SlideShare a Scribd company logo

Best Practics for Automating Next Generation Firewall Change Processes

Download as PPTX, PDF
Adi Gazit Blecher
Adi Gazit Blecher

Hear how AlgoSec seamlessly integrates with Palo Alto Networks NGFWs to simply and intelligently automate App-ID and User-ID security policy change workflows, business application connectivity mapping and compliance reporting across on-premise and cloud environments.

Technology
1 of 45
BEST PRACTICES FOR AUTOMATING NEXT GENERATION FIREWALL CHANGE PROCESSES Edy Almer, VP Product, AlgoSec Moshe Itah, Product Line Manager, Palo Alto Networks
• Supporting business transformation initiatives such as cloud and SDN • Lack of visibility into business application connectivity requirements • Slow, manual and error-prone change management processes • Costly outages and exposure to risk due to misconfigurations • Time-consuming audits and reactive compliance verification 2 | Confidential DO YOU STRUGGLE WITH?
ELIMINATE THE TRADEOFF 3 | Confidential Security Business Agility Avoid misconfiguration and reduce attack surface Proactively mitigate risk Ensure continuous compliance Enforce Network Segmentation Provision network changes in minutes, not days Understand business requirements and avoid application outages Align teams to foster DevSecOps Free up time by automating processes
5 | Confidential THE ALGOSEC SECURITY POLICY MANAGEMENT SUITE
KEY CAPABILITIES Secure Business Application Connectivity Management Security Policy Change Management Continuous Compliance and Auditing Firewall Policy Optimization Security Policy Risk Mitigation NGFW and Datacenter Migration Hybrid Cloud Security
18 | Confidential ALGOSEC INTEGRATION WITH PALO ALTO NETWORKS
APP-ID AND USER-ID SUPPORT • Policy analysis • Automatically and seamlessly replace ports with applications at layer 7 • Zero-touch change management • Proactive risk analysis • Add/remove/modify traffic and intelligent rule design • Policy push directly to Palo Alto Networks devices (through Panorama) • Mixed NGFW and non user/application-aware infrastructure, and cloud (VMware NSX, AWS, Azure) 19 | Confidential
APP-ID AND USER ID CONNECTIVITY MANAGEMENT • Changes include application default, app_id and user data 20 |
PANORAMA SUPPORT • Automated policy push through Panorama to its devices, including user-awareness, application awareness • Support for large estates • Automatically populate firewalls in AlgoSec • Identify and incorporate candidate policies in the analysis (aggregated changes not yet committed to the devices) • Allow low risk change requests to be automatically resolved, while security operations must approve or reject only higher risk items 21 | Confidential
PANORAMA SUPPORT 22 | Confidential
PRAGMATIC AUTOMATION • Collate all changes related to a policy • Allow mixed device based work orders and policy based work orders on the same ticket  Make single change to Panorama instead of hundreds of individual device level changes – while still supporting device based changes for other vendors. 23 |
ACTIVECHANGE THROUGH PANORAMA 24 | Confidential
25 | • Support assignment of Panorama device groups to organizational groups in AD • Each group handles and approves changes to “its” devices • Align with organizational structure • Improve inter team synchronization • Reduce errors • Provide full results to requestors SUPPORT ORGANIZATION STRUCTURE & DEVICE GROUPS
ASSIGN RESPONSIBILITY TO DEVICE GROUP OWNERS 26 | Confidential
Management Features in Release 7.1 Moshe Itah
Palo Alto Networks and AlgoSec  Palo Alto Networks and AlgoSec are close partners  Palo Alto Networks and AlgoSec share  early alpha/beta releases for feedback and testing  product roadmaps  technical discussions  The relationship work are at multiple levels  Business Development  Product Management 29 | ©2016. Palo Alto Networks. Confidential and Proprietary.
