Firewall Cleanup Recommendations: Considerations for Improved Firewall Efficiency, Better Security, and Reduced Policy Complexity


The majority of all data breach incidents do not result from circumvention of advanced defensive systems and complex security controls; but from the failure of well-established systems, in particular firewalls, that have become too numerous and complex to manage effectively. This paper discusses the implications of firewall policy complexity, why it remains a problem today and how to resolve it.