Qualified managed security service providers (MSSPs) often provide a
"managed firewall service" as
a solution for operating, managing, monitoring, and maintaining the firewall.
The MSSP will help you establish, maintain, and modify firewall rules, monitor
your network, and provide feedback, reports, and analysis.
Depending on the scope of the service agreement, the MSSP can perform
firewall installation, application control, and web content filtering, as they
help determine which applications and web content (URLS) to block. . They will
also help manage patches and updates.
Do you need a managed firewall?
Firewalls are essential to protect network traffic, including the flow
of confidential data. They are required to comply with mandates such as PCI
DSS, HIPAA and GDPR. Businesses that do not have the human resources available
to manage their firewalls or other security devices can fill data security gaps
and better prevent data breaches by using a managed firewall service. Most of
the companies our auditors work with employ in-house IT staff to manage their
firewalls, but many also choose to use a reputable managed firewall service to
better focus on their core business objectives.
Complete firewall management requires a high level of experience and
constant vigilance. Firewalls are not point-and-click or configure-and-forget
technology. The purchase and initial configuration of a firewall suitable for a
given environment is only the beginning.
Whether for compliance or data security only, a managed firewall service
can add significant security to a network.
Common firewall management mistakes
Our security analysts often face serious security risks in the field
related to proper firewall configuration and management. These are some of the
problems:
Multiple firewalls
A single firewall requires regular maintenance and daily monitoring - you
should review rule sets, firmware fixes, and configuration updates; This work
is multiplied with each unique firewall placed in an environment. When there
are multiple firewalls and there are insufficient or insufficient staff to
maintain them, serious security issues can be overlooked, resulting in the loss
or compromise of critical data.
No firewall audit
Firewall auditing, where a company routinely checks and audits its
firewall rules, is often neglected. One of the benefits of entering into a
contract with an MSSP is that most providers will regularly perform firewall
audits as a core part of their core services.
A SecurityMetrics auditor reported that in one case, no IT
administrative staff from a healthcare organization had been logged in to
examine the firewall configuration for two years. The auditor discovered a VPN
connection connecting the firewall to the former IT employee's home network.
This organization was unable to manage its firewall, and as a result, sensitive
data on its network was greatly threatened.
Not understanding how firewalls work
There are firewall management concepts that not all IT staff are
familiar with. The area between the external network and the internal network
(known as the "Demilitarized Zone" or DMZ) must be secure. An audit
found that some firewall ports / services were left open on each side of the
DMZ, leaving the network exposed and vulnerable to external malicious activity,
and the company did not initially see this as a problem.
Inexperience and lack of supervision.
IT staff is often supposed to just "make things work." There
is tremendous pressure to maintain operating systems for daily business
operations. This pressure sometimes leads to reckless or risky setups, as in
the case of a merchant where, whenever there was a problem with the firewall,
an IT employee simply applied the any / any rule while diagnosing the source of
the problem. This made the merchant's network extremely vulnerable. And there
is always the additional risk of not disabling / deleting this rule after the
testing process is complete.
Convenience and access vs. security
One experience left a security analyst astonished when, after 4 years of
auditing a lifetime customer, they realized that after reviewing and approving
the hundreds of firewall rules, the customer simply changed the rules after the
departure of the security analyst to facilitate access to company executives.
Firewall not compatible with PCI DSS
Even if a company uses an MSSP for a managed firewall, the MSSP may not
be compatible with PCI DSS. In this case, the company would be considered
non-compliant. Be sure to find a service provider that is PCI compliant and can
provide you with a Certificate of Conformity (AOC) in the testing process.
Firewall security vulnerabilities are the rule
Our security analysts' experience in the field shows that firewall
configuration errors and security breaches are the rule, not the exception.
Many infractions in large restaurants and stores are due to poor firewall
settings that allow external traffic.
If a company is determined to manage its own firewall or other security devices,
it is essential that these companies have a solid understanding of how to
implement, manage and maintain these devices, both conceptually and
practically. It is even better if they consult an experienced and duly
certified provider to help them manage their firewall. You'd be amazed at how
often another pair of trained eyes will notice a potentially serious
vulnerability that would otherwise go undetected.
SecurityMetrics Pulse SOC / SIEM
SecurityMetrics Pulse is a SOC / SIEM product that provides visibility
in invisible areas of your wide area network. Pulse discovers threats to a
company's locations so you can take action against them and stop a data breach
before it occurs.
Pulse firewall security
To effectively protect your organization's locations, you need a
well-managed firewall. With Pulse Firewall Security, you'll receive an alert as
soon as potential threats are identified so you can stay secure on all your
sites, protect your organization's data, and meet compliance requirements.
Pulse's firewall includes:
- Managed
security, not just visibility, for your wide area network
- World-class
firewalls and internal vulnerability scanning technologies
- Managed
firewall service to ensure that firewalls are installed and working
properly
No comments:
Post a Comment