Change management of firewall

The combination of new applications and new users, network evolution and new threats are a source of many evils for IT staff and security. How these teams should they then work together to eliminate the risk in environments in constant change?

By Mark Henry Guy, Regional Director EMEA AlgoSec.

"Our only security is our ability to change," wrote John Lilly, the American philosopher and physician. But talk to a security manager under pressure or a CIO, and they will tell you they gladly accept much less change if they got more security.

In other areas of IT, such as that of integrated enterprise resource systems, will continue to operate effectively, without major intervention for long periods of time. But security, each new hire, each patch or software upgrade and update each of the network open a security hole and increase the risk exposure of the organization. This situation becomes even more complicated in large organizations, which may have a mixed field of security including firewalls traditional firewall and next generation of virtual firewalls provided by different suppliers, all with hundreds of Thousands of policies and rules.

Then there is the rapid and unexpected, often requested by members of the Executive Committee to access resources or specific functions. In some cases, these changes are made in haste (after all, who can refuse a request for a supervisor because he wants to access, immediately, to the network with its new Tablet PC?), Without sufficient analysis of whether the change is authorized under the existing security policies, or creates a new source of exposure to risk.

If we add to these concerns the internal growing number of external threats, malware, social engineering exploits and hackers, it is not surprising that IT and security teams believe the change, although that inevitable, their launches many more challenges than they would like.
So how IT and security teams should they work together to manage change and better control the security issues associated with it? How should they deal with updating their infrastructure and their complex security policies to ensure simultaneously a better system availability and better security?

In the same boat

The first step is to ensure that IT teams and those of security work in harmony with each other. In many large companies, operational and administrative tasks can be performed routinely by different teams of those who deal with security risks and tasks. Although both teams generally tend towards the same objectives, the decisions of one can cause problems for the other - as in the previous example, the executive who wants to add its new Tablet PC to the network. Sometimes these situations can be handled in a hurry to get rid of them, with the intention to treat security issues later. But if the latter is crucial, it can be neglected.

It is therefore useful to recognize that these potential pitfalls exist and to implement measures to improve coordination between different teams. If you can not always predict exactly when users request to add new devices to the network, you can certainly prepare a routine process to meet these requests as and when they occur. Gather the two teams to prepare roadmaps for dealing with such situations - as well as other situations "listed" such as updates to the network, the gels changes, and audits - helps reduce the risk of These changes open up security vulnerabilities.

A clearer

To establish these roadmaps, it is essential to understand the topology of your network, which can be extremely complex enterprise environments in multi-site. Where are the main channels and choke points for traffic flow computer? Where are the potential vulnerabilities? How are configured firewalls on the network, and what policies and safety rules, operating on these devices?

The answers to these questions will help you identify and target areas with potential security holes. However, the pace of infrastructure changes under way - not to mention the speed at which external threats are evolving - means that manual assessments and periodic risk and network are simply more frequent enough to allow staff to arrive to follow.

In addition to being able to visualize your network, you must be able, in near real time, to respond to network problems and quick access to all types of firewalls and to apply changes in a way that is both consistent with security policies and fully verifiable. This requires the automation of these critical tasks consuming labor.

Automation for IT staff

Why automate these tasks? Simply put, organizations can not afford not to automate. In 2011, leaders of the IT and security were interviewed about their * management problems of firewalls. 66% said that human error was the main cause of failure of network security - in other words, simple errors made when evaluating the application or "manual" rules of firewalls or policies.

Respondents also said that it is the management of firewalls that asked the biggest investment of time while causing as many disruptions in the networks. 73% cited a large number of changes as the main reason for their investment of time in the management of security gateways. The survey clearly identified several needs: an overview, dashboards, security issues, information on availability issues and compliance, reduced human error, and prioritized actions for reduce critical risks.

The automation allows teams to take control and not simply fighting fires being tossed between incidents. The right solution can help teams to track traffic or potential connectivity problems. It highlights areas of risk, the current state of compliance with the policies in mixed environments including traditional firewalls, those of the next generation and virtual. It can also automatically identify precisely the features that require changes, and show how to design and implement this change, the safest way.

An automated solution enables easier management and more predictable change firewalls in large environments with multiple teams. Because it is the solution itself that does the most work, it also frees up time to manage security tasks more strategic as well as compliance. An additional advantage comes from optimizing the performance of firewalls and gateways. Remember that firewalls generally treat their sets of rules sequentially until they find one that matches the traffic. How many rules have been added to your firewall during these years? Extending the number of sets of rules degrades performance. By cleaning up unused rules of your firewall, and prioritizing rules that are most frequently used, you reduce the amount of processing that the device should do.

Thus, the constant changes should not be a nightmare for IT staff and for those of security. The ability to better manage change afforded by automation can make a real difference to the security of a company.