Manual tasks cause some IT staffers to cheat during auditsby Steve Ragan - Nov 16 2011, 12:00
7According to Tufin Technologies, a vendor focused that focuses on the Security Lifecycle Management (SLM) issues within enterprise operations, says that problems related to firewall management have actually caused some professionals to cheat during an audit.
According to a study of 100 professionals who deal with firewall management and auditing, 22-percent of them knew someone who cheated during an audit, which is a 10-percent jump from last year’s results. Why? The manual process required to track and implement changes to the firewall rules can drain an administrator’s day, and to them, that’s time better spent dealing with other things.
According to the respondents (28-percent), most rule changes take several hours or several days on average to design and implement, but then later 85-percent of them said that nearly half of those changes will need modification because they were not correct in the first place.
Sixty-six percent said their change management processes do or could place the organization at risk of a breach, because of a lack of formal processes (56-percent), or a manual processes with too many steps or people in involved (29-percent). Again, time is the issue.
“This year’s survey reveals that, more than budget constraints or any other factor, time is the security manager’s most precious resource,” said Shaul Efraim, vice president of Marketing and Business Development for Tufin Technologies.
Frankly, the results are not surprising, not even the 23-percent who said they never do firewall audits, or the 11-percent of them who said they don’t even know how long such an audit would take.
In almost any technology business, IT has to manage devices, routers, switches and, most importantly, firewalls. The more devices a business has, the more IT management must focus on. The trick, which is actually one of the more frustrating parts of device management, is knowing what all devices are doing at any given time, how they are reacting with other devices on the network, who is accessing them, and what is being done.
For the most part, every IT shop has a different process for device management. Sometimes this means adding layer upon layer of rules to solve little problems or simply just granting permissions to various departments – such as development or QA – to access a device for testing or production deployments. It seems silly, but it happens. It is easier to put out a fire by granting access or adding a rule than it is to have a manager constantly leaning over your shoulder.
Yet, old firewall rules, layered rules that are not cross-checked, or rules set to the compromise-begging value of ANY, offer an attacker just the open door they need into the network.
Now to be fair, Tufin has a horse in this race, as they have change management and compliance offerings (SecureTrack and SecureChange). But we’ve seen them in action, and can honestly say they’re impressive.
SecureTrack centers on policy management and auditing. It does this by tracking changes to devices, without needing to open a console or other interface. Most companies are far from a single-vendor shop, so it’s no surprise to see Cisco sitting in the same rack as Check Point or Juniper. However, Tufin cares little for your vendor; it simply allows you to get a visual of what’s happening on what devices and, if there was a change, what it affected and who initiated it.
SecureChange streamlines device management, and works hand-in-hand with SecureTrack. For example, it allows change automation and process management for security teams charged with overseeing rules and device policy. It comes packed with templates for the most requested changes, as well as allowing the creation of policy for separation of duties.
“There is no benefit to having experienced administrators spend their days searching for needles in haystacks. Automating these tasks saves a significant amount of time and money, dramatically increases the accuracy and efficiency of operations, and improves the organization’s overall network security posture,” Efraim added.
“Despite our success, this survey reveals the maturity curve for Security Lifecycle Management is still on the upswing. Without process automation, auditing network security systems - especially as organizations continue to use more firewalls in virtualized environments... is simply not possible. 60-percent of the sample cited lack of time as the weakest link in their network security. If that is not business justification for automating fundamental but time consuming, error prone, network security processes, then what is?”