NextGen firewalls or NGFWs are a great asset to protect your network and increase visibility. As a SOC provider one of our objectives is detecting misconfigurations in security solutions deployed across companies.
It doesn’t matter if you have ‘Check Point Software Technologies’, ‘Palo Alto Networks’, ‘Fortinet’ or another one. By analyzing millions of logs daily through our Security Operations Center (SOC), we found many misconfigurations across organizations of all sizes. Below you can find the top 3.
top 3 misconfigurations
IPS/IDS IS ENABLED BUT TLS INSPECTION IS DISABLED
Most IPS/IDS signatures work at the application layer. Without TLS decryption these signatures won’t work.
NO PROTECTIONS FOR REMOTE VPNS
Make sure that system accounts are not able to authenticate in your VPN service and apply threat prevention policies to your remote VPN traffic
NOT SECURING YOUR NEXTGEN FIREWALL
Remember to secure your security solutions: Apply strong authentication, check who or what can access your firewall and periodically check your firewall’s authentication logs.