Is your company firewall up to scratch? Study reveals a shocking number of firms might be at risk

• Most firms fail high-severity compliance checks, report claims
• Many fall short at critical levels, putting them at risk
• Misconfigured firewalls could lead to downtime and cyberattacks

Firewalls are a staple of corporate cybersecurity and, next to multi-factor authentication (MFA) and endpoint protection solutions - essentials in every security tech stack.

However, how many companies run a misconfigured firewall which gets in the way instead of helping?

A new report from FireMon found 60% of enterprise firewalls fail high-severity compliance checks “immediately upon evaluation”, with another third (34%) “failing short at critical levels”.

How to stay safe?

For the researchers, this is a sign of deeper governance issues that could result in audit failures, operational downtime, or increased threat exposure.

The problems are not contained to a single environment - on-prem, cloud, and hybrid, all suffer from the same woes - misconfigurations, outdated rules, and bloated policies, leading to reduced performance, compliance risks, and more.

FireMon found that 95% of application objects and 82% of service objects show zero usage, which means they are unnecessary overhead and are just expanding the attack surface.

A third (30%) of firewall rules are completely unused, too , with 62.6% lacking any owner or documentation, leading to audit gaps and operational blind spots.

Finally, more than 10% of rules are either redundant or shadowed, reducing performance and hiding dangerous misconfigurations.

“Firewall complexity isn’t just a configuration issue, it’s a threat to resilience and trust,” said Jody Brazil, CEO and founder at FireMon. “Security teams are buried under policies they can’t explain, map to business objectives, or manage at scale.

You might also like

• VPN vs Firewall
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers