Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/8/2010
10:50 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Survey: 1 In 10 IT Pros Say They Cheated On An Audit

Almost one-third of IT professionals only audit their firewalls once every five years, according to Tufin Technologies

Ramat Gan, Israel, June 8, 2010 – Tufin Technologies, today announced the results of its annual InfoSecurity UK firewall management survey. According to the survey, conducted by Tufin Technologies, of 242 IT professionals mainly from organizations employing 1000 to 5000+ employees, 1 in 10 admitted that either they or a colleague have cheated to get an audit passed. However it isn’t all bad news; compared to a similar survey conducted in 2009 the number of people admitting to cheating has halved in number.

Among those who have cheated lack of time and resources are cited as the main reasons, underlining the ever increasing pressure on today’s IT departments. With 25% responding that firewall audits take a week to conduct attempting to avoid this painful process is understandable.

What’s more 30% of respondents only audit their firewalls once every five years and even more worrying, 7% never even conduct an audit. With this in mind it’s less surprising to find out that 36% of IT professionals admit their firewall rule bases are a mess increasing their susceptibility to hackers, network crashes and compliance violations.

The survey also found that: • 31% only audit their firewalls once a year • 22% don’t know how long it takes to audit their firewalls • Of those that admit their firewall rule base is a mess, 25% believe this makes their network susceptible to crashes and 38% susceptible to compliance violations • 56% responded that automation tools would save them a lot of time

The survey results are available for review on the Tufin website at http://www.tufin.com/downloads/infosecurity_uk_2010_survey_results.pdf

“Companies spend hundreds of thousands of dollars on selecting and implementing firewalls, yet much less attention and resources are invested in making sure the firewalls are optimized at all times for potential security risks and compliance breaches,” said Michael Hamelin, Chief Security Architect at Tufin Technologies. “It is a cause for concern that so many companies are only conducting audits sporadically and are admitting that their firewalls are in a mess. The consequences of a firewall with rules that are out of sync leave networks open to exploitation. Without the right automation tools, managing firewalls is complicated and time consuming making it very tempting for IT professionals to cheat to get their audit passed. But in the long run it will only cause more problems.”

IT still top priority in the boardroom Despite our gloomy economic environment it is encouraging to see that IT has remained high on the budget priorities with 59% of companies revealing that they have not been forced to focus on cost savings at the expense of their company’s security. With malware at record highs and more and more compliance legislation being passed, businesses are clear that it is not in their interests to cut IT spend.

About Tufin Technologies, Inc. Tufin™ is the leading provider of Security Lifecycle Management solutions that enable companies to cost-effectively manage their network security policy, comply with regulatory standards, and minimize IT risk. With a combination of accuracy and simplicity, Tufin empowers security officers to perform reliable audits and demonstrate compliance with corporate and government standards. Founded in 2005 by leading firewall and business systems experts, Tufin serves more than 500 customers in industries from telecom and financial services to energy, transportation and pharmaceuticals. For more information visit www.tufin.com, or follow Tufin on: Twitter at http://twitter.com/TufinTech, LinkedIn at http://www.linkedin.com/groupRegistration?gid=1968264, FaceBook at http://www.facebook.com/group.php?gid=84473097725, The Tufin Blog at http://tufintech.wordpress.com/, The Tufin Channel on YouTube at http://www.youtube.com/user/Tufintech

EMEA Media Contact: Yvonne Eskenzi Eskenzi PR Tel : +44 207 183 2832 Email : [email protected]

U.S. Media Contact Elizabeth Safran Tel: 212-740-1037 Email: [email protected]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
More SolarWinds Attack Details Emerge
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/12/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7343
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
CVE-2020-28476
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
CVE-2020-28473
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...
CVE-2021-25173
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
CVE-2021-25174
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).