The State of Network Security 2012:
Attitudes and Opinions
Introduction
• The network environment continues to grow in
complexity as firewall policies expand over time and
as new technologies such as next-generation firewalls
are adopted.
• This survey analyzes network security risks and
operational challenges of managing network security
policies. Additionally, it gauges the effect of nextgeneration firewalls on IT’s workload.
2
Methodology
• This survey was conducted at RSA 2012.
• 182 respondents are deeply involved in their organization’s
IT function and have at least a moderate involvement in
network operations.
• 68 percent are Information Security professionals.
• 32 percent are Network Operations professionals.
• No AlgoSec employees, customers or partners are counted in the
results.
3
Key Findings
Network security processes need improvement.
• From reducing system outages to improving business
efficiency.
Next-generation firewalls address threats - at a cost.
• Improved security, but increased administrative workload.
Security is an inside job.
• Visibility of applications and networks, improving processes
and defending against insider threats all rank as key
concerns.
4
Network Security Challenges
• The majority (55.6%) of top challenges lie with
problematic internal processes.
"What is the greatest challenge when it comes to managing network security devices in your
organization?”
Tension between IT admin and
InfoSec teams, 9.4%
Error-prone processes cause risk,
10.0%
Time-consuming manual
processes, 30.0%
Preventing insider threats, 13.3%
Poor change management
processes, 15.6%
5
Lack of visibility into network
security policies, 21.7%
Out-of-Process Changes Cause Major Problems
• 77% of respondents noted that out-of-process
changes caused either a system outage, a data breach
an audit failure or more than one of these.
"In your organization, an out-of-process change has resulted in..."
60.0%
54.5%
50.0%
40.0%
30.0%
20.0%
25.8%
20.2%
23.0%
10.0%
0.0%
Data breach
6
System outage
Failing an audit
None of the above
Next-Generation Firewalls: Better Security…
• 84% of respondents
said NGFWs provided
them with better
security
"Do you feel more or less secure now
that you have deployed NGFWs?"
No: Increased
incidence of outof-process
changes, 4.0%
No: Increased
policy
management
introduces error
and risk, 12.0%
BUT…
Yes: We have
increased
visibility, 37.3%
7
Yes: We have
improved control,
46.7%
Next-Generation Firewalls: … at a Cost
• 76% of respondents
said that NGFWs
increased their
administrative burden
due to added policy
complexity
"Have next gen firewalls added more
work to your firewall management
processes?"
No: management
is centralized
23.9%
Yes: NGFW
policies managed
separately
40.8%
Yes: more info to
gather for audits
12.7%
Yes: additional
policies must be
managed
22.5%
8
Greatest Risk? More Management than Malice
• External attackers are
well down the list of
concerns…
"What is the greatest risk your
enterprise faces today?"
Out-of-process
changes causing
system outages,
11.2%
Lack of visibility
into applications
and/or networks,
28.7%
Poor change
management,
12.9%
• The greatest risks
noted are poor
internal security
management
processes and insider
threats
9
Financiallymotivated
hackers, 14.0%
Outsider threats,
19.6%
Political
"hacktivists",
5.6%
Insider threats,
27.5%
Key Recommendations
• Clearly define internal processes, ensure they are
communicated to all stakeholders and above all else,
make sure they are enforceable.
• Leverage automation to facilitate process improvement
and to improve business efficiency and agility.
• Look to implement NGFWs, but understand the impact
of policy decisions and plan accordingly to gain the
security benefits without the cost of higher
administrative burden.
10
Educational Resources
• Here are additional resources to help you further
research automating network security policy
optimization and change management:
• Webinar: 5 Strategies to Improve Firewall Management
• eBook: The Big Collection of Firewall Management Tips
• Video Testimonial: BT
• Free 30 Day Trial of AlgoSec Security Management Suite
11
Security Management. Made Smarter.
www.AlgoSec.com
Connect with AlgoSec on: