If security had a mantra, it would be “patch, patch, patch.” Maintaining the most up-to-date versions of hardware and software is the best way to ensure their known vulnerabilities are fixed.
While this has always been important, it has become critical in recent years.
The growth and scope of cybercrime has accelerated. Security gaps are constantly found in operating systems, applications, and of course, UTM firewalls.
In the past, many people updated their firewall quarterly (at best). Some did not update at all. They believed their firewalls to be secure, period.
Today, major vulnerabilities are regularly discovered in core firewall components (think of Heartbleed and Shellshock). Pressure is also increasing from hackers and regulators. We have a new reality: the firewall must be checked for updates every day.
But most UTM firewalls make this difficult. They force administrators to check and apply updates manually. Some even charge a premium for the privilege. As a busy IT provider, this is not an optimal way to protect your clients. It also increases your risk and wastes resources.
A firewall with daily, automatic updates keeps your clients more secure and saves resources. Switching to one is a smart decision, even if your client's current firewall is paid for.
A UTM firewall that does not update automatically creates a larger gap in time between the discovery of a major vulnerability and when it can be patched.
This gap is exposure – a period when malware and hackers can exploit the vulnerability and cause harm. A firewall that updates manually creates more exposure than is necessary, making the client less secure. Automatic updates are essential.
A UTM firewall that lacks automatic updates forces you to check if updates are available. This creates an inefficient workflow, forcing your techs to waste time checking for updates and discerning whether or not they are important.
Then, when a critical patch is available, it must be applied manually. This often requires having to drive to the client’s site, take down the network, and waste several hours.
A firewall that updates automatically eliminates this waste. You can be sure all patches are applied immediately, and you can commit your resources to other areas.
Regulations such as HIPAA and PCI DSS are major causes of concern across industries. Maintaining compliance can be a tricky balancing act, and a firewall that lacks automatic updates may cause that act to tumble.
In many cases, the moment an update is available for a firewall, the network behind the firewall falls out of compliance. The updates must be applied immediately to ensure the network stays within the parameters outlined in the regulations. The best way to ensure this is with automatic updates.
A firewall vendor may release dozens of updates in a given year. Some are trivial, such as small changes to the administration interface. Others are critical. They patch vulnerabilities that have opened the network to attacks.
It’s not practical for your organization to monitor all updates and apply them as they become available. Instead, you likely pick and choose the most important ones in which to invest your time and resources.
Unfortunately, most UTM firewall vendors do not make this easy. They do not provide clear information to highlight the updates that matter. Instead, you have to waste resources by watching for updates and determining their importance. If, on the other hand, the firewall updated automatically, you would be relieved of this task.
The only thing certain about most firewalls is that you cannot be sure they are up-to-date without checking. This uncertainty undermines your confidence in the client’s security. When a major vulnerability is announced, has your firewall patched it? You can’t be sure until you check.
Firewalls that update every day automatically give you peace of mind. You can be certain that all known vulnerabilities are patched as quickly as possible. You don’t have to think about it, and you don’t have to waste time worrying or checking.
To avoid legal trouble, your organization needs to disclose its firewall policy to clients. If you do not patch your clients’ firewalls, then you need to share that information. Tell the client the situation and let them decide whether to install a firewall that updates automatically.
If you do not disclose the information, then you may be accepting the responsibility and risk of securing the network with an unpatched device that may be out of compliance. Why not encourage your clients to install a firewall that’s safer and that saves you time?
Switching a client’s firewall is an opportunity to move more clients to a standard network configuration. Standardization is widely known to help IT organizations like yours save resources and improve quality of service.
This is only possible when your clients are using the same or (similar) UTM platform. By switching out a sub-standard device and standardizing on one that updates automatically, you can multiply the savings for your organization and the security for your client.
Firewalls that update manually will soon be outdated. The scale and speed of today’s threats are too great to risk leaving the network exposed with an out-of-date device.
The time to switch your client’s firewall is now. Even if the firewall has several months of subscription remaining, the cost of manually maintaining it, and the risk of relying on its potentially outdated security, may be far greater than switching to one that saves you time, cuts your risk, and improves security.
AccessEnforcer, from Calyptix, updates every day automatically. IT providers like you can get pre-paid subscriptions or even get monthly service without commitments or penalties. Calyptix makes it easy for you with simple pricing, a simple platform, and powerful security.
Top Threats: Heartbleed Bug in OpenSSL
Shellshock: New bug doesn’t shock IT service providers
Merchants Struggle with PCI DSS Compliance as Deadline Passes