Forgotten Security Policies, Bloated Firewall Rules and the Enterprise

September 4th, 2015 by Haseeb Budhani

The most exciting part of my job is speaking to individuals who are at the forefront of securing complex networks belonging to the more well-known brands in the world. I caught up with one such individual this morning and we had a great conversation around managing firewall rules and other security policies.

This particular individual took over a new role recently and one of the projects he prioritized is figuring out exactly who has access to his company’s network and why. Here are some details on this project:

  • Number of engineers assigned to project: 1 (full-time)
  • Time set aside for project: 3-4 weeks
  • Planned activities:
    • Dig into all firewall rules to determine external exposure.
    • Dig into VPN profiles to determine if any group of users has more access than is necessary for them to conduct their business.

Two key findings from this exercise were:

  • Some contractors have more access inside the network via the user VPN than they should.
  • Some vendors have site-to-site connectivity in place between their network and the company’s data center, even though they don’t really need network access.

If you are surprised by the findings above, you are in the minority.

As IT leaders running large networks will tell you, firewall rules and VPN profiles tend to grow exponentially over time and no one really remembers why Jim with Partner-X was given access to the production subnet 4 years ago.

So do these companies need a firewall rule management solution? Not particularly, since such a solution will cover up the problem for a short amount of time but won’t really solve the underlying issue.

Is there a better way? Absolutely.

We believe that no user really needs network access. What they need is application access.

So how can IT/Security grant users application access while protecting their network from unwanted network access? And how do they apply the same solution to their data centers, to their hosted environments, and to their virtual private cloud (VPC) environments in public clouds such as AWS?

Soha Cloud is a solution that can address access related enterprise security needs. Soha Cloud AirGAPs enterprise applications from the Internet, delivers a better security model than what traditional security solutions provide, and enables secure access for sanctioned users from any device.

We deliver, in the form of an easy to consume service, the functionality typically cobbled together using VPNs, ADCs, monitoring tool and an army of engineers. And we do this without requiring any changes to your applications, to your perimeter or infrastructure, or to the end user’s device. Our solution does not give users access to the network – only to applications – while nullifying the network attack surface exposed by traditional infrastructure.

If you and your team have ever wondered what you could do to reduce firewall rule bloat, Soha Cloud can enable you to LOCK DOWN YOUR FIREWALL ENTIRELY. Zero inbound ports open. Period. Doesn’t that sound like a radically better way to secure enterprise networks?

Questions? Comments? Please feel free to get in touch.