Table of Contents
In this article, I am going to cover the challenges organizations face when auditing their security environment, the challenges they face with audits, and the best practices for finding vulnerabilities and fixing them with a Firewall Healthcheck.
Organizations are Spending More on IT Security
In 2019, spending for IT security – according to research from Gartner – increased by 8.7% from that of 2018 versus a general IT spend increase of only 3.4%. The expectation was certainly that the trend would continue and spending in 2020 would increase by at least as much; of course, that prediction was made in the halcyon days before the Coronavirus pandemic. As you may expect, spending on IT security has decreased as a result; instead, the current IT security spending projection is only a 2.4% increase or 1% less than that of the general IT increase from last year – before the world went mad. The need to invest in security slowed though it may be right now, is obviously not going anywhere.
Information Security & Risk Management Spending by Segment, 2020-2021 (Millions of U.S. Dollars)
Market Segment | 2020 | 2021 | Growth (%) |
---|---|---|---|
Application Security | 3,333 | 3,738 | 12.2 |
Cloud Security | 595 | 841 | 41.2 |
Data Security | 2,981 | 3,505 | 17.5 |
Identity Access Management | 12,036 | 13,917 | 15.6 |
Infrastructure Protection | 20,462 | 23,903 | 16.8 |
Integrated Risk Management | 4,859 | 5,473 | 12.6 |
Network Security Equipment | 15,626 | 17,020 | 8.9 |
Other Information Security Software | 2,306 | 2,527 | 9.6 |
Security Services | 65,070 | 72,497 | 11.4 |
Consumer Security Software | 6,507 | 6,990 | 7.4 |
TOTAL | 33,776 | 150,409 | 12.4 |
It Departments Are Wasting Money on Their IT Infrastructure
A Better Way to Secure Your Environment Without Overspending
For example:
- Is the firewall under support?
- Is it running a current OEM suggested version of firmware?
- Is it application aware and, if it is, are the rules built out to control traffic based on applications instead of ports?
- What percent of traffic being processed is encrypted and is any of it being decrypted?
- How do administrators authenticate and are their changes being logged and audited?
- Are proper cryptography standards being applied where in use, such as in VPN connections and for administrator access to the system?
- Is High Availability (HA) properly configured?
- Are there features that are included or have been purchased but aren’t being used?
Above is a short list of check points, but you get the idea.
Conclusion: Using the Healthcheck Results to Improve Your Security Posture
Once we’ve completed the evaluation, it’s time to sit down and build our report. Once again, the goal here is to provide actionable data, not just a laundry list of findings. So, while we list everything we’ve discovered in the report, the real focus is on what we believe should be the priorities.