Firewall rules never die … they just get holes poked in them and continue to pile on complexity. Now things are likely to get even more complicated with next-generation, application-aware firewalls that aim to maintain hundreds, or even thousands, of application signatures.

Firewall-rules bloat: Where does it come from?

In large organizations there are security staff members who spend all their time writing