General9.07.2009

Firewall investment a waste of money

McAfee believes most are ineffective

Most organizations are receiving a poor return on their firewall investments, according to an IDC multimedia white paper sponsored by McAfee.

The a study concludes that an increasing number of network attacks, combined with an increasing amount of firewall rule sets, contribute to the high cost of operating firewall architecture, as well as the lack of effectiveness against vulnerabilities.

“What’s apparent from the survey is that firewall management is a key challenge facing organizations today,” said Charles Kolodgy, research director at IDC. “The more rules included in the firewall, the harder it is to manage and less effective it can become. Firewall rules don’t make an organization more secure, but better rule management and improved firewall technology does.”

IDC surveyed 260 firewall managers and IT executives in United States and Europe, finding that many legacy firewalls depend on cumbersome technical rules that complicate an organization’s ability to audit and control compliance requirements.

Findings in the report include:

The average enterprise faces about 300 network attacks every year while 10 percent of the organizations experienced more than 1200 attacks per year.

Respondents indicated that losses from data breaches were equivalent to more than 75 percent of their costs for operating firewall architecture.

Firewall rules continue to grow to the point where firewall rule sets can number in the thousands or even tens of thousands. The larger the firewall rule set, the more complex rule management becomes.

Those who have large firewall rule sets admit that firewall rule management reduces business responsiveness.

Sign up to the MyBroadband newsletter