Skybox Security Survey: Next-Generation Firewall Management November 2012 Worldwide Results Notice: This document contains a summary of the responses to a November 2012 survey of medium- to largesize organizations about their next-generation firewall management adoption and practices. The survey was sponsored by Skybox Security and conducted by Osterman Research. Additional survey information will be made available through www.skyboxsecurity.com. All rights reserved. 1
Survey Overview Worldwide Results Research Overview Skybox Security conducted a survey of enterprise IT and security personnel who were knowledgeable about organizations next-generation firewall (NGFW) programs and activities in November 2012. In addition, responses were utilized only from organizations with at least 10 firewalls currently deployed, and with plans to deploy NGFWs in the next 12 months. The primary goal of the survey was to understand the issues and challenges that organizations are experiencing as they migrate to and manage NGFWs. Additional survey information will be made available through www.skyboxsecurity.com. All rights reserved. Details of the Survey The survey was conducted by Osterman Research on behalf of Skybox Security. This report includes 209 surveys, 106 from the United States and Canada, and 103 European respondents from the UK, France and Germany. The median number of employees at the organizations surveyed was 1,000 (average 7,660), and the median number of email users was also 1,000 (average 7,571). There were 100 respondent organizations with 1,500 or more employees, 76 organizations with 250 1,499 employees, and 33 organizations with less than 250 employees. Key vertical industries represented include finance (16% of respondents), manufacturing (15%), government and defense (9%), and retail and wholesale businesses (8%). The largest organization responding had 280,000 employees, and the smallest had 10. 2
Executive Summary of Findings Next-Generation Firewall Survey, November 2012 Worldwide Results Adoption Over the next 12 months, there will be significant deployment of next-generation firewalls (NGFWs). North American and European respondents reported similar deployment plans, with 19% of NA companies and 17% of European reporting that the majority of their firewalls are next-generation versions today. Within 12 months, 44% of North American and 47% of European respondents expect the majority of their infrastructures to be next-generation firewalls. Overall, organizations are moving to NGFWs primarily to improve their protection against complex threats, limit access to internal and external applications, and improve network performance. North American respondents emphasized prevention of complex attacks as leading driver, while European respondents listed internal access controls as the leading driver. Migration/Deployment The key functionalities used or anticipated by organizations adopting NGFWs are: Standard firewall capabilities -- Integrated network intrusion prevention Content-specific policy enforcement -- Application-aware policy enforcement Median time to migrate to NGFWs is approximately 6 months. North American respondents listed planning architecture changes and validating correct operation of NGFWs as top migration concerns. European respondents emphasized the expected process impact of the migration to NGFWs, listing process changes and staff training as the top concerns. 3
Executive Summary of Findings, Cont. Next-Generation Firewall Survey, November 2012 Worldwide Results Management 46% of North American organizations and 60% of European organizations reported having to manage over 100 rules per firewall. European organizations reported an average of 273 firewall rule changes per month, more than twice the number of North America respondents (123) Over 35% of both North America and European respondents listed these as top ongoing management challenges: Verifying that access and network segmentation policies are being enforced correctly Maintaining IPS signatures Other top management challenges included: verifying rule and configuration compliance, internal reporting, firewall optimization and managing changes. IPS 93% of organizations use/plan to use the IPS module of their NGFW (62% in active prevention mode) The majority (65%) of North American organizations manage IPS signatures automatically via updates from the firewall vendor, while the majority (44%) of European organizations manage IPS signatures manually. 4
Next-Generation Firewalls Today Global Comparison By Region Approximately what percentage of your firewalls are next-generation firewalls TODAY? Number of Companies 40 35 30 25 20 15 10 5 Reporting majority NGFWs TODAY N. America: 19% Europe: 17% 0 None Less than 10% 10-24% 25-49% 50-74% 75-100% N. America Europe 5
Next-Generation Firewalls Next 12 Months Global Comparison By Region Approximately what percentage of your firewalls do you anticipate will be nextgeneration firewalls in 12 months? Number of Companies 35 30 25 20 15 10 5 Expecting Majority NGFW in 12 MONTHS N. America: 44% Europe: 47% 0 None Less than 10% 10-24% 25-49% 50-74% 75-100% N. America Europe 6
Why Move To Next-Generation Firewalls? Global Comparison By Region Why did your organization (plan to) move to a NGFW? Please check all that apply. To increase protection against complex attacks 29% difference To control access to external applications 19% difference To enable mobile device BYOD (bring your own device) initiatives To improve firewall performance (increase speed, throughput) To cut management time For better malware identification N. America Europe To reduce operational costs Selecting the newest technology for a planned firewall refresh To reduce the number of security devices To control access to internal applications 19% difference 0% 10% 20% 30% 40% 50% 60% 70% 80% Percentage of Companies 7
What NGFW Capabilities Are You Using? Global Comparison By Region Which next-generation firewalls capabilities are you using or planning to use in the next 12 months? Please check all that apply. Standard firewall capabilities 29% difference Integrated network intrusion prevention 24% difference Content-specific policy enforcement Integrated malware detection N. America Europe Application-aware policy enforcement Directory integration for user-aware policy enforcement Address blacklisting and whitelisting 0% 10% 20% 30% 40% 50% 60% 70% 80% Percentage of Companies 8
IPS Usage Global Comparison By Region Do you use (plan to use) the IPS module of the next-generation firewall? If so, how do you use (or will you use) the IPS features? Please check all that apply. Number of Companies 70 60 50 40 30 20 Percent of organizations that use or plan to use the IPS module of their NGFW: 91% of North American organizations 82% of European organizations North America Europe 10 0 Active prevention mode Detection mode only Don t know yet 9
Migration Challenges Global Comparison By Region On a scale of 1 to 5, please rate the following challenges when migrating to/implementing next-generation firewalls, where 1 is this is no problem at all and 5 is this is a major challenge for us? Please check all that apply. Validating the correct operation of next-gen firewalls 0.17 difference Planning the architecture changes to minimize impact on operations 0.20 difference Creating new, more granular policies based on applications, users, content types Managing multiple types of firewall devices and vendors at the same time Training administrators on new firewall platform and concepts 0.15 difference N. America Europe Converting traditional firewall configurations to the new NGFW configurations Changing processes related to auditing, change management, reporting 0.25 difference 2.80 2.90 3.00 3.10 3.20 3.30 3.40 3.50 3.60 3.70 Rating From 1 (no problem) to 5 (major challenge) 10
Firewall Rules Global Comparison By Region Percentage of Companies 45% 40% 35% 30% 25% 20% 15% 10% 5% How many rules per firewall on average, do you have in your next-gen firewalls? N. America Avg: 216 rules Europe Avg: 289 rules 0% 0-50 51-100 101-300 301-1,000 More than 1,000 Don t know NORTH AMERICA EUROPEAN 60% How many changes per month are performed across all of your next-generation firewalls? N. America Avg: 123 rule changes Europe Avg: 273 rule changes Percentage of Companies 50% 40% 30% 20% 10% 0% 0-50 51-100 101-300 301-1,000 More than 1,000 Don t know NORTH AMERICA EUROPEAN 11
Top Challenges for Ongoing NGFW Management Global Comparison By Region What are the top three challenges now in on-going management of NGFW? Please select only the top three. Compliance with vendor best practice configuration recommendations Internal reporting 8% difference 7% difference Verifying that access and network segmentation policies enforced correctly Demonstrating policy compliance to auditors Verifying rule compliance Maintaining the set of IPS signatures Europe North America Optimizing rule-sets Managing firewall changes Managing traditional and NGFWs simultaneously 16% difference Troubleshooting connectivity issues 18% difference 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% Percentage of Companies 12
IPS Management Global Comparison By Region If you use the IPS module of the NGFW, how do you maintain the set of IPS signatures to be included in the policy (the IPS part of the NGFW)? We manage signatures automatically, using the updates of the firewall vendor 22% difference We manage signatures manually 21% difference Europe Currently, we don t manage the IPS signatures North America Not applicable, we don t use the IPS functionality 0% 10% 20% 30% 40% 50% 60% 70% Percent of Companies 13
Some Comments From Respondents What Works Definitely prefer an integrated solution to reduce required management time. Single vendor to identify and resolve problems. Our next-gen firewalls are in the cloud and managed by a third party provider. This makes the change process slower, but does require better documentation be generated before a change is made. We have been generally pleased with the enhanced level of security and functionality provided by the more granular rule available from NGFW products thus far. What Doesn t Work It's been our experience that the default/recommended settings are only somewhat applicable to our needs. A lot of manual fine-tuning has been (and continues to be) necessary. Centralized management creates a single point of failure if the supporting infrastructure for the management console goes down, with no ability to manage from elsewhere. Central management console to push policies is critical. 14
About Skybox Security Pioneer in Security Risk Management We help enterprises find, prioritize, and drive remediation of network security risks such as vulnerabilities and misconfigurations Our portfolio of automated tools are used daily for continuous network visibility expert security analytics automated firewall management to help prevent cyber attacks Proven in Challenging Networks 300 Global 2000 customers Financial Services, Government, Defense, Energy & Utilities, Retail, Service Providers, Manufacturing, Tech 85% growth in 2011 15
Skybox Product Portfolio Firewall Assurance Automated firewall analysis and audits Change Manager Complete firewall change workflow Network Assurance Network compliance and access path analysis Risk Control Prioritize vulnerabilities and attack scenarios Threat Manager Workflow to address new threats 16
Unique Skybox Advantages Complete Portfolio - Addresses broad range of security risk management challenges Non-Intrusive Modeling and simulation technology delivers daily assessments without disruption Advanced Analytics Network path analysis, network and security modeling, multi-step attack simulation, risk KPI metrics Enterprise Class Performance and Scalability- Daily risk management effective in large-scale and complex environments Extensive Integration Consistent feature set supports 72 network devices and security management systems Email info@skyboxsecurity.com for more information about Skybox Security solutions 17
2012 Skybox Security, Inc. All rights reserved. No part of this document may be reproduced in any form by any means, nor may it be distributed without the permission of Skybox Security, Inc., nor may it be resold or distributed by any entity other than Skybox Security, Inc., without prior written authorization of Skybox Security, Inc. Skybox Security, Inc. does not provide legal advice. Nothing in this document constitutes legal advice, nor shall this document or any software product or other offering referenced herein serve as a substitute for the reader s compliance with any laws (including but not limited to any act, statue, regulation, rule, directive, administrative order, executive order, etc. (collectively, Laws )) referenced in this document. If necessary, the reader should consult with competent legal counsel regarding any Laws referenced herein. Skybox Security, Inc. makes no representation or warranty regarding the completeness or accuracy of the information contained in this document. THIS DOCUMENT IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED REPRESENTATIONS, CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE DETERMINED TO BE ILLEGAL. 18