"The more things you chuck into a next gen firewall the harder it becomes to manage. Even if it is automated, if you're under attack and you don't have any analysts in there to do something about it, and you don't know what you need to do to respond, a NGFW doesn't do anything."
Ethically, there is also a lot of personal backside-covering at play.
"There's a lot of what goes on that doesn't get discovered, or doesn't get disclosed or gets quietly disclosed and not really widespread knowledge," IPSec business development manager, Richard Charlton, said.
Abdilla agreed: "The culture is, if people have a security breach they try and cover it up because of the security guys don't want to let it be known that they've missed something and the owners don't want to be exposed."
This is where the Australian Government's big legislative flop comes to the fore — the lack of mandatory notification laws, which already exist in most first world countries. Everyone at ARN's roundtable agreed this was a huge wasted opportunity. The bill never made it to the floor in the Rudd/Gillard government, but may have a second life via The Senate. This would be a huge driver for the Australian security industry, an overnight boom.
Loop Technology information security specialist, Patrick Butler, believes it was a disaster for the industry.
"That's why the biggest issue for us in Australia was the fact that mandatory notification laws didn't get past, the single biggest impact to each of our businesses," he said.
"However, if they did pass the mandatory data breach notification we'd be run off our feet, all of us."
"We've seen an explosion of interest in the last five years from companies, but that the reality is, they buy a firewall to last roughly three to five years typically," NetStrategy CEO, James Boyle, said. So are NGFW's something that is added to existing hardware on top, or are these businesses looking to implement from scratch? "Well, typically what we're seeing is the rip and replace. There was a discussion earlier about the fact that we do a lot where we put in and show them what they're missing and what the existing firewall is missing," he said.
"In a lot of cases those companies are like 'well that's great, we got all these botnets going around our network but let's just wait until the refresh, until our subscription has expired.' So that's still that old mentality at work."
The problem with any security implementation, and NGFWs are the same, is that if the defensive measures are too strong, and burdensome, users will find their own way around them. For example, schools especially spend a lot of time on security, but tech savvy kids don't have any problems getting around them — and this is the same with businesses.
Sign up for Computerworld eNewsletters.