I’ve just come back from a seminar organised by an IT security integrator which was held right next door to a lingerie exhibition. Ours was quite full, but theirs had people queuing out the door to get in. I was amazed at the number of men that had registered for the sessions, and I have to admit that the folks giving the demos were certainly more pleasing to the eye than the bunch of IT chaps that I had to sit and listen to! IT security used to be ‘sexy’. What’s happened? Calum Macleod, Regional Manager, Tufin Technologies, wonders…
So we’re into a presentation and demo of automatic policy generation for firewalls and I’m thinking ‘I wish I was next door’ but then I’m slowly being seduced by what I’m seeing. Maybe it’s an age thing but I found myself thinking less about the demos next door and started to be drawn into a description about how the firewall administrator was able in a few minutes to carry out forensics on their firewalls. I was getting excited about this, rather than dreaming about the lingerie exhibition next door. What has happened to me in my middle years?
Suddenly instead of spending weeks or months pouring over firewall logs to find out what was going on he was talking about how they could spot unknown mail servers in the organisation, outbound access through non-standard ports, who was accessing which HTTPS and HTTP servers on the internet, and even access to non-corporate mail servers!
Firewall policy management is normally an organisational nightmare. Imagine that an organisation with ten to fifteen firewalls could spend anything up to six months trying to get to the bottom of what is going on and even then I am reliably informed by an organisation that they tried for six months and hired expensive firewall specialists to do it, only to end up with very poor results.
Now imagine achieving the same results in a matter of minutes. So how do they do it? Well apparently it is something called ‘Permissive Rule Analysis’ technology. This breaks down very general rules until they accurately and exclusively represent the actual traffic. Now I can’t see it being plastered on billboards to keep bored male commuters smiling on the way home, and you’re not going to buy it for your favourite lady as a Christmas present but it definitely got my pulse rushing.
Now automatic firewall policy generation doesn’t look like a ‘sexy’ part of IT. It’s not like you have this amazing GUI, or some brightly coloured box that you can stick in your IT rack and invite your management to come and gaze fondly at their latest expensive gadget. This, like so many other great developments in IT security, is amazing because of what it does in the background. At the seminar the question was asked, ‘Why would you consider not changing your firewall vendor?’ and the universal response was ‘We can’t convert our rule bases’.
As every security professional knows, installing a firewall is easier said than done. Creating an accurate firewall policy requires administrators to painstakingly go through a tedious, labour intensive and inefficient log inspection process to try to identify legitimate business traffic and then create a rule set that will meet both security and business objectives. Given the complexity of network traffic today, this approach is never complete, and the only other alternative is deployment of an overly permissive, and ultimately ineffective, firewall policy that doesn’t actually do anything useful.
Well folks, ‘Permissive Rule Analysis’ technology has just broken down one of the biggest barriers for users who want to change, and provides auditors and security officers with the ability to quickly and accurately analyse who is doing what. Suddenly the employee who spends all day browsing Web sites is exposed; the contractor who is sending e-mails to an unknown e-mail server is identified. Every breach of policy relating to inbound/outbound traffic is identified. Administrators can remove Any/All parameters from rules and ensure that only essential services and destinations are accessible.
You know what. IT security is still ‘sexy’, although it still has some way to go to compete with next door’s ‘GUI’.