SOURCE: Skybox Security

Skybox Security

March 16, 2011 07:00 ET

Skybox Security Announces Findings in Firewall Management Survey

Enterprises Struggle With Manual Firewall Analysis in Large, Multi-Vendor Environments

SAN JOSE, CA--(Marketwire - March 16, 2011) - Skybox Security, the leader in proactive security risk management, today announced the results of a survey it conducted during the recent RSA security conference. Polling more than 50 attendees, the company uncovered surprising information about the prevalence of next-generation firewalls, and the huge percentage of large organizations that do manual firewall management.

"It's scary how many large organizations we audit that use a manual system [to manage firewalls]. It's scary." This comment, from a PCI Compliance Auditor, underscores the fact that many organizations fail to use automated tools for firewall management. As the number of firewalls continues to grow, and as many organizations utilize multiple firewall vendors to satisfy their requirements, the use of automated tools becomes an absolute necessity. In the survey by Skybox Security, 42% of respondents had more than 100 firewalls to manage, and 67% admitted that they have firewalls from multiple vendors. In fact, 54% said their firm employs more than 5 full-time people in day-to-day firewall management and security. However, only 21% of the firms use any automated firewall management products at all.

The risks involved in manual firewall management are many, and significant. Firewalls are an organization's first line of network defense. In order to keep them configured properly for maximum security, and in compliance with policy, regular firewall audits are required. When audits must be done across dozens or hundreds of firewalls, the task is extremely time-consuming and the potential for mistakes is high. Products such as Skybox Firewall Assurance automate the task of collecting, correlating, and analyzing firewall data, while boosting firewall security and compliance.

Another important issue raised by the survey involves the rapid adoption of next-generation firewalls, coupled with concern about security and management issues. Fifteen percent of survey respondents indicated they have already deployed next-gen firewalls, and another 27% plan to deploy within the next 12 months. Yet adoption brings a new set of concerns. Almost 20% of respondents voiced concern over how to convert existing policies or establish new policies that take into account the finer granularity of control provided by the firewalls.

The time required to define next-gen firewall rules at the user and application level is a big issue for more than 20% of survey-takers. Another common theme is the time and effort it takes to do basic firewall analysis: 25% of respondents raised this as a major concern. The prevalence of multiple types of firewalls from multiple vendors only exacerbates the problem, as was expressed by 18% of respondents.

"The biggest challenge I'm facing today is having to do more with the same tools around administration, maintenance, and logging, and then finding the time to do the checks," said a senior manager of network and delivery services at a financial institution.

Skybox support for Palo Alto Networks next-generation firewalls, contained in the next release of Skybox Firewall Assurance scheduled for April, will enable customers to automatically and consistently audit and manage firewall infrastructures that contain next-generation Palo Alto Networks firewalls. Customers will be able to create security policies that contain granular user and application information, check firewall rulesets against these policies, track changes, and check platform configurations through Skybox Firewall Assurance.

The Skybox Security Enterprise portfolio includes:

  • Skybox Firewall Assurance (Firewall Assessment, PCI Compliance, Change Management, Firewall Ruleset Optimization)
  • Skybox Network Assurance (Network Modeling, Access Compliance, Connectivity Troubleshooting)
  • Skybox Risk Control (Attack Modeling, Risk Assessment, Vulnerability Management, Patch Optimization)
  • Skybox Change Manager and Skybox Threat Manager (Optional security workflow solutions to manage firewall changes and threat response)

About Skybox Security, Inc.

Skybox Security, Inc. is the leader in proactive security risk management solutions, helping IT managers predict critical risks and take action to prevent data breaches, cyber attacks, and policy compliance violations. Our solutions automatically examine comprehensive network security and cyber threat data -- delivering extensive intelligence in minutes. Medium to large organizations in Financial Services, Utilities, Telecommunications, Retail, Government and Defense rely on Skybox Security solutions to continuously reduce risks and maintain compliance. For more information visit:

NOTE: Skybox® Security is a registered trademark of Skybox Security Inc. All other registered and unregistered trademarks herein are the sole property of their respective owners. Product specifications subject to change at any time without prior notice. © 2011 Skybox Security, Inc. All rights reserved.

Contact Information

  • PR Contacts:
    Skybox Security, Inc.
    Michelle Johnson Cobb
    +1 (408) 441-8060 x701
    Email Contact