93% of the Respondents Conduct Firewall Audits Manually;
60% Cited Lack of Time is the Weakest Link in Network Security;
Reported Cheating on Audits Has Doubled Since 2010
November 15, 2011 - Tufin Technologies,
the market-leading provider of Security Lifecycle Management
solutions, today announced the results of its annual firewall
management survey. Having sampled 100 network security
professionals directly involved in firewall management and
auditing, this year's survey reveals that manual processes - and
the time constraints they create - are the biggest challenge facing
today's network security professionals.
Despite confirmation that regulatory and corporate compliance
requirements such as SOX, PCI DSS and ISO 27001 are driving
security operations, only 7% of the sample automates the firewall
audit process. As a result, 40% of organizations spend up to a
month or more a year on firewall audits. With 85% of respondents
reporting that up to 50% of firewall rule changes require
modification because they were not designed correctly, it comes as
no surprise that 67% believe their change management processes put
them at risk of a breach.
"This year's survey reveals that, more than budget constraints
or any other factor, time is the security manager's most precious
resource," said Shaul Efraim, vice president of Marketing and
Business Development, Tufin Technologies. "We were surprised to
learn that half the sample is still doing basic tasks manually such
as tightening up permissive rules, looking for shadowed rules or
recertifying rules. There is no benefit to having experienced
administrators spend their days searching for needles in haystacks.
Automating these tasks saves a significant amount of time and
money, dramatically increases the accuracy and efficiency of
operations, and improves the organization's overall network
security posture. And, with 86% of the sample managing or planning
to manage Next Generation Firewalls in the next 12 months, the time
to do it is now."
Perhaps the greatest indicator that the problem is reaching
critical mass is that 22% of the sample knew of someone that
cheated on an audit, citing lack of time as the main reason - up
from 10% in Tufin's April 2010 survey. Also disturbing is how many
organizations don't audit their firewalls at all - almost a quarter
of the sample (23%) has never conducted a firewall audit.
The survey also unearthed interesting trends across all three
components of Security Lifecycle Management: Firewall Operations,
Risk Management and Compliance, and Security Change Automation.
- In addition to those network security managers that don't
perform firewall audits, 11% have no idea how much time it takes to
- 84% of the sample either has no way of knowing when a firewall
rule needs to be recertified or decommissioned (41%), or manages
the process manually (43%.)
- Almost half the sample - 47% - locates redundant or overlapping
rules manually; almost 20% have no way of locating them at
- While the number one reason for cheating on audits was lack of
time, it was followed with two other reasons: that the parameters
of the audit were irrelevant to the business (30%), and concerns
that the network security the team would look bad (also 30%.)
Security Change Automation:
- 28% reported that it takes them on average, several hours to
several days to design a
firewall rule change.
- Despite the time spent crafting rule changes, 85% reported that
up to 50% of firewall rule changes require modification later on
because they were not designed correctly.
- 66% of the sample felt their change management processes do or
could place the organization at risk of a breach. The main reasons
cited were lack of formal processes (56%), followed by manual
processes with too many steps or people in the process (29%).
"Despite our success, this survey reveals the maturity curve for
Security Lifecycle Management is still on the upswing," said Mr.
Efraim. "Without process automation, auditing network security
systems - especially as organizations continue to use more
firewalls in virtualized environments and embrace Next Generation
firewalls - is simply not possible. 60% of the sample cited lack of
time as the weakest link in their network security. If that is not
business justification for automating fundamental but time
consuming, error prone, network security processes, then what
Tufin's firewall management survey was executed online via
Survey Monkey, and sampled 100 administrators worldwide from
companies ranging from less than 500 people (40%) to more than
5,000 (30%) in a wide range of verticals including
telecommunications, financial services, energy, pharmaceuticals,
About Tufin Technologies
Tufin™ is the leading provider of Security Lifecycle Management
solutions that enable companies to cost-effectively manage their
network security policy, comply with regulatory standards, and
minimize IT risk. With the award-winning Tufin Security Suite,
security teams are successfully managing firewall operations and
performing audits and risk assessments - often in half the time.
Founded in 2005 by leading firewall and business systems experts,
Tufin serves more than 800 customers in industries from telecom and
financial services to energy, transportation and pharmaceuticals.
Tufin partners with leading vendors including Check Point, Cisco,
Juniper Networks, Palo Alto Networks, Fortinet, F5, Blue Coat,
McAfee and BMC Software, and is known for technological innovation
and dedicated customer service.
For more information visit www.tufin.com, or follow Tufin