In its fourth annual State of the Firewall report, FireMon polled 334 C-suite executives, IT practitioners and security professionals at global companies of all sizes to understand both the state of firewall management and the impact of emerging technologies.
The report found that companies planning to adopt hybrid cloud models face the potential of increased risk with network security policy management if they are not practicing basic firewall hygiene.
For the vast majority of participating organizations, the firewall remains a critical tool in their overall security ecosystem. In fact, 94% said firewalls are either as critical as or more critical than they have ever been and believe the firewall will still be as critical or more critical over the next five years.
That 24% of companies invest more than 25% of their total network security budget and 39% of companies allocate 10% to 24% of it in firewall technologies confirms that firewalls will remain a signature tool in the overall security architecture.
Those firewall technologies do present challenges, though. For nearly a third (30%) of the responding companies, rule complexity is a top challenge. Policy compliance and audit readiness is problematic for 17% of companies and 14% are pained by firewall rule optimization.
With more than 26% of companies managing over 100 firewalls on their network, organizations are challenged with firewall management. A third of participating companies said they have 10 to 99 firewalls on their network. The increased number of firewalls companies are managing produces overwhelming numbers of change requests each week, leaving 40% of companies processing 10 to 99 requests.
“Many companies are still trying to manage firewall rules manually, but in this era of next-gen architectures and sophisticated malware, this is no longer an effective way to enforce access policies and mitigate risk,” said FireMon CEO Satin Mirchandani in a press release.
“With more than half of survey respondents stating that three or more teams are involved in change management, the high number of change requests alone can drain valuable time, resources and budget from any security program. Factor in new technology adoption, and the stage is set for further policy management problems.”