Phil Schacter, managing VP, Gartner recently guest-hosted a Tufin webinar which talked about how complexity and change are affecting enterprises far more today than ever before and what businesses should be doing in order to combat the issues. What's clear from the webinar is that enterprise networks are more complex than ever. Increased adoption of IPv6, virtualization, cloud and BYOD and emerging technologies like software defined networks (SDNs) mean that networks are becoming more complex and heterogeneous (operating via devices from many different vendors). As a result, businesses are operating very intricate infrastructures, with sometimes hundreds of firewalls and network devices that need to be managed simultaneously. This is compounded by complex security rule sets which each need to be evaluated sequentially and unwieldy rules for each component.
It's also apparent that enterprise networks are not an environment conducive to change and yet conversely, they are subject to frequent change. While firewalls ensure network segmentation, network connectivity and network requirements are constantly changing, resulting in undetected unused rules which cause security risks and cluttered rule bases.
The impact of firewall changes in the foreground and background may not always be immediately obvious. And as permitted traffic flows increase, so does risk. With multiple networks it's also difficult to document network access policies across varying locations and time zones to ensure they comply with compliance regulations like SOX and PCI and don't expose vulnerable systems.
Phil concluded that dealing with such changes manually on a daily basis is almost impossible and this results in a loss of agility and inevitable 'human error' which increases the potential for service outages and downtime. Additionally, change implementation requires expensive technical resources and it's difficult to document the enforcement of access controls.
These points considered, there are obvious benefits to using automation to manage the network security change process. It provides a standard workflow for every change from requesting to documenting, specifying and approving changes and can generate the change instructions of commands, simulate the impact of the change and track the implementation for cached network devices.
Check out the webinar for Phil's useful recommendations for enterprises battling with complex network security and how you can benefit from implementing an automated approach.