- Most companies fail to comply with high severity, claims the report
- Many fall short at critical levels, putting them at risk
- Baded Firewalls could lead to inactivity time and cyber attacks
Firewalls are a basic element of corporate cybersecurity and, together with the authentication of multiple factors (MFA) and final point protection solutions, essential in each safety technology stack.
However, how many companies do a poorly configured firewall run that is brought on the road instead of helping?
A new Firemon report found that 60% of business firewalls fail in high severity compliance controls “immediately after evaluation”, with another third (34%) “failing short at critical levels.”
How to stay safe?
For researchers, this is a sign of deepest governance problems that could result in audit failures, operating inactivity time or greater exposure to threats.
The problems are not contained for a single environment (in the cloud and hybrid, all suffer from the same problems: erroneous configurations, obsolete rules and swollen policies, which leads to reduced performance, compliance risks and more.
Firemon discovered that 95% of application objects and 82% of service objects show zero use, which means that they are unnecessary and are only expanding the attack surface.
A third (30%) of the Firewall rules is not used completely, with 62.6% that lacks any owner or documentation, which leads to audit gaps and operating blind spots.
Finally, more than 10% of the rules are redundant or shaded, reducing performance and hiding dangerous erroneous configurations.
“The complexity of the Firewall is not just a configuration problem, it is a threat to resilience and trust,” said Jody Brazil, CEO and founder of Firemon. “Security teams are buried under the policies that cannot be explained, assign to commercial objectives or administer on a scale.
