Tuesday 24 November 2020

What is a Managed Firewall?

 Qualified managed security service providers (MSSPs) often provide a "managed firewall service" as a solution for operating, managing, monitoring, and maintaining the firewall. The MSSP will help you establish, maintain, and modify firewall rules, monitor your network, and provide feedback, reports, and analysis.


Depending on the scope of the service agreement, the MSSP can perform firewall installation, application control, and web content filtering, as they help determine which applications and web content (URLS) to block. . They will also help manage patches and updates.


Do you need a managed firewall?


Firewalls are essential to protect network traffic, including the flow of confidential data. They are required to comply with mandates such as PCI DSS, HIPAA and GDPR. Businesses that do not have the human resources available to manage their firewalls or other security devices can fill data security gaps and better prevent data breaches by using a managed firewall service. Most of the companies our auditors work with employ in-house IT staff to manage their firewalls, but many also choose to use a reputable managed firewall service to better focus on their core business objectives.


Complete firewall management requires a high level of experience and constant vigilance. Firewalls are not point-and-click or configure-and-forget technology. The purchase and initial configuration of a firewall suitable for a given environment is only the beginning.


Whether for compliance or data security only, a managed firewall service can add significant security to a network.


Common firewall management mistakes


Our security analysts often face serious security risks in the field related to proper firewall configuration and management. These are some of the problems:


Multiple firewalls


A single firewall requires regular maintenance and daily monitoring - you should review rule sets, firmware fixes, and configuration updates; This work is multiplied with each unique firewall placed in an environment. When there are multiple firewalls and there are insufficient or insufficient staff to maintain them, serious security issues can be overlooked, resulting in the loss or compromise of critical data.


No firewall audit


Firewall auditing, where a company routinely checks and audits its firewall rules, is often neglected. One of the benefits of entering into a contract with an MSSP is that most providers will regularly perform firewall audits as a core part of their core services.


A SecurityMetrics auditor reported that in one case, no IT administrative staff from a healthcare organization had been logged in to examine the firewall configuration for two years. The auditor discovered a VPN connection connecting the firewall to the former IT employee's home network. This organization was unable to manage its firewall, and as a result, sensitive data on its network was greatly threatened.


Not understanding how firewalls work


There are firewall management concepts that not all IT staff are familiar with. The area between the external network and the internal network (known as the "Demilitarized Zone" or DMZ) must be secure. An audit found that some firewall ports / services were left open on each side of the DMZ, leaving the network exposed and vulnerable to external malicious activity, and the company did not initially see this as a problem.


Inexperience and lack of supervision.


IT staff is often supposed to just "make things work." There is tremendous pressure to maintain operating systems for daily business operations. This pressure sometimes leads to reckless or risky setups, as in the case of a merchant where, whenever there was a problem with the firewall, an IT employee simply applied the any / any rule while diagnosing the source of the problem. This made the merchant's network extremely vulnerable. And there is always the additional risk of not disabling / deleting this rule after the testing process is complete.


Convenience and access vs. security


One experience left a security analyst astonished when, after 4 years of auditing a lifetime customer, they realized that after reviewing and approving the hundreds of firewall rules, the customer simply changed the rules after the departure of the security analyst to facilitate access to company executives.





Firewall not compatible with PCI DSS


Even if a company uses an MSSP for a managed firewall, the MSSP may not be compatible with PCI DSS. In this case, the company would be considered non-compliant. Be sure to find a service provider that is PCI compliant and can provide you with a Certificate of Conformity (AOC) in the testing process.


Firewall security vulnerabilities are the rule


Our security analysts' experience in the field shows that firewall configuration errors and security breaches are the rule, not the exception. Many infractions in large restaurants and stores are due to poor firewall settings that allow external traffic.


If a company is determined to manage its own firewall or other security devices, it is essential that these companies have a solid understanding of how to implement, manage and maintain these devices, both conceptually and practically. It is even better if they consult an experienced and duly certified provider to help them manage their firewall. You'd be amazed at how often another pair of trained eyes will notice a potentially serious vulnerability that would otherwise go undetected.


SecurityMetrics Pulse SOC / SIEM


SecurityMetrics Pulse is a SOC / SIEM product that provides visibility in invisible areas of your wide area network. Pulse discovers threats to a company's locations so you can take action against them and stop a data breach before it occurs.


Pulse firewall security


To effectively protect your organization's locations, you need a well-managed firewall. With Pulse Firewall Security, you'll receive an alert as soon as potential threats are identified so you can stay secure on all your sites, protect your organization's data, and meet compliance requirements.


Pulse's firewall includes:


  • Managed security, not just visibility, for your wide area network

  • World-class firewalls and internal vulnerability scanning technologies

  • Managed firewall service to ensure that firewalls are installed and working properly


No comments:

Post a Comment