By Joshua Williams, Senior Cloud and Automations Solutions Engineer, FireMon
The collective security community is spending too time much worrying about vulnerabilities. They need to shift some of those resources and take a good hard look at misconfigurations, especially in the cloud. According to Gartner, through the year 2023, 99 percent of all firewall breaches will be caused by misconfigurations, not flaws.
What’s more, data sources such as the Identity Theft Resource Center suggest that there were approximately 1,244 reported data breaches in 2018 in the United States and more than 30 percent (377 total) were directly attributed to unauthorized access.
Misconfigurations Continue to Result from Human Error
Misconfigurations, aka human error, almost always occur during the change process, when new rules are added, modified or deleted. This often happens manually, and the misconfigurations leave an organization’s network vulnerable to a data breach. In fact, many data breaches today are the result of this user error. This typically occurs when a system operator has misconfigured a platform or server. When this happens, a malicious actor can gain unauthorized access and an organization is now at risk.
Firewall and cloud misconfigurations come in all shapes and sizes and no business is immune to their threats. Misconfigurations can include overly permissive access, incorrect access, open ports to known vulnerable hosts, rules that bypass the proxy, and access that violates internal or regulatory compliance standards.
Bottom line, a simple misconfiguration can open your server up to remote access by anyone with an internet connection, or allow data to be accessed, stolen and used for nefarious purposes. Misconfigurations can also significantly violate compliance rules and cause devastating service outages.
Just a few months ago, Imperva announced that a misconfiguration of an Amazon Web Services cloud-enabled hackers to access customer information using its Web Application Firewall product. In November, Texas Health Resources was breached from a misconfiguration error in its billing system, which impacted 82,000 patients.
Why Is This Happening
Misconfigurations are happening for a number of reasons. FireMon’s sixth annual “State of the Firewall” report found that there are several key reasons for the increase. First, the pace of business and digital transformation is simply happening faster than the ability to protect it. The Internet of Things and our quest to connect every aspect of our business to the internet to move data at lightning speed is outpacing the level of security needed to protect all the new access points.
Further, we are facing a widening gap in finding the right security talent. The lack of experienced and properly trained security professionals are driving increases in misconfigurations and the overall number of breaches annually.
Of course, we are also seeing more firewalls deployed on-premise and in the cloud and the number of rules associated with these firewalls also increases simultaneously. The legacy process of manually changing policies within a growing firewall environment is a recipe for further disaster and needs a process change.
The Right Level of Automation Can Remove Human Error and Protect Businesses
The automation of network rules, policies and configurations on-premise and off can greatly remove human error and protect businesses of all sizes from data breaches. It eliminates
guesswork and manual input, especially when rolling out error-prone, late-night changes across multiple vendors, platforms and data centers. When businesses automate their firewall policy change management processes, they can move valuable resources to higher priority security needs.
Overall, automation can increase operational efficiency, reduce security cost and increase compliance.
However, it’s important to note that automation isn’t something that you simply turn on.
Businesses need a solution that aligns security automation to meet them where they are in their digital transformation initiative. By mapping the current workflow and processes, automation can give customers the flexibility to automate at their own pace and confidence level.
Organizations should also implement automation that doesn’t add any new complexities or make their security operations more complex. The best automation allows customers to keep their hands on the wheel, and ultimately free up the resources of an already short-staffed team to enable speed, lower compliance risk and close the innovation gap.
As more and more businesses begin to automate their network security management processes, we will begin to see a decrease in misconfigurations and ultimately breaches caused by incorrect access and open ports.
About the Author
Joshua Williams is a Senior Cloud and Automations Solutions Engineer at FireMon. In this role, Josh helps enterprises navigate unique network security challenges and map requirements to meet their needs. Previously, Josh worked on the FireMon development team to integrate cloud platforms and on-premise devices into its award-winning platform. Before joining FireMon, Josh was an engineer for major stock exchange and a government agency where he led the implementation of automation practices across security and network devices. Josh also teaches as an adjunct professor of Computer Science at a community college in Kansas City. He can be reached on LinkedIn and the company website: www.firemon.com.