Use of firewall management tools has resulted in fewer breaches, faster response time, and increased productivity, according to a report commissioned by U.S.-based FireMon.
The study, entitled Automate Zero Trust Policy and Enforcement, drives home the benefits of using a firewall auditing tool. The survey polled 188 IT security decision-makers at U.S. enterprises in highly–regulated industries.
The independent report found that 59% of organizations using firewall auditing and configuration tools endured fewer data breaches. Not surprising on the surface, perhaps, but it is significant that three out of five companies can reduce their exposure just by taking advantage of tools already available to them.
What’s more, nearly two-thirds of respondents achieved increases in productivity, as the advanced toolsets drove down time to resolution. And 55% report improved visibility into network traffic.
The report also examines the flip side. Organizations that have not implemented advanced firewall management “struggle with time-intensive auditing and change control processes, quality issues and resource constraints.”
Specifically, 44% of users reported they can respond to a security breach in less than an hour compared with just 25% of non-users.
The report hammered home the critical warning that simply implementing a firewall management tool is not enough. Launching such a complex solution, and then not managing it proactively, creates a false sense of security and increases risk exposure.
Additional key survey findings include the following:
- Almost half of enterprises that use a next-generation firewall do not use management or auditing tools at all.
- Next gen devices are rapidly approaching mass adoption, with 90% of enterprises expected to be on board within two years.
- Firms that claim their manually approach to auditing firewalls is adequate to the task face significantly more challenges than those that use a management solution.
The takeaway: When properly managed, next generation firewalls are central to most network defense strategies. But they require constant tuning to thwart new kinds of attacks, regular software and hardware upgrades, and literally full time monitoring.
(If you’re not staffed to do this, we are.)