Commit Enhancements 30 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Commit Queue  Once a commit is running, no other commit (user or system triggered) is allowed, preventing …  Commit to multiple VSYS on same device mapped to different DGs in Panorama  Multiple admins from committing to device/Panorama simultaneously  Tenants from committing simultaneously to their VSYS  User commits when DAG updates, FQDN or EDL refreshes are ongoing  New commits are queued when a commit is in progress  All commits are queued in the order they were received  On commit failure the next commit is processed 31 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Commit Queue  Full visibility into queue  Which commit is being processed?  Ability to clear the queue  Queue capacity is platform dependent  Queues not synched across HA peers  CLI and API support  Commits with following changes will fail if the commit queue is not empty  Master key  Mode (single to multi-VSYS)  URL DB  Reverts 32 | ©2016, Palo Alto Networks. Confidential and Proprietary.
How Commit Queue Works 33 | ©2016, Palo Alto Networks. Confidential and Proprietary. Commit Task Queue Commit Processing Commit 1 by jamie Commit 1 by jamie Commit 1 by jamie Commit 2 by saurabh Commit 2 by saurabh Commit 3 by moshe Commit 3 by moshe Commit 3 by moshe FQDN Refresh for Commit 1
Commit Description  Commit description can be up to 512 characters  Use cases  Describe what changes were pushed down with commit  Ticket Numbers, Change Request Numbers, Audit Info etc.  Compare versions based on commit description in config audit  Type in description text into config version selector to compare  Commit description searches available in system logs, task manager 34 | ©2016, Palo Alto Networks. Confidential and Proprietary. Start typing description
Increased Maximum Virtual Disk  Problem – Max size of supported virtual disk is 2TB which leads customers to NFS for more storage  NFS is less than ideal for throughput rates and predictability  Virtual Disk has better performance, but 2TB is not enough storage for many customers  Solution – Support up to 8 TB of virtual disk for VM Panorama  Must have ESXi 5.5+  Will require a new virtual disk (will be covered in LAB session) 35 | ©2016, Palo Alto Networks. Confidential and Proprietary.
New ACC Widgets 36 | ©2016, Palo Alto Networks. Confidential and Proprietary.
New ACC Widgets  Problem – Customers could not see more than top 10 URL categories or File Types / Data Patterns  Currently URL Filtering and Content activity is only shown in the User Activity or IP Activity widgets at top 10 items  Solution – Create two new widgets for URL filtering and Content Activity  Allows admins to view top URL domains and files/patterns in the table with the ability to maximize for an expanded list  The widgets must be added to a tab manually 37 | ©2016, Palo Alto Networks. Confidential and Proprietary.
New ACC Widgets 38 | ©2016, Palo Alto Networks. Confidential and Proprietary.
New ACC Widgets  Problem – Customers wanted visibility into top data transfers and URLs independent of IP or User  Currently URL and Content visibility was restricted to the User Activity or IP Activity widgets at max top 10 items  Solution – Create two new widgets for URL filtering and Content Filtering  Allows admins to view URL / Content at the top level and drill into details  The widgets must be added to a tab manually 39 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Unified Log Viewer 40 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Unified Log Viewer  Problem – Customers cannot see all events associated with a set of filters across databases  Admins can only view the related logs for any single event or re-run the same query on each log type  Solution – Add a unified log viewer  All traffic and threat log types are available  Any column that is common will return results from all of the relevant matching logs 41 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Unified Log Viewer Example 42 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Unified Log Viewer: Specific Query 43 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Unified Log Viewer: Specific Query 44 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Unified Log Viewer: DB Selection 45 | ©2016, Palo Alto Networks. Confidential and Proprietary.
THANK YOU For personal demo: www.algosec.com/Demo More information: marketing@algosec.com 46 | Confidential

