Cyber security threats are increasing each day. One of the main protection mechanisms against cyber threats is firewall. In corporate environments multi-vendor firewall usage is generally preferred and there are at least ten virtual or physical firewalls even in small to medium sized companies. For larger global enterprises it goes beyond ten thousand of firewalls. Any policy change in any environment may lead to application of this policy change on at least two different firewalls. Apart from that, with the increased cloud adoption and newly generated web applications, the number of access requests are increasing. Effective policy management can not be done easily. It becomes an operational cumbersome on network security teams, indeed it is not surprising that 50 to 80 percent of total effort goes to this firewall policy change activity. However, there are lots of things to do on firewalls and other security appliances like optimization, architectural improvements, new projects, etc. So, this results in both lack of personal technical development and employee turnover due to operational tasks. Another aspect of applying policy changes on firewalls is its potential risk of downtime on the network due to human error. With the arrivals of new employees due to leavings all the time, the risk is even increasing. This high turnover rate is also because of the lack of people in this area. Cyber security people are in demand, and it is also increasing, but there are not enough educated people in the world. This also brings both difficulty of finding an employee and higher costs due to comparatively higher payrolls.
In summary, due to:
- Complex and big firewall infrastructures,
- Labor intensive firewall policy change operations,
- Inability to spend time on advanced network security topics,
- Downtime risk because of human error,
- Higher employee need and turnover rate in cyber security
Policy change automation is inevitable.
Before policy change automation
Policy change operations play a key role in ensuring uninterrupted business operations while keeping cyber risk low. Allowing access to a new business application, revoking or changing an access right, blocking a potentially malicious traffic are some of the reasons why policy changes are applied. On the flip side, despite its critical importance for continuity and security, every policy change operation carries a down time risk. One of the most widely adopted method to avert this risk is to use “change windows” whereby in most of the cases daily, weekly and bi-weekly night works are planned. On the other hand, as the businesses go digital and global at the same time, using change windows is neither enough to keep up with the requirements nor fully serves the purpose. Effective policy management requires a combination of automated and manual activities combined together.