Business and network efficiency can be hindered when IT staff are left to manage hundreds or even thousands of firewall rules. According to this Computer World UK report, firewall performance degrades because excessive rules eat up CPU cycles, and audit tools can help clean up those redundant rules and requests for service.
“Not long ago, 200-300 rules was considered excessive. Now, it’s not unusual for firewalls to have many hundreds or even thousands of rules, many of which were rendered obsolete when IT operations added new rules to meet business requests but neglected to remove any old ones.
Analyzing configurations for a few firewalls, let alone hundreds, has grown beyond the capacity of human computation.
“These automated tools run complex algorithms that evaluate the actual rules against corporate policies and best practices to identify gaps, verify changes and produce audit reports. They enable
organizations to verify and document the entire configuration-management lifecycle to demonstrate to auditors that practice follows policy, and that changes were completed as
authorized and grant the intended access.”