Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Survey Shows Extremely Low Levels Of Firewall Auditing

Tufin Technologies : 09 June, 2010  (Technical Article)
IT Professionals surveyed by Tufin Technologies admit to cheating during IT audits and taking firewall audits as little as once in five years
While our MPs are promising more transparency and honesty in politics perhaps the IT industry should follow suit. According to a survey, conducted by Tufin Technologies of 242 IT professionals mainly from organisations employing 1000 to 5000+ employees, 1 in 10 admitted that either they or a colleague have cheated to get an IT audit passed. However it isn't all bad news; compared to a similar survey conducted in 2009 the number of people admitting to cheating has halved in number.

Amongst those who have cheated lack of time and resources are cited as the main reasons, underlining the ever increasing pressure on today's IT departments. With 25% responding that firewall audits take a week to conduct attempting to avoid this painful process is understandable if not excusable.

What's more 30% of respondents only audit their firewalls once every 5 years and even more worrying 7% never even conduct an audit. With this in mind it's less surprising to find out that 36% of IT professionals admit their firewall rule bases are a mess increasing their susceptibility to hackers, network crashes and compliance violations.

The survey also found that:

• 31% only audit their firewalls once a year
• 22% don't know how long it takes to audit their firewalls
• Of those that admit their firewall rule base is a mess, 25% believe this makes their network susceptible to crashes and 38% susceptible to compliance violations
• 56% responded that automation tools would save them a lot of time

While companies pay a lot of attention to the firewalls selection process, and invest millions in acquiring it, much less attention and resources are invested in making sure the firewalls are optimized at all times for potential security risks and compliance breaches.

Michael Hamelin, Chief Security Architect at Tufin Technologies said: "It is a cause for concern that so many companies are only conducting audits sporadically and are admitting that their firewalls are in a mess. The consequences of a firewall with rules that are out of sync leave networks open to exploitation. Without the right automation tools, managing firewalls is complicated and time consuming making it very tempting for IT professionals to cheat to get their audit passed. But in the long run it will only cause more problems."

Despite our gloomy economic environment it is encouraging to see that IT has remained high on the budget priorities with 59% of companies revealing that they have not been forced to focus on cost savings at the expense of their company's security. With malware at record highs and more and more compliance legislation businesses are clear that it is not in their interests to cut IT spend.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo