A firewall configuration review is a great way for your organization to assess the security of one of the most pivotal pieces of technology in your organization. While any security professional will tell you just having a firewall doesn’t make you more secure and that it doesn’t perform any type of “silver bullet” functionality to thwart attackers, a misconfiguration or compromise of your firewall could prove disastrous. This device is the gatekeeper to your internal network, separating individuals out on the Internet from your trusted organizational assets. With that being said, it may be helpful to know the firewall configuration review cost, to help understand the return on investment and help in budgetary planning.
A firewall configuration review can answer questions for you that may not be addressed during vulnerability scanning or penetration testing activities, such as:
- How effective is my device hardening?
- Is my firewall configured according to security best practices?
- Are there any security vulnerabilities specifically related to my firewall that leave my organization at risk?
If you want more information about what is included in a firewall configuration review and how it can help, check out our overview post here.
So How Much Does a Firewall Configuration Review Cost?
This can be based on a couple different contributing factors that we’ll discuss below, but a firewall configuration review cost starts at around $2,000 for planning and budgetary purposes.
What Factors Contribute to the Cost?
Given that baseline cost, there are a couple things that can increase the cost of this type of assessment:
- Number of Firewalls – This shouldn’t come as much of a surprise, but the more devices we have to look at, the higher the cost will be. Keep in mind that his won’t necessarily be an exponential increase in price, as there are efficiencies as the number of devices increases.
- Size of Firewall Rule Set – Our baseline review price factors in a 500 rule firewall. So if you’ve got less than five hundred access control list (ACL) definitions for traffic allowances, the price won’t be affected. But for firewalls for larger organizations, these definitions can be much larger and subsequently more complex to analyze. We’ll need more time to adequately review these rules for vulnerabilities and areas of improvement.
- Special Circumstances – Sometimes there are odds and ends that come up that can also contribute to the ultimate cost of an assessment. For example, if you want the configuration review to account for best practice guidelines, PCI DSS requirements, and HIPAA requirements, it will take the test team longer to perform that analysis and documentation. Additionally, if there are hurdles to access the device being reviewed or if only configuration files are available for certain firewalls (looking at you SonicWalls…), the review can take longer and be more difficult.
With all of these factors in mind, hopefully you have a better understanding of the firewall configuration review cost. This will allow you to better balance the return on investment you’ll see from this type of assessment and assist you in budgeting.