I hate the title of this, but I actually liked some of the points here. I got this from my friends at Tufin. Give me some feedback to let me know how much of this applies to your enterprise firewall management routine.
10. His firewall rulebase has become bloated and likely contains undetected errors–exposing his organization to risk.
9. Monday’s firewall changes didn’t work when the policy pushed on Saturday because another’s changes offset his.
8. Last month he accidentally cut off access to a mission critical application when making a change.
7. His manager wants to know if they are still in compliance with their security policy.
6. He doesn’t know if the 50 web servers in that group are still active? Or for that matter how many duplicate objects are out there.
5. A user is requesting a change for a new rule, but he can’t tell if that traffic is already allowed… “I’ll just make the change and deal with it later!”.
4. He’s concerned what problems would show up in a Best Practices audit.
3. It’s after six o’clock and his manager wants to know where his Rule Usage reports are!
2. And now they want quarterly PCI Audit Reports too!
1. We’ve been lax for too long with all of these permissive rules (rules with “ANY”)?
