Gartner Blog Network


Making Sense Out of Chaos: Network Security Policy Management

by Adam Hils  |  December 23, 2015  |  Comments Off on Making Sense Out of Chaos: Network Security Policy Management

If you’re a network security operations leader (as many of our clients are}, chances are you’re afflicted with some of the following security policy-related issues:

  • “I can’t tell if my firewall rules are optimized, and I want to find out they’re not before my auditor does.”
  • “How can I detect shadowed and redundant firewall rules in my bloated 10,000 rule set?”
  • “How can I audit ACL or rule usage, while also auditing unauthorized port usage?”
  • “Can I perform automated compliance validation to put my mind at ease before my audit?”
  • I have 3 firewall platforms and need to migrate to one which uses application-based rules. How do I accomplish this without dedicating 2 FTE’s for 3 weeks?
  • “How do I accomplish easier configuration and change management?”
  • “Applications are the lifeblood of my company – I need application discovery and  connectivity management as I make network security policy changes.”
  • “It would be really cool to have risk simulation or attack vector modeling capabilities.”
  • ” What can I use to visualize my network topology so that I can see the effect of potential policy changes?”
  • “I’m not ready for this today, but to any vendors today offer the promise of automated rule provisioning?”

Because Gartner receives a steady diet of such questions, Rajpreet Kaur and I recently published a Technology Overview entitled “Network Security Policy Management Solutions Have Evolved” (available to Gartner clients). In the note we define the technology, describe use cases and functions, and outline benefits and risk. We list technology alternatives and name a list of representative providers.

If any of the issues ring uncomfortable bells, check out the research note.

 

Category: compliance  firewall-policy  information-security  network-security  nspm  security  

Tags: firewall-rules  network-security  ngfw  sdn  

Adam Hils
Research Director
9 years at Gartner
22 years IT Industry

Adam Hils is a Research Director with Gartner Research. He covers network security, including intrusion prevention systems (IPS), enterprise firewalls and UTMs. In addition, Mr. Hils provides advice to budget-constrained midsize enterprises about prioritizing security investments. Read Full Bio




Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.