by Tim Woods, VP of Customer Technology, FireMon
This week's partner post by FireMon provides helpful best practices on migrating from first-gen firewalls to next-gen firewalls, and keeping up-to-date on ever changing technologies during this transition.
The threat landscape is constantly evolving and growing. I know, I know; you’ve heard it before. But are you doing anything about it? Trust me when I say it’s real, and no one is immune.
The changes to the threat environment must be met head-on with a determination to evolve with it or move ahead of it. However, many security infrastructures today are in need of a renovation as their key security components reach end-of-life.
No doubt anyone looking to refresh their security infrastructure is also exploring consolidation and the added functionality a next-generation firewall deployment could deliver. But migrating from first-gen to next-gen doesn’t happen overnight. It requires a concerted effort that includes the right mix of people, process and, of course, technology.
Keys to a Successful NGFW Migration
First, we must form the right team and identify the processes that will get us through the migration. Leverage the experience and expertise of those who are most knowledgeable on the current legacy platforms and policies. Secondly, it’s paramount to have trained knowledgeable people on the target NGFW platform and establish the desired policy outcomes.
A Proven Process
It takes a well-defined, prescriptive process to untangle the complexity you undoubtedly have on your legacy firewalls. Once we migrate and achieve a more desired state, we want to keep it clean and forward managed.
Steps to Success:
Step 1: Remove technical mistakes from the legacy platform. This includes hidden, shadowed, redundant and overlapping rules. Essentially, identify the low hanging fruit and remove those things we absolutely know serve no purpose.
Step 2: Remove unused access. Analyze your policies for rule and object usage and clear out anything that’s justifiably not getting hit.
Step 3: Review rules, refine access and organize. Following Steps 1 & 2, it’s time to seek out and refine overly permissive access, police the use of “ANY,” assign an owner and document the justification.
Step 4: Continuously monitor your policy. Once policies have been optimized and migrated to the new platform, continue to monitor, audit, enforce and report on them.
The Right Technology
With a highly knowledgeable staff that can dedicate extended cycles to the above recommended steps, much of what is described should be achievable. However, technology does exist from the native firewall vendors as well as third party security management companies. This technology can significantly accelerate the entire process. By leveraging the experience and continued advancements from both, greater accuracy can be assured, and a timelier return on resource investments should be realized to achieve the desired results.
Security automation technology will easily allow you to identify technical mistakes, unused rules, unused objects, and too broadly defined access. You can gain actionable, real-time data to establish a consistent cadence for documenting and tracking all current and future access of a now streamlined ruleset. Being able to capitalize on the promise of NGFW technology is not nearly as far away as you might have once thought. The benefits of a security automation solution carry on long after a successful migration to the NGFW world. By including it as part of your security arsenal to combat the growing threat landscape you will undoubtedly increase efficiency, maintain compliance and greatly reduce unnecessary mistakes – which in turn can significantly reduce risk.
In the world of security, we all realize there are no silver bullets, but it’s no longer an option to take an inactive stance on establishing a better security posture for our organizations.