IT professionals admit frustration with firewalls

The problems with firewalls vary from budgeting to implementation to changing rules, according to a new report from security segmentation company Illumio.

Video: this smart firewall can protect your company against cyber attacks
Today, 6.4 billion devices connect to the Internet and another 50 billion devices are expected to come online soon. CUJO CEO Leon Kuperman explains how you can safely say in a world full of IoT threats.

Firewalls are one of the most important tools that organizations use to segment and protect critical and sensitive devices, data, networks and other assets. But firewalls can certainly be tricky. Hardware firewalls can be pricey. Implementation and implementation can be complicated. And making changes to the firewall rules can be tricky and time-consuming.

A new report from Illiumo, released on Wednesday, highlights how IT professionals deal with firewalls and reveals some of the challenges they face.

SEE: Hardware decommissioning policy (TechRepublic Premium)

In an Illumio survey of more than 300 IT professionals, 86% said they still use firewalls to segment their applications. Among the respondents, 66% said that managing firewalls was extreme, very, or fairly challenging. Another 26% thought it was somewhat challenging. Only 8% did not consider it a challenge.

Obstacles involved in firewall management

67% of the respondents ranked the firewall management obstacles, pointed to the initial deployment and reconciliation measures, 67% mentioned the process of implementing changes, and 61% referred to the change verification procedure.

The cost price is still an obstacle with firewalls. Depending on the size of the organization and the type of firewall, a single unit can cost between hundreds and thousands to tens of thousands of dollars. Approximately 68% of respondents said they have difficulty receiving the necessary start-up budget to buy firewalls, while 66% have problems getting the resources to work and maintain.

Adjusting the rules on a firewall is another incriminating task. Changes to code, applications and processes can take place quickly and furiously and require frequent updates of firewall rules. But a single firewall update can take one to two weeks, according to the survey. And such changes can sometimes be ups and downs. More than two-thirds of respondents mentioned the difficulty of testing changes to firewall rules before they were implemented. The lack of a good test platform can lead to incorrectly configured rules that break applications.

Implement and configure firewalls

Implementing and configuring firewalls is another challenge. Large data center firewalls are usually deposited at a loading dock and must then be stacked and stacked. Hundreds or thousands of policies and the appropriate network segments must be established during the reconciliation phase. A change process must also be implemented. Among the respondents, 37% said the initial deployment and disabling of their firewalls usually takes one to three months, 17% said it takes three to six months and 7% six to nine months. Only 34% can perform this task in less than a month.

Juggling all the necessary firewall rules is another competition. About 62% of respondents said they have more than 1,000 lines for each firewall used to segment their network. Large organizations with multiple sites and multiple firewalls can have hundreds of thousands of firewall rules. Managing that huge set of rules is especially difficult when many of them have been around for years, and nobody wants to adjust them because they are afraid of making a mistake.

Although many respondents find errors with firewalls, 57% hesitate to stop them due to the potential risks. Some are worried about the resistance in their organization to change, some are afraid of the problems that might arise, and others fear the problems of resolving problems that might arise by leaving firewalls.

Despite the resistance, most respondents said they are evaluating software-defined networking (SDN), a more dynamic way to segment a network. Some people think about trying SDN for rudimentary segmentation. Almost 30% of the respondents said they are using SDN or have already done so.

Sponsored by Illumio and conducted by Virtual Intelligence Briefing, the survey was conducted in October 2019 and responses were raised from more than 300 IT professionals from medium to large companies, most with more than 1,000 employees.

Datacenter Trends Newsletter

DevOps, virtualization, the hybrid cloud, storage and operational efficiency are just a few of the topics of the data center that we will discuss.
Delivered on Monday and Wednesday

Register today

Also see

Image: scyther5, Getty Images / iStockphoto

Leviton Decora Smart Zigbee dimmer (model DG6HD) review: An in-wall switch with an understated design

Premium pricing makes this dimmer a bit of a tough sell. Leviton Today's Best Tech Deals Picked by TechHive's Editors Top Deals On Great Products Picked by Techconnect's Editors Leviton Decora Smart Zigbee dimmer (model DG6HD) Leviton’s new in-wall dimmer is Zigbee 3.0 certified, but judging from the aesthetics you wouldn’t know it was new,…

First ‘murder hornet’ nest in U.S. destroyed, officials say

The first "murder hornet" nest discovered in the United States has been successfully destroyed, Washington state agriculture officials said Monday.The ongoing fight to prevent the invasive Asian giant hornet, which can devastate honeybee colonies, from gaining a foothold is far from over and residents are being asked to report any sightings.Entomologists were able to attach…

Trump states Barrett one of ‘countries’ brilliant legal scholars’ in confirmation speech

President Trump congratulated Amy Coney Barrett in a speech at the White House after the Senate voted to confirm her to the Supreme Court.Oct. 27, 2020

Leave a Reply