Blog post

Making Sense Out of Chaos: Network Security Policy Management

By Adam Hils | December 23, 2015 | 0 Comments

SecurityNSPMNetwork securityFirewall policyComplianceSecurity of Applications and Data

If you’re a network security operations leader (as many of our clients are}, chances are you’re afflicted with some of the following security policy-related issues:

  • “I can’t tell if my firewall rules are optimized, and I want to find out they’re not before my auditor does.”
  • “How can I detect shadowed and redundant firewall rules in my bloated 10,000 rule set?”
  • “How can I audit ACL or rule usage, while also auditing unauthorized port usage?”
  • “Can I perform automated compliance validation to put my mind at ease before my audit?”
  • I have 3 firewall platforms and need to migrate to one which uses application-based rules. How do I accomplish this without dedicating 2 FTE’s for 3 weeks?
  • “How do I accomplish easier configuration and change management?”
  • “Applications are the lifeblood of my company – I need application discovery and  connectivity management as I make network security policy changes.”
  • “It would be really cool to have risk simulation or attack vector modeling capabilities.”
  • ” What can I use to visualize my network topology so that I can see the effect of potential policy changes?”
  • “I’m not ready for this today, but to any vendors today offer the promise of automated rule provisioning?”

Because Gartner receives a steady diet of such questions, Rajpreet Kaur and I recently published a Technology Overview entitled “Network Security Policy Management Solutions Have Evolved” (available to Gartner clients). In the note we define the technology, describe use cases and functions, and outline benefits and risk. We list technology alternatives and name a list of representative providers.

If any of the issues ring uncomfortable bells, check out the research note.


The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed