Having built/audited/sanitized/migrated thousands of Firewall policies collectively here at IOvations, one thing is certain. There is no shortage of unused rules that leave gaping holes in one’s corporate security posture. With all the attention Zero Trust Architecture (ZTA) is getting, a Firewall policy audit to find these unused rules and objects is a place you can start.
There are many reasons for these unused rules and objects but typically it’s because environments change and evolve (Datacenter to Cloud migration, expansion, segmentation, consolidation etc.) or in some cases, staff turnover/outsourcing. Having an outsourced staff sometimes takes the easier path when it comes to policy creation and will use less specific objects and rules that may leave gaps that leave you vulnerable. A common example is when a server is provisioned; often times a request is put in play so that rules can be added and more often than not, the rule remains which introduces vulnerability. Another example is when a server is decommissioned; it is important to build into your policy change process the decommissioning of those rules. Threat actors are looking for small cracks to exploit wide and deep into your environment.
Recently we have seen the impact of “rule creep” in multi-vendor environments. Operational efficacy is a challenge when it comes to your policy and even though it is not convenient, we challenge our clients to stay on top of the rules and eliminate rules that are no longer serving a purpose. In some of the audits that we have performed we have identified thousands of rules that have not been hit in over a year! Gaps like this can lead to large exploits. Security health checks and policy audits are imperative; here at IOvations we can do this to accelerate the efficacy and overall health of your cybersecurity policy.