Examining the Dangers of Complexity in Network Security Environments AlgoSec Survey Insights



Similar documents
The Firewall Audit Checklist Six Best Practices for Simplifying Firewall Compliance and Risk Mitigation

The State of Network Security 2013: Attitudes and Opinions An AlgoSec Survey

The Business Case for Network Security Policy Management Quantifying the Annual Savings with the AlgoSec Security Management Suite

SECURITY POLICY MANAGEMENT ACROSS THE NEXT GENERATION DATA CENTER

AlgoSec. Managing Security at the Speed of Business. AlgoSec.com

The business case for managed next generation firewalls. Six reasons why IT decision makers should sit up and take notice

Tufin Orchestration Suite

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

Total Protection for Compliance: Unified IT Policy Auditing

Managing the Unpredictable Human Element of Cybersecurity

NERC CIP VERSION 5 COMPLIANCE

Best Practices for Building a Security Operations Center

Payment Card Industry Data Security Standard

AUTOMATING AUDITS AND ENSURING CONTINUOUS COMPLIANCE WITH ALGOSEC

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

Managed Services. Business Intelligence Solutions

Requirements When Considering a Next- Generation Firewall

Clavister InSight TM. Protecting Values

DEMONSTRATING THE ROI FOR SIEM

2016 Firewall Management Trends Report

SECURITY CONTROLS AND RISK MANAGEMENT FRAMEWORK

IBM Security Intelligence Strategy

FIVE PRACTICAL STEPS

Managed Security Service Providers vs. SIEM Product Solutions

THE TOP 4 CONTROLS.

Q1 Labs Corporate Overview

Demonstrating the ROI for SIEM: Tales from the Trenches

Reining in the Effects of Uncontrolled Change

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

DNS Server Security Survey

White Paper. Network Management and Operational Efficiency

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

Tata Communications Security Outsourcing. A Must-have for Entry into the Global Economy.

2012 North American Managed Security Service Providers Growth Leadership Award

Skybox Security Survey: Next-Generation Firewall Management

Executive Summary. Copyright AlgoSec, Inc. All rights reserved.

StoneGate. High Availability Firewall and Multi-Link VPN. Security Availability Manageability Scalability

The Evolution of Manufacturing Software Platforms: Past, Present, and Future

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

IBM Security QRadar Risk Manager

How To Value Data Center Maintenance Services

Symantec Residency and Managed Services

What is Security Intelligence?

Dynamic Service Desk. Unified IT Management. Solution Overview

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

AD Management Survey: Reveals Security as Key Challenge

The Cisco ASA 5500 as a Superior Firewall Solution

Enabling Continuous PCI DSS Compliance. Achieving Consistent PCI Requirement 1 Adherence Using RedSeal

QRadar SIEM 6.3 Datasheet

Security Intelligence Solutions

Best Practices for PCI DSS V3.0 Network Security Compliance

Trends & Opportunities in Law Firm Outsourcing survey

Corepoint Community Exchange Features and Value - Overview

Virtualization Essentials

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

HP and netforensics Security Information Management solutions. Business blueprint

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Firewall Administration and Management

The Legal Needs of Small Business. A Research Study Conducted by Decision Analyst Commissioned by LegalShield

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

Vulnerability Management

Information Technology Policy

Boosting enterprise security with integrated log management

Changing the Enterprise Security Landscape

Bridging the gap between COTS tool alerting and raw data analysis

Tivoli Security Information and Event Manager V1.0

Remote Management Services Portfolio Overview

Protect Your Connected Business Systems by Identifying and Analyzing Threats

AlienVault for Regulatory Compliance

McAfee Security Architectures for the Public Sector

WHITE PAPER Using SAP Solution Manager to Improve IT Staff Efficiency While Reducing IT Costs and Improving Availability

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

Proactive Performance Management for Enterprise Databases

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

Vulnerability management lifecycle: defining vulnerability management

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

UNCOVER WHAT S HIDDEN IN YOUR SAP ERP DATA TO HELP CUT COSTS AND RAISE COMPLIANCE

Logging and Alerting for the Cloud

The webinar will begin shortly

Avishai Wool, Ph.D. AlgoSec CTO & Co-Founder. AlgoSec Inc. 1

The Case for Managed Security Services for Log Monitoring and Management

IBM QRadar Security Intelligence Platform appliances

Cloud Assurance: Ensuring Security and Compliance for your IT Environment

TRENDS IN BUSINESS CONTINUITY AND CRISIS COMMUNICATIONS SURVEY

IBM Tivoli Netcool network management solutions for SMB

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk

The Age of Audit: The Crucial Role of the 4 th A of Identity and Access Management in Provisioning and Compliance

Transcription:

Examining the Dangers of Complexity in Network Security Environments AlgoSec Survey Insights Copyright 2012, AlgoSec Inc. All rights reserved

Executive Summary An online survey of 127 IT security professionals, with direct responsibility for managing their organizations network security environments, reveals that the complexity of multivendor environments correlates to more frequent system outages and security incidents. Surprisingly, most organizations still manage their environments manually even large enterprises with hundreds of devices. Overall, the survey reveals a tremendous opportunity for security teams to reduce risk by simplifying and automating security management across their entire estates. About the Survey Key Highlights: Complexity yields risk. A majority of respondents in midsized and enterprise organizations (55.3%) reported a security breach, system outage, or both, due to complex policies. The Dangers of Network Security Complexity 2012 survey was conducted to study the impact of complexity in network security environments, based on the numbers of vendors, devices, and rules in the environment. Too many policies yields complexity. Too many policies to manage is the leading challenge (43.7%) of managing multiple devices. Too many vendors yields complexity. The leading challenge of managing an environment with multiple vendors is different expertise is required for each vendor (49.6%). Manual management is still the norm. Nearly 75% of organizations manage their network security manually, even among the largest companies. 51.2% manage their devices manually through each vendor s console. Another 23.6% manage their network security per device. AlgoSec invited security professionals to participate from a global database representing companies of different sizes, in a broad range of industries, and with various levels of complexity. No AlgoSec customers or partners were invited. All survey respondents indicated that they have direct responsibility for administering/managing their organization s network security environment. The respondents in the final analysis represent 29 countries on 6 continents, across a wide range of industries including financial services, technology, consumer goods, transportation, healthcare, and government sectors. Consolidation would yield simplicity. Half of our respondents believe that the greatest benefit of consolidating network security vendors would be simplified management. Among those who manage network security devices manually using vendor consoles, this number is nearly 60%. 2 Copyright 2012, AlgoSec Inc. All rights reserved

What is Complexity? For the purposes of this survey, we define a complex environment as one that has multiple vendors, many devices, and many firewall rules. Figure 1: What size is your organization? To analyze various levels of complexity, we surveyed security professionals in businesses of various sizes (Figure 1). Enterprise (2500+ employees) 40.9% Small (1-50 employees) 18.9% Midsize (50-2500 employees) 40.2% The data supports the assumption that a larger organization is likely to have a more complex network security environment. When we rank all the organizations we surveyed by numbers of vendors, devices and rules, 55.8% of Enterprise organizations are in the top half of the ranking, while only 11.8% of Midsize organizations and 4.2% (1 out of 23) of Small organizations are in the top half. Vendors and Devices An overwhelming majority, 94.4%, uses network devices from multiple vendors, and 57.1% have 4 or more vendors devices to manage (Figure 2). Nearly half have 50 or more devices (Figure 3). Figure 2: Vendors How many different security vendors are implemented on your network? More than 10 11.1% 1 5.6% Figure 3: Devices How many security devices are on your network? 250+ 18.3% Less than 10 30.2% 6-10 12.7% 2-3 37.3% 100-249 9.5% 4-5 33.3% 50-99 18.3% 11-49 23.8% As one might predict, a high number of devices correlates with a high number of vendors, but with some exceptions. In the group with less than 10 devices, 79.0% have relationships with three vendors or fewer. However, two of these respondents use 6-10 vendors, which equates to one or two devices per vendor. 3 Copyright 2012, AlgoSec Inc. All rights reserved

At the other extreme, of the respondents with 250+ devices, 56.5% have six vendors or more, and 39.1% have more than 10. Yet, one respondent (in the educational sector) manages over 250 devices from one vendor. Firewall Rules 41.8% of organizations of all sizes manage over 200 rules per firewall (Figure 4). The total 501-1,000 13.4% Figure 4: Rules per Firewall On average, how many rules are implemented on each firewall? 1,000+ 8.7% number of firewall rules across the estate generally correlates to the size of the organization: all but three of the Small organizations have 1-1,000 rules, while all except one of the organizations with 10,000+ rules are Enterprise. Impacts of Complexity We asked, Complex and/or conflicting security policies, such as firewall rule sets, router ACLs, IPS configurations, etc. have had what impact 201-500 19.7% on security and system availability? The 51-200 responses are markedly different according to 31.5% company size: Small organizations are much less likely to report a known negative impact. When we examine Midsize and Large organizations only, which are more likely to have complex networks, 55.3% report that complexity in security policies and configurations has created a known security breach, a system outage, or both (Figure 5). 1-50 26.8% Had no known impact on security/system availability 44.7% Figure 5: Impact of Complex or Conflicting Security Policies, Midsize and Enterprise Caused a security incident 16.5% Figure 5a: Impact, All Respondents (Small, Midsize, Enterprise) Caused both a security incident and a system outage 9.7% 12.5% 50.0% 10.2% 27.3% Caused a system outage 29.1% 4 Copyright 2012, AlgoSec Inc. All rights reserved

Complexity and Management Approach Automate through centralized management 13.4% Figure 6: How do you manage multiple devices/vendors on your network? Outsource 11.8% Manually manage each device / technology 23.6% Manually manage through each vendor's console 51.2% Figure 7: Impact of complexity, companies who manage multiple vendors/devices manually (compare to Figure 5) Caused a security incident 6.7% We asked respondents, How do you manage multiple devices/vendors on your network? Surprisingly high numbers of the respondents, 74.8%, manage their networks manually, either using vendor consoles, or device by device (Figure 6). Respondents who manage their network security manually (rather than through automation or outsourcing) are more likely to report that complexity caused a system outage (Figure 7). They are also more likely to state that complexity had no known impact on security breaches or system outages. Since manual management is typically more error-prone than automated, we surmise that some security breaches might be going unnoticed in manually managed, complex environments. Had no known impact on security/syste m availability 56.7% Caused a system outage 30.0% Caused both a security incident and a system outage 6.7% 5 Copyright 2012, AlgoSec Inc. All rights reserved

Challenges of Complexity Too many policies to manage 43.7% Figure 8: What is the greatest challenge of working with multiple security devices in your network? Audit preparation is too timeconsuming 13.5% Different departments responsible for different devices 15.9% Too many management consoles 27.0% Figure 9: What is the greatest challenge of working with multiple security vendors on your network? Lack of interoperability 22.8% Different expertise required for each vendor 49.6% Complexity of the audit process 17.3% Conflicting policies create security gaps 10.2% Number of Devices 43.7% of all respondents state that the leading challenge of managing multiple devices is that there are too many policies to manage (Figure 8). Another 27.0% state that having to use too many management consoles is their top challenge. Both these responses indicate that the sheer volume of policies and devices adds difficulty to network security management. Number of Vendors Nearly half, 49.6%, of respondents state that the greatest challenge of working with multiple vendors is that different expertise is required for each vendor (Figure 9). When these responses are grouped by the number of vendors supported, different expertise remains the top challenge across all groups, and increases in prominence as the number of vendors increases. Of the respondents who work with more than 10 vendors, 71.4% cited the need for different expertise as the top challenge. 6 Copyright 2012, AlgoSec Inc. All rights reserved

Complexity and Next-Generation Firewalls (NGFWs) This survey validates the findings on NGFWs in our previous study, The State of Network Security 2012: Attitudes and Opinions, which found that while 84.0% of respondents report feeling more secure with NGFWs, 76.0% report the NGFWs add more work to their firewall management processes. In this study, 45.7% of respondents use NGFWs and of this group we see notable differences in the responses, relative to the overall survey: Too many policies is a greater challenge. 48.3% of NGFW users state that Too many policies to manage is the greatest challenge of managing multiple devices, compared to 43.7% in the total survey (Figure 8). Conflicting policies is a lesser challenge. 6.9% of NGFW users report that Conflicting policies create a security gap is the greatest challenge of working with multiple vendors, compared to 10.2% in the overall survey (Figure 9). Together, these differences reinforce the finding that NGFWs are effective at closing security gaps, while adding to the overall complexity of the security environment. Benefits of Consolidating Vendors We asked the security professionals in our survey what the greatest benefit of consolidating vendors would be, and they overwhelmingly state that simplified management would be the most positive result (Figure 10). Figure 10: What is the greatest benefit of consolidating network security vendors? Standardization of expertise 13% Simplified management 50% Greater integration 19% Less support required 11% Reduced costs 7% Figure 10a: Among those who manage manually by vendor console When we isolate those organizations who manage network security policy manually through each vendor s console, the Simplified management and Standardization of expertise groups are much larger. These respondents are less concerned with integration, support required, and costs (Figure 10a). 18.8% 59.4% 12.5% 4.7% 4.7% It is clear that multi-vendor environments add to the complexity, overhead, and skills required to maintain a secure environment. 7 Copyright 2012, AlgoSec Inc. All rights reserved

Conclusions The landscape of network security is only becoming more complex and difficult to manage, as security threats become more sophisticated and as new technologies are adopted. Next-generation firewalls and other new technologies can reduce risk, but at a potential cost of complexity and overhead. Security professionals face an increasing challenge to keep their networks safe, affordable, and manageable. The good news is that opportunities for simplifying network security do exist. Most markedly, a vast majority of companies of all sizes have the opportunity to automate their manual processes. With too many policies, too many management consoles, and too much of a range of expertise required to keep the network secure, security professionals know that consolidating vendors would simplify their operations. And simplifying operations means tighter, more effective security. More is not better when it comes to devices and vendors in a network security environment. When the environment grows so complex that policies are harder to manage and available personnel can t handle the load, then bigger and better technology doesn t mitigate risk it creates risk. Security professionals who manage these complex environments have a new responsibility to simplify, in order to keep their digital assets safe. For further reading, see The State of Network Security 2012: Attitudes and Opinions, available from AlgoSec. 8 Copyright 2012, AlgoSec Inc. All rights reserved

About AlgoSec AlgoSec is the market leader in network security policy management. AlgoSec enables security and operations teams to intelligently automate the policy management of firewalls, routers, VPNs, proxies and related security devices, improving operational efficiency, ensuring compliance and reducing risk. More than 900 of the world s leading enterprises, MSSPs, auditors and consultancies rely on AlgoSec Security Management Suite for unmatched automation of firewall operations, auditing and compliance, risk analysis and the security change workflow. AlgoSec is committed to the success of every single customer, and offers the industry's only money-back guarantee. For more information, visit www.algosec.com. 300 Colonial Center Parkway Suite 100 Roswell, GA 30076 USA T: +1-888-358-3696 F: +1-866-673-7873 E: info@algosec.com AlgoSec.com 9 Copyright 2012, AlgoSec Inc. All rights reserved

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information