In a troubling revelation for enterprise cybersecurity, a new report from FireMon has found that 60% of corporate firewalls fail critical compliance checks right out of the gate, raising alarms over the state of firewall governance in modern organisations. An additional 34% fall short at other critical levels, suggesting that misconfigured firewalls are not the exception but the norm across enterprise 

Often seen as a cornerstone of the security tech stack, alongside multi-factor authentication and endpoint protection firewalls are meant to provide a first line of defence. But the report paints a different picture. One of outdated rules, bloated policies, and neglected maintenance leading to reduced performance, operational blind spots, and increased threat exposure. 

“Firewall complexity isn’t just a configuration issue, it’s a threat to resilience and trust,” said Jody Brazil, CEO and founder of FireMon. “Security teams are buried under policies they can’t explain, map to business objectives, or manage at scale.” 

The findings reveal that 95% of application objects and 82% of service objects monitored show zero usage, indicating that they serve no purpose yet unnecessarily widen the attack surface. In addition, nearly one-third (30%) of firewall rules are completely unused, and a staggering 62.6% have no assigned owner or proper documentation. This lack of visibility could lead to compliance audit failures and potential downtime. 

The report also notes that more than 10% of rules are redundant or shadowed, making it harder to detect and fix misconfigurations—problems that can severely impact both security posture and system performance across on-prem, cloud, and hybrid networks. 

Experts urge companies to streamline their firewall policies, assign ownership to all rules, and implement regular audits to avoid these pitfalls. Without active management and governance, the very tools meant to secure the enterprise may end up creating more vulnerabilities than they prevent.