We have a vendor administered firewall for one of our internet connections. By this I mean that the firewall, which is on premise, is owned by the vendor. Any administrative change request (open a port, etc.) follows a formal vendor process.
Recently we had a security benchmark analysis conducted by Seculore. I met Tim Lorello, the CEO, in 2015 while working on a FCC project.
One BIG takeaway from the Seculore debrief- our Firewall is administered, but no one is monitoring the traffic. There is a big difference.
One of the issues identified by Seculore: a device (implemented by a trusted vendor) that was running a legitimate application apparently also had malware pre-installed at the factory. So, in addition to the legitimate traffic traversing the open firewall port, the device was communicating with its host nation.
We probably would not have been aware (and resolved the issue) without the benchmark analysis.
This is in no way a knock to our vendor- but certainly a learning experience,