93.6 Percent of All
Firewall Change Requests are Application-related;70% of Respondents
Report Application Service Disruptions up to 20 Times Per Year Due
to Configuration Changes
RSA Conference 2013, San Francisco, CA- February 26, 2013- Tufin
Technologies, the market-leading provider of Security Policy Management
solutions, today announced the results
of its annual Firewall Management Survey. 200 network security
professionals reported that 93.6 percent of all firewall change
requests are application-related, validating that the function of
firewalls has evolved to include secure application connectivity,
in addition to their traditional role of perimeter security. Tufin
has addressed this shift with the 2012 launch of
SecureApp to the Tufin Security Suite (TSS), its award winning
Security Policy Management solution. In a separate
announcement, also issued today,
Tufin announced a new release of TSS, version R13-1.
"Shortly after launching SecureApp, we were approached by IT
leaders interested in learning how SecureApp could help improve
application uptime and availability," said Ruvi Kitov, CEO of
Tufin. "This year's survey results validate what our customers have
been saying: that firewall management plays an increasingly
significant role in maintaining availability and uptime, but the
basics need to be in place. Regular audits and efficient
change management processes are the cornerstone of effective
firewall management. The fact that many organizations audit
their firewalls only once a year and some never audit their
firewalls needs to change."
According to the respondents (200 IT experts from around the
globe), there is still plenty of room for improvement when it comes
to firewall management fundamentals:
- Almost half of respondents audit their firewalls only once a
year and 15% never audit their firewalls; 50% spend up to a week or
more per quarter on firewall audits.
- Almost 1/5 reported they knew of someone who cheated on an
audit because they either felt the audit was a waste of time
(39.3%) or they did not have enough time/resources (35.6%).
- Almost 1/5 of the sample has no idea how current their firewall
- 40% have no way to know when a rule needs to be expired or
- 30% never test configuration changes before they are
- Half of the sample has to redo more than 25% of all network
security changes because they do not meet design
While survey data indicates firewalls are becoming increasingly
relevant outside of their established function in security
operations, their role has expanded - not shifted. Clearly,
firewall management processes can have a significant impact on an
organization's risk posture:
- 62.4% either believe or are not sure if their change management
processes puts them at risk to be breached.
- 54.7% state their application connectivity management processes
could or might create unnecessary IT risk; about 1/3 make 100 or
more application related firewall changes per month.
- 41.5% of those sampled track application connectivity changes
via comments in the firewall rule base, almost 1/6 don't track
these changes at all.
- 46.9% report they might have or did have a breach due to an
application related rule change.
- 70% of respondents report application service disruptions up to
20 times per year due to configuration changes.
- 60% or respondents were asked to make a change against their
- 1/3 of respondents report that much of their security budgets
are spent on items that don't improve security; 1/3 had no idea how
well their security budgets were spent.
"The role firewalls play in managing application connectivity is
both a cause and effect of sweeping trends in enterprise IT;
understanding this enabled us to automate the right set of
organizational processes between the right set of stakeholders,"
said Mr. Kitov. "SecureApp customers, such as SIX Group, have
already reported dramatic improvements in application
connectivity-related change management processes. TSS R13-1
features additional automation that reduces the time spent by
organizations on firewall audits to a few hours per quarter. We
will continue to conduct this survey every year to ensure our
roadmap is aligned with our customers' shifting business
A PDF version of the report can be found here.