Jason Punda | Posted on |
Table of Contents
The Value of a Firewall Health Check
In this article, I am going to talk about the cost saving benefits of a Firewall Health Check and how it can improve your organizations security posture.

Why perform a security assessment?
The 2015 IRS breach

The Importance of a Security Assessment
Performing a security assessment allows companies to see if there are improvements to their security posture without having to go out and buy new “toys.” Unfortunately, it’s a common trend I see in most of the organizations I step into, across all business types and sizes: Money was spent on procuring a best-of-breed solution, time was invested in getting it set up, and some measure of time later the changes performed have all been operational. Security is always a moving target, with standards and best practices changing frequently; organizations that do not adjust and adapt to the changes are usually left behind and leave themselves open for exploitation by adversaries. Just ask the IRS.

You’ve invested your money and time into your existing IT security platforms, so before replacing them, it’s best to re-evaluate how they are deployed and used to see if they are being used to their fullest potential. There are a few ways to accomplish this, of course, but for my EITS team members and me, this usually comes in the form of a security assessment and a health check of some kind. Anything that can be hardened and made compliant can then have a health check performed against it. For example, the most obvious icon of network security in our modern security environment is the firewall. The firewall is most often where you can make the most impact in the shortest amount of time by performing a health check. The exact process you would go through will vary somewhat depending on the make and model of the firewall, of course. Still, the concepts and areas to evaluate will stay the same – in the same way that a Ford Focus and a Jeep Cherokee are different vehicles produced by two unrelated companies and yet can be mechanically serviced in much the same way.
What does Firewall Health Check evaluate and what do we do with the findings?
- Is the firewall under support?
- Is it running a current OEM-suggested version of firmware?
- Is it application aware and, if it is, are the rules built out to control traffic based on applications instead of ports?
- What percent of traffic being processed is encrypted and is any of it being decrypted?
- How do administrators authenticate and are their changes being logged and audited?
- Are proper cryptography standards being applied where in use, such as in VPN connections and for administrator access to the system?
- Is High Availability (HA) properly configured?
- Are there features that are included or have been purchased but aren’t being used?
Leave a Reply