While firewalls were initially designed as a perimeter gateway, Tufin’s survey of 140 network security professionals report that enterprise application connectivity- related issues now drive the vast majority of firewall changes. However, few have effective processes in place to account for this shift, and almost one fifth don’t have any processes in place for managing enterprise application connectivity-related firewall data at all. As a result, 64% experience application service disruptions due to network configuration changes, as often as 10 times per year, and one third believe their organization may have had a security breach due to an application-related rule change. These findings highlight the business case for SecureApp, which Tufin launched in September 2012.
“While we had to ensure that our security policy was implemented without compromise, applications were, and still are, the lifeblood of our organization. Our firewall team was continuously being challenged by the ever-increasing risk of attacks and they needed advanced tools to detect and mitigate the risks,” said SecureApp customer Christoph Littwin, Head of Telecommunications, SIX Group. The results of Tufin’s survey indicate Mr. Littwin’s situation is now the norm. Pertinent findings include:
* 55% of respondents have more than 50 mission-critical enterprise applications deployed across their organization; About one third have more than 100
* Almost 90% say that more than 50% of their organizations firewall changes are application-related
* 60% of respondents manage connectivity requirements across three or more network security consoles
* 31% say their organization may have had a security breach due to a rule change related to a new application
* 64% experience application service disruptions due to network configuration changes up to 10 times per year
* 41% deploy at least one new application each week and 31% each month; 71% on-board at least one new user to an existing application each week
* 37% keep track of application connectivity requirements by inserting comments into the firewall rule base, subjecting the organization to procedural inefficiencies:
* Application owners, after defining the applications’ connectivity requirements, are left with limited visibility
* The firewall policy is defined by the application connectivity policy, creating a bottom-up rather than top-down approach
* 16% don’t keep track of application connectivity requirements at all
* 54% may have opened ports NOT required for applications, exposing the organization to potential compliance violations and security breaches
Tufin developed SecureApp to enable network security administrators to create common ground with application owners and automate business processes relating to application connectivity. SecureApp separates the business requirements from the underlying firewall and router policies, enabling security professionals and application owners to easily define, update, monitor and remove applications – without analyzing long lists of access rules on multiple firewalls and routers
“This survey supports our belief that application connectivity management is the next frontier of firewall management,” said Ruvi Kitov, CEO and Co-Founder, Tufin.
“Just as Next Generation Firewalls caused a paradigm shift in the firewall market by enabling policies to be based on users and applications, SecureApp heralds a paradigm shift in the security policy management market by delivering a top-down approach based on business requirements, instead of a bottom-up approach based on configurations.”