Recommended

2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
AlgoSec
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarBuild and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinar
AlgoSec
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud
AlgoSec
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
AlgoSec
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to execution
AlgoSec
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final
AlgoSec
 
2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...
AlgoSec
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network final
AlgoSec
 

Recommended

2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
AlgoSec
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarBuild and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinar
AlgoSec
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud
AlgoSec
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
AlgoSec
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to execution
AlgoSec
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final
AlgoSec
 
2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...
AlgoSec
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network final
AlgoSec
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
AlgoSec
 
compliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarcompliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinar
AlgoSec
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
AlgoSec
 
More Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management SuiteMore Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management Suite
AlgoSec
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
AlgoSec
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
AlgoSec
 
Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Security
shira koper
 
2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution
AlgoSec
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinar
AlgoSec
 
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application ConnectivityMovin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
shira koper
 
2018 10-11 automating network security policy management allows financial ins...
2018 10-11 automating network security policy management allows financial ins...2018 10-11 automating network security policy management allows financial ins...
2018 10-11 automating network security policy management allows financial ins...
AlgoSec
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best Practices
AlgoSec
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation
Maytal Levi
 
DevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOpsDevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOps
shira koper
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
AlgoSec
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware
AlgoSec
 
Migrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best PracticesMigrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best Practices
shira koper
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
Maytal Levi
 
Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)
AlgoSec
 
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
AlgoSec
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarCisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
Maytal Levi
 
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
Adi Gazit Blecher
 

More Related Content

What's hot

Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
AlgoSec
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
AlgoSec
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
AlgoSec
 
Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Security
shira koper
 
2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution
AlgoSec
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinar
AlgoSec
 
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application ConnectivityMovin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
shira koper
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best Practices
AlgoSec
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation
Maytal Levi
 
DevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOpsDevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOps
shira koper
 
Migrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best PracticesMigrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best Practices
shira koper
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
Maytal Levi
 

What's hot (20)

Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
 
compliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarcompliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinar
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
 
More Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management SuiteMore Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management Suite
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
 
Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Security
 
2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinar
 
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application ConnectivityMovin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
 
2018 10-11 automating network security policy management allows financial ins...
2018 10-11 automating network security policy management allows financial ins...2018 10-11 automating network security policy management allows financial ins...
2018 10-11 automating network security policy management allows financial ins...
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best Practices
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation
 
DevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOpsDevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOps
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware
 
Migrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best PracticesMigrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best Practices
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
 
Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)
 
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
 

Viewers also liked

Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarCisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
Maytal Levi
 
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
Adi Gazit Blecher
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
AlgoSec
 
Learn how an app-centric approach will improve security & operational efficiency
Learn how an app-centric approach will improve security & operational efficiencyLearn how an app-centric approach will improve security & operational efficiency
Learn how an app-centric approach will improve security & operational efficiency
Adi Gazit Blecher
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slides
AlgoSec
 
Shift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesShift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy Changes
AlgoSec
 
Dos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkDos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your Network
AlgoSec
 
AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’ts
AlgoSec
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
AlgoSec
 
Lecture The Search for Innovation
Lecture The Search for InnovationLecture The Search for Innovation
Lecture The Search for Innovation
Event StoryBoard
 

Viewers also liked (20)

Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarCisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
 
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authentication
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
Openstack Ops Meetup Palo Alto LT
Openstack Ops Meetup Palo Alto LTOpenstack Ops Meetup Palo Alto LT
Openstack Ops Meetup Palo Alto LT
 
OPNFV Use Case: VPN in the Cloud
OPNFV Use Case: VPN in the CloudOPNFV Use Case: VPN in the Cloud
OPNFV Use Case: VPN in the Cloud
 
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
 
Learn how an app-centric approach will improve security & operational efficiency
Learn how an app-centric approach will improve security & operational efficiencyLearn how an app-centric approach will improve security & operational efficiency
Learn how an app-centric approach will improve security & operational efficiency
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slides
 
Shift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesShift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy Changes
 
Dos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkDos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your Network
 
AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’ts
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
 
NGFW Brochure 08 08
NGFW Brochure 08 08NGFW Brochure 08 08
NGFW Brochure 08 08
 
Lecture The Search for Innovation
Lecture The Search for InnovationLecture The Search for Innovation
Lecture The Search for Innovation
 
Taking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changesTaking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changes
 
Segmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the UglySegmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the Ugly
 
