b est BLOG
o f n audit isn’t worth much if the people doing it are
eAcutting corners. Unfortunately, a survey by the
CHEATING ON YOUR
EEK.com folks at Tufin Technologies suggests many IT pros may
be doing exactly that.
The survey, which was conducted at the InfoSecu-
rity Europe 2009 Conference in April, took opinions
from 151 IT security pros. The aim was to determine
companies’ approach to firewall auditing and manage-
The top 10 operating systems used by e WEEK.com site
What Tufin turned up was that 20 percent of
visitors in May*
the respondents admitted they or a colleague had
1. Windows XP cheated on an audit to get it passed. Going deeper, 9
2. Windows Vista
percent of the respondents admitted that they never
bother to check and audit their firewalls at all. Sixty-
three percent said they do it every three months to
5. Windows 7
The problem here is obvious. If firewalls are on
6. Media Center 2005 the frontline of defense for your network and you
7. Windows Server 2003 and XP x64 Edition
don’t have a real sense of what policies are in place,
effectively managing network security becomes dif-
8. Windows 2000/NT 5
This is, of course, an area Tufin plays in. Like
10. Windows 98
Secure Passage, AlgoSec and others, Tufin provides
*As of May 28
management capabilities for firewalls from vendors
like Cisco and Juniper Networks. The idea is to elimi-
CHANNEL INSIDER VIDEO
nate redundancies and provide visibility into the rules
Security threads governing the firewalls on your network.
Though the how and the why behind the 20 per-
cent mentioned above is unknown, the time it takes
to perform an audit may have something to do with it.
According to the study, 22 percent of the audits take
from a few weeks to a few months. Seventy percent
of people responding to the survey, however, said their
audits take only a few days.
Now, it’s the Internet, so you have the opportunity to
be anonymous—how many of you would cheat on an
audit to get it done and out of the way?
Chris Whitener (left), Hewlett-Packard’s chief security
strategist, discusses HP’s plans for embedding security
in the fabric of IT with Channel Insider’s Larry Walsh.