Most organisations are receiving a poor return on their firewall investments, according to an IDC multimedia white paper sponsored by McAfee.

The findings are outlined in a study titled "The State of Today's Firewall Management Challenges," which concludes that an increasing number of network attacks, combined with an increasing amount of firewall rule sets, contribute to the high cost of operating firewall architecture, as well as the lack of effectiveness against vulnerabilities.
"What's apparent from the survey is that firewall management is a key challenge facing organizations today," says Charles Kolodgy, research director at IDC. "The more rules included in the firewall, the harder it is to manage and less effective it can become. Firewall rules don't make an organisation more secure, but better rule management and improved firewall technology does."
IDC surveyed 260 firewall managers and IT executives in US and Europe, finding that many legacy firewalls depend on cumbersome technical rules that complicate an organization's ability to audit and control compliance requirements. As a result, organisations drive up manual labour costs by dedicating employees to updating firewall rules, or chasing access or availability issues.
In addition, many network attacks result in data breaches, placing extreme costs on the organisation.
"There's a huge disconnect between the traditional firewall and the level of protection required for most enterprise environments," says Greg Brown, senior director of network security product marketing at McAfee. "Firewalls must offer comprehensive security features without increasing complexity. Additionally, rules management must be simplified and should enforce the actual business security policy in order for organizations to receive the maximum benefit."
IDC's survey results illustrate the following:
* The average enterprise faces about 300 network attacks every year, while 10% of the organiations experienced more than 1 200 attacks per year.
* Respondents indicated that losses from data breaches were equivalent to more than 75% of their costs for operating firewall architecture.
* Firewall rules continue to grow to the point where firewall rule sets can number in the thousands or even tens of thousands. The larger the firewall rule set, the more complex rule management becomes, and the harder it is to keep rules current and to prevent gaps in the protection.
* Those who have large firewall rule sets admit that firewall rule management reduces business responsiveness.