Zero Trust Networking with Palo Alto Networks Security
Zero Trust Networking with Palo Alto Networks SecurityZero Trust Networking with Palo Alto Networks Security
Zero Trust Networking with Palo Alto Networks Security
 
Whats new in neutron for open stack havana
Whats new in neutron for open stack havanaWhats new in neutron for open stack havana
Whats new in neutron for open stack havana
 

Similar to Best Practics for Automating Next Generation Firewall Change Processes

Kafka/SMM Crash Course
Kafka/SMM Crash CourseKafka/SMM Crash Course
Kafka/SMM Crash Course
DataWorks Summit
 
Best practices for application migration to public clouds interop presentation
Best practices for application migration to public clouds interop presentationBest practices for application migration to public clouds interop presentation
Best practices for application migration to public clouds interop presentation
esebeus
 
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...
panagenda
 
Forrester Research on Globally Distributed Development Using Subversion
Forrester Research on Globally Distributed Development Using SubversionForrester Research on Globally Distributed Development Using Subversion
Forrester Research on Globally Distributed Development Using Subversion
WANdisco Plc
 

Similar to Best Practics for Automating Next Generation Firewall Change Processes (20)

Feasibility Study Template for Electronic Software Distribution
Feasibility Study Template for Electronic Software DistributionFeasibility Study Template for Electronic Software Distribution
Feasibility Study Template for Electronic Software Distribution
 
Kafka/SMM Crash Course
Kafka/SMM Crash CourseKafka/SMM Crash Course
Kafka/SMM Crash Course
 
Design and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use CasesDesign and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use Cases
 
Yongsan presentation 3
Yongsan presentation 3Yongsan presentation 3
Yongsan presentation 3
 
OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...
OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...
OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...
 
Techcello at a glance
Techcello at a glanceTechcello at a glance
Techcello at a glance
 
Nagios Consulting Implementation and Maintenance
Nagios Consulting Implementation and MaintenanceNagios Consulting Implementation and Maintenance
Nagios Consulting Implementation and Maintenance
 
Best practices for application migration to public clouds interop presentation
Best practices for application migration to public clouds interop presentationBest practices for application migration to public clouds interop presentation
Best practices for application migration to public clouds interop presentation
 
IBM i Development: Increase Accuracy and Efficiency with SEQUEL's ABSTRACT a...
IBM i Development: Increase Accuracy and Efficiency with SEQUEL's ABSTRACT a... IBM i Development: Increase Accuracy and Efficiency with SEQUEL's ABSTRACT a...
IBM i Development: Increase Accuracy and Efficiency with SEQUEL's ABSTRACT a...
 
What’s new in Rational collaborative lifecycle management 2011?
What’s new in Rational collaborative lifecycle management 2011?What’s new in Rational collaborative lifecycle management 2011?
What’s new in Rational collaborative lifecycle management 2011?
 
Understanding saa s
Understanding saa sUnderstanding saa s
Understanding saa s
 
Partner Connect APAC - 2022 - April
Partner Connect APAC - 2022 - AprilPartner Connect APAC - 2022 - April
Partner Connect APAC - 2022 - April
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
 
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...
 
Gain Insights, Make Decisions, and Take Action Across a Streamlined and Autom...
Gain Insights, Make Decisions, and Take Action Across a Streamlined and Autom...Gain Insights, Make Decisions, and Take Action Across a Streamlined and Autom...
Gain Insights, Make Decisions, and Take Action Across a Streamlined and Autom...
 
Forrester Research on Globally Distributed Development Using Subversion
Forrester Research on Globally Distributed Development Using SubversionForrester Research on Globally Distributed Development Using Subversion
Forrester Research on Globally Distributed Development Using Subversion
 
Forrester Research on Optimizing Globally Distributed Software Development Us...
Forrester Research on Optimizing Globally Distributed Software Development Us...Forrester Research on Optimizing Globally Distributed Software Development Us...
Forrester Research on Optimizing Globally Distributed Software Development Us...
 
