Firewalls are your first line of defence against Internet-based attacks and a key component in preventing data leakage and information theft. Whilst penetration tests will identify live vulnerabilities in your Internet connections, they cannot identify problems such as conflicting rules, missing firewall patches and poor administrative controls.
Inevitably, firewall rule bases increase in size and complexity over time. Even with good change control, this can lead to misconfigurations, excessive permissions and other issues that present a serious risk to your business.
You may be required to conduct firewall reviews for compliance with PCI DSS and ISO 27001, or to satisfy due diligence requirements from business partners and customers.
Firewall reviews can also improve your ability to locate weaknesses in your network security posture and identify where your policies need to be changed.