Firewalls have become the forgotten part of security and yet they are still the place an admin reaches goes in a crisis.
Firewalls have become a surprisingly disregarded part of enterprise security. Every enterprise has anything from dozens to hundreds of them and yet they are often only noticed when something is going wrong. Arguably, their success has also moved the problem to other parts of the stack such as users and applications which explains why firewall products have expanded their reach to encompass so many new features.
As firewalls have become more and more complex, management has turned from inconvenience to risk. This is the crux of the challenge they create. They need constant adjustment, tending and management. A firewall is never right or if it is, that doesn't apply for very long.
As Jody Brazil, co-founder and former CEO of firewall management firm FireMon describes the issue: "We started with the observation that you can buy awesome technology but it will fail to protect the enterprise if it's not configured correctly."
Are firewalls still important? Too many firewalls, not enough time
The growing complexity of security infrastructure has been an issue for as long as anyone can remember but it is only recently that people have started to understand that this isn't simply inconvenient and time consuming but has a direct effect on security. These days, organisations deploy several layers of security but firewalls are always at the heart of any network and it is here that the complexity issue began to get out of hand.
It starts with the sheer number of firewalls some enterprises now have to manage. Organisations with anything up to 100 can count themselves lucky but according to FireMon the largest firms might these days have thousands or even tens of thousands of firewalls doing traffic inspection, a growth driven by ever greater network segmentation and the rise of virtual appliances in the cloud and the evolution of Software Defined Networking (SDN). A lot of this traffic and growth is termed 'east-west', that is between servers in the datacentre.
It seems easy to add more virtual appliances to keep traffic from different address ranges discrete but that comes at the price of management complexity.
Solution: There is no easy in on this one - the number of firewalls, especially virtual appliances is set to spiral and organisations should adapt to this reality. In this context, security management is not a way of enabling security, it is security. Obsolete rules and weak out-of-date policies must be identified and ruthlessly culled.
Firewalls have become hard to understand
The word firewall is the same as it's always been and yet today's appliances have quietly morphed into very different systems. On the back of the next-generation firewall and Unified Threat Management (UTM) movement, new security features were added such as (IPS), application and user awareness, VPN connectivity and even anti-malware capabilities. These integrated devices were themselves an attempt to tame complexity. The confusion, of course, is that these same security layers - and new ones that keep being invented - seem to have become as or even more important than the core firewalling function.
Sign up for CIO Asia eNewsletters.