Adopting the Cloud
Adopting the CloudAdopting the Cloud
Adopting the Cloud
 
The Top 5 Practices of a Highly Successful ChangeMan ZMF Administrator
The Top 5 Practices of a Highly Successful ChangeMan ZMF AdministratorThe Top 5 Practices of a Highly Successful ChangeMan ZMF Administrator
The Top 5 Practices of a Highly Successful ChangeMan ZMF Administrator
 
VMworld 2013: Architecting the Software-Defined Data Center
VMworld 2013: Architecting the Software-Defined Data Center VMworld 2013: Architecting the Software-Defined Data Center
VMworld 2013: Architecting the Software-Defined Data Center
 

Recently uploaded

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 

Recently uploaded (20)

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 

Best Practics for Automating Next Generation Firewall Change Processes

  • 1. BEST PRACTICES FOR AUTOMATING NEXT GENERATION FIREWALL CHANGE PROCESSES Edy Almer, VP Product, AlgoSec Moshe Itah, Product Line Manager, Palo Alto Networks
  • 2. • Supporting business transformation initiatives such as cloud and SDN • Lack of visibility into business application connectivity requirements • Slow, manual and error-prone change management processes • Costly outages and exposure to risk due to misconfigurations • Time-consuming audits and reactive compliance verification 2 | Confidential DO YOU STRUGGLE WITH?
  • 3. ELIMINATE THE TRADEOFF 3 | Confidential Security Business Agility Avoid misconfiguration and reduce attack surface Proactively mitigate risk Ensure continuous compliance Enforce Network Segmentation Provision network changes in minutes, not days Understand business requirements and avoid application outages Align teams to foster DevSecOps Free up time by automating processes
  • 4. 5 | Confidential THE ALGOSEC SECURITY POLICY MANAGEMENT SUITE
  • 5. KEY CAPABILITIES Secure Business Application Connectivity Management Security Policy Change Management Continuous Compliance and Auditing Firewall Policy Optimization Security Policy Risk Mitigation NGFW and Datacenter Migration Hybrid Cloud Security
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. 18 | Confidential ALGOSEC INTEGRATION WITH PALO ALTO NETWORKS
  • 18. APP-ID AND USER-ID SUPPORT • Policy analysis • Automatically and seamlessly replace ports with applications at layer 7 • Zero-touch change management • Proactive risk analysis • Add/remove/modify traffic and intelligent rule design • Policy push directly to Palo Alto Networks devices (through Panorama) • Mixed NGFW and non user/application-aware infrastructure, and cloud (VMware NSX, AWS, Azure) 19 | Confidential
  • 19. APP-ID AND USER ID CONNECTIVITY MANAGEMENT • Changes include application default, app_id and user data 20 |
  • 20. PANORAMA SUPPORT • Automated policy push through Panorama to its devices, including user-awareness, application awareness • Support for large estates • Automatically populate firewalls in AlgoSec • Identify and incorporate candidate policies in the analysis (aggregated changes not yet committed to the devices) • Allow low risk change requests to be automatically resolved, while security operations must approve or reject only higher risk items 21 | Confidential
  • 21. PANORAMA SUPPORT 22 | Confidential
  • 22. PRAGMATIC AUTOMATION • Collate all changes related to a policy • Allow mixed device based work orders and policy based work orders on the same ticket  Make single change to Panorama instead of hundreds of individual device level changes – while still supporting device based changes for other vendors. 23 |
  • 24. 25 | • Support assignment of Panorama device groups to organizational groups in AD • Each group handles and approves changes to “its” devices • Align with organizational structure • Improve inter team synchronization • Reduce errors • Provide full results to requestors SUPPORT ORGANIZATION STRUCTURE & DEVICE GROUPS
  • 25. ASSIGN RESPONSIBILITY TO DEVICE GROUP OWNERS 26 | Confidential
  • 26.
  • 28. Palo Alto Networks and AlgoSec  Palo Alto Networks and AlgoSec are close partners  Palo Alto Networks and AlgoSec share  early alpha/beta releases for feedback and testing  product roadmaps  technical discussions  The relationship work are at multiple levels  Business Development  Product Management 29 | ©2016. Palo Alto Networks. Confidential and Proprietary.
