Enterprises globally must harden existing firewall configurations; this is a non-negotiable activity. Over time firewall configurations experience a “drift” between what the business requires and what’s become obsolete.
Few cybersecurity components are as familiar as the next-generation firewall (NGFW) for enterprise protection. Despite this ubiquity, it is common for security teams to operate their NGFW in a suboptimal manner. The TAG Cyber team has observed, for example, that many enterprise teams operate their NGFW more like a traditional firewall. This can result in a reduction of traffic visibility, which in turn degrades prevention, detection, and response.
The implementation of a secured perimeter and internal firewall network architecture and conducting Vulnerability Assessments and Penetration Tests (VAPT) are often seen as enough to protect critical business information and guard against unexpected cybersecurity threats. However, as we will discover and despite this approach being a good start, there is substantially more to information security than firewalls and VAPT.
Why is it that we keep on doing the same things in security year after year and we expect a different result? For decades, we have been buying and installing security tools to “fix” our security issues around things such as patch management, privileged access, application vulnerabilities, etc. And yet these issues remain at the top of the list of security issues today.