns. Any potentially threatening trends will generate immediate alerts.
In addition, a managed firewall service can help you meet compliance requirements for key business regulations. For instance, firewall log management and policy documentation are among the key requirements of the Payment Card Industry Data Security Standard (PCI DSS).
Most importantly, a service provider can help you implement a next-generation firewall (NGFW) solution. Along with traditional firewall capabilities such as packet filtering, network address translation and URL blocking, an NGFW adds more robust features such as intrusion prevention, deep-packet inspection, inspection of encrypted traffic and reputation-based malware detection.
However, the key distinction is that an NGFW is application-aware, meaning it can distinguish one application from another and make smarter blocking decisions based upon very specific criteria. That is a critical capability, considering that 80 percent of attacks today happen at the application layer, according to some estimates.
A firewall is an indispensable element of any company’s network security, but it isn’t a set-and-forget solution. It requires careful configuration, continual monitoring and ongoing updates. IronLogix offers managed firewall services that can help you maintain a solid perimeter defense while improving regulatory compliance. We can help you take advantage of an advanced NGFW platform, and monitor and manage your firewall to ensure maximum protection for your business.