  • 29. Commit Enhancements 30 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 30. Commit Queue  Once a commit is running, no other commit (user or system triggered) is allowed, preventing …  Commit to multiple VSYS on same device mapped to different DGs in Panorama  Multiple admins from committing to device/Panorama simultaneously  Tenants from committing simultaneously to their VSYS  User commits when DAG updates, FQDN or EDL refreshes are ongoing  New commits are queued when a commit is in progress  All commits are queued in the order they were received  On commit failure the next commit is processed 31 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 31. Commit Queue  Full visibility into queue  Which commit is being processed?  Ability to clear the queue  Queue capacity is platform dependent  Queues not synched across HA peers  CLI and API support  Commits with following changes will fail if the commit queue is not empty  Master key  Mode (single to multi-VSYS)  URL DB  Reverts 32 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 32. How Commit Queue Works 33 | ©2016, Palo Alto Networks. Confidential and Proprietary. Commit Task Queue Commit Processing Commit 1 by jamie Commit 1 by jamie Commit 1 by jamie Commit 2 by saurabh Commit 2 by saurabh Commit 3 by moshe Commit 3 by moshe Commit 3 by moshe FQDN Refresh for Commit 1
  • 33. Commit Description  Commit description can be up to 512 characters  Use cases  Describe what changes were pushed down with commit  Ticket Numbers, Change Request Numbers, Audit Info etc.  Compare versions based on commit description in config audit  Type in description text into config version selector to compare  Commit description searches available in system logs, task manager 34 | ©2016, Palo Alto Networks. Confidential and Proprietary. Start typing description
  • 34. Increased Maximum Virtual Disk  Problem – Max size of supported virtual disk is 2TB which leads customers to NFS for more storage  NFS is less than ideal for throughput rates and predictability  Virtual Disk has better performance, but 2TB is not enough storage for many customers  Solution – Support up to 8 TB of virtual disk for VM Panorama  Must have ESXi 5.5+  Will require a new virtual disk (will be covered in LAB session) 35 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 35. New ACC Widgets 36 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 36. New ACC Widgets  Problem – Customers could not see more than top 10 URL categories or File Types / Data Patterns  Currently URL Filtering and Content activity is only shown in the User Activity or IP Activity widgets at top 10 items  Solution – Create two new widgets for URL filtering and Content Activity  Allows admins to view top URL domains and files/patterns in the table with the ability to maximize for an expanded list  The widgets must be added to a tab manually 37 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 37. New ACC Widgets 38 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 38. New ACC Widgets  Problem – Customers wanted visibility into top data transfers and URLs independent of IP or User  Currently URL and Content visibility was restricted to the User Activity or IP Activity widgets at max top 10 items  Solution – Create two new widgets for URL filtering and Content Filtering  Allows admins to view URL / Content at the top level and drill into details  The widgets must be added to a tab manually 39 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 39. Unified Log Viewer 40 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 40. Unified Log Viewer  Problem – Customers cannot see all events associated with a set of filters across databases  Admins can only view the related logs for any single event or re-run the same query on each log type  Solution – Add a unified log viewer  All traffic and threat log types are available  Any column that is common will return results from all of the relevant matching logs 41 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 41. Unified Log Viewer Example 42 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 42. Unified Log Viewer: Specific Query 43 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 43. Unified Log Viewer: Specific Query 44 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 44. Unified Log Viewer: DB Selection 45 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 45. THANK YOU For personal demo: www.algosec.com/Demo More information: marketing@algosec.com 46 | Confidential

Editor's Notes

  1. Managing network security across complex heterogeneous networks
  2. - Mention minutes to provision servers and storage, but weeks to provision security.
  3. Hidden slide: Just mention that we are the leaders in Security Policy Management Have 1500 enterprise customers including 20 of the Fortune 50
  4. Save lots of time in defining a large firewall estate, correctly analyze global policy for change and for optimization