Even with a firewall in place, nearly a quarter of IT managers don’t know what’s going on with 70% of their network traffic.
That’s one of several key takeaways from a new survey, sponsored by Sophos, that asked IT managers in mid-sized organizations across the globe about how their firewall technology is working for them.
The survey covered IT managers from countries including the US, Canada, France, Germany, UK, Japan, India, South Africa and Australia. Respondents were from organizations ranging in size from 100 to 5,000 employees, in industries spanning several verticals, including technology, retail, manufacturing, professional services, utilities, education, and healthcare.
The survey responses reveal several “dirty secrets” of how traditional firewalls aren’t living up to their old promises, and how they fail to deliver the kind of visibility or responsiveness that organizations need to defend against modern threats.
Of course, visibility is a key component to security, as you can’t control what you can’t monitor. So if a protective measure, such as a firewall, isn’t aiding in providing that network traffic visibility, IT managers find themselves hindered in monitoring and controlling threats, and lagging in mitigation and remediation response times.
When there’s an active threat on the network, lost time means more time for malicious actors or rogue apps to cause damage. Survey respondents said on average each infected computer on their network takes 3.3 hours to identify, isolate, and remediate, so that real cost in time and resources adds up very quickly.
More key findings: IT managers report that, on average, 45% of their network traffic is unidentifiable and uncontrollable. And some industries have more challenges gaining visibility into their network traffic than others – healthcare industry respondents cite 67% of their traffic on average is unidentifiable, for example.
This lack of visibility is understandably a concern for anyone responsible for keeping an organization and its data secure, as you can’t stop unauthorized apps that you don’t know are running. You also can’t confidently answer questions about regulatory compliance or even productivity if illegal or inappropriate applications or content exists quietly on your network, undetected.
No doubt that’s why 85% of survey respondents cited a lack of application visibility as a serious security concern for their organization.
Does this sound familiar? Is your firewall just a checked box in your network inventory? Does it give you real visibility and control into what’s really happening on your network?
See how you compare – read the full results of the survey online: The Dirty Secrets of Network Firewalls.
10 comments on “Traditional firewalls fall short in protecting organizations, says survey”
Traffic identification gets even more difficult with the advent of HTTPS everything. Current traffic identification traditionally relies on the DNS leakge of the traffic and then flal back to the direct ip address. With the growing amount of PV6 traffic falling back to the IP address is going to become even more problematic with a typical end network assignment of nearly a trillion addresses. With encrypted DNS becoming more popular as well the ability to identify traffic without HTTPS interception is going to become nearly unusable. HTTPS interception brings its own set of issues. I think the worldwide rush to HTTPS everywhere is more security paranoia then actual security benefit. Unfortunately this is the reality we are faced with today with no easy answers.
I notice you don’t mention privacy. How much privacy are employees entitled to? If visibility means watching what users are doing, doesn’t that affect their privacy?
what makes you think you have the right to privacy when using someone elses computer system?
You leave some of your privacy rights at the door when you’re using an employer’s network and assets. I believe there was a recent court decision that upheld employees have a certain level of privacy on phone calls, but I can tell you as someone who is charged with reviewing logs, your privacy isn’t intact when you conduct personal business at work. I always tell co-workers: if you don’t want us looking at your activity, do your personal business on your personal equipment and time.
When you are on a company device, usually when you hit Ctrl-Alt-Del to log in, above the OK button (before you get to the log in) – is a company notice about access/privacy/responsibility/laws/termination.
If it’s not there, you might not have a IT department.
I think you’ll find that most employees have signed away their right to their privacy in their employment contract. You’ll rarely find a job that doesn’t have a monitoring clause when you sign up. So, in many places, the privacy entitlement is none at all.
From the linked report: “Two-thirds of healthcare organizations have custom applications that
their firewall can’t identify, and therefore they cannot control”
That’s insane… I’m feeling really good about our infrastructure. If we did as bad as the average on that report, I would feel like a total failure and leave IT or the company. Our infections are less than 1 per month, we have web filtering with DLP, excellent FW rule management, Email management/filtering but most of all – good training for users. I worked at Dell several years ago, 700+ user site, 1-4 infections per week, people didn’t respect that place so risky security habits were normal.
Custom apps are pretty easy to track down, if you take the time to do it. Or you can do it the old fashion way, block it and see who cry’s first. Then you can get a detailed explanation of the app and who is running it. 🙂
Even when you are able to monitor a lot of the traffic, it can be hard to work out what it is. For example I am using a Synology 2600 router with the intrusion detection package installed for a SoHo network. It has shown some interesting things, but many are hard to identify just what is going on. The Tor traffic is in fact for Prey, tracking a laptop, but why a Japanese web site is trying to contact something, I haven’t been able to figure. Some traffic I have been able to correlate with Smart TVs. Still it is illuminating to see what is trying to get in.
I’m sorry, but the ‘network’ firewalls’ major purpose is network segmentation or access control. Yes, you have anti-virus & malware controls bolted on, where some vendors perform better than others, however, expecting the firewall to catch the advanced or zero-day anti-virus or malware payload is wishful thinking.
You need layered controls, sandboxing, behavioral analysis, data intelligence, ransomware protection etc etc. The list goes on & on if you even think about the various kind of threats out there.
Now how many of these organizations have the resources, manpower & funds to deploy & manage all these solutions?
You need better protection, be prepared to shell out more money. You can’t just deploy one appliance on your perimeter, call it a day & pray for protection.
I applaud your research & volume of responses from the world over, however, you don’t mention any solutions, without which, the discussion seems a bit incomplete, like a one sided story.