Security policy management solutions enable security and operations teams to manage and optimize firewall policy, automate security policy changes and mitigate network security risk - all while avoiding misconfigurations, staying compliant and saving time and resources. While this provides unprecedented value for network security visibility and management, these teams often lack the business context; the ability to assess the impact of network and firewall rule changes on the company’s business applications, application availability and business processes. Join Yonatan Klein, Director Product Management at AlgoSec, as he explores why a security policy management solution should also offer application discovery and visibility to enable a truly business-driven approach to security policy management. The webinar will cover: Business-driven management of connectivity change requests while avoiding misconfigurations and miscommunications Pro-active visibility of the security impact of application changes before applying them How visibility into the applications associated with every firewall rule enhances auditing, compliance and policy cleanup Clear visibility into the impact of new vulnerabilities and maintenance tasks on business processes Different ways to discover network connectivity for existing applications

1. APPLICATION VISIBILITY ACROSS
THE SECURITY ESTATE
Yonatan Klein,
Director of Product Management
Yonatan.Klein@algosec.com

2. 2| Confidential
WELCOME
Have a question? Submit it via the chat
This webinar is being recorded!
Slides and recording will be sent to you after the webinar
2

3. 3| Confidential
GROWING EXPECTATIONS FROM IT AND SECURITY TEAMS

4. 4| Confidential
RUN FASTER!
• Constant demand for higher business agility
• Technology enablers (DevOps, cloud, SDN)
• Deliver in minutes/hours, not weeks/months
DEV
OPS
PROTECT YOUR NETWORK BETTER!
• Attacks and breaches are constantly on
the rise, more sophisticated
• Security must be stronger and tighter
But also…

5. 5| Confidential
THE BALANCING ACT - REALITY
Trying to find the perfect balance:
• Both agility and security are affected
• Constant tension between Security and Apps teams
Security Business Agility
And if it fails … Shadow IT starts

6. 6| Confidential
BUT WHAT IF YOU COULD…
HAVE YOUR
CAKE AND
EAT IT?

7. INFORMATIONMANAGING SECURITY WITH THE BUSINESS CONTEXT
* Slide from AlgoSec webinar featuring Gartner
The move to the cloud, mobile and digital business requires changes in how we approach security
People
Processes
Application &
Services
Workspace
OS
Network
Hardware
TOP DOWN
Information, process and
Application-centric security
Business-driven security
BOTTOM UP
Device and OS fixation, “lockdown”
Asset-centric security

8. 8| Confidential
WHY IS THE
BUSINESS
CONTEXT SO
IMPORTANT
• Prioritize risk management by
application criticality
• Application sensitivity impact
security levels
• E.g. PCI
• Security policy affected by
application status
Matching of business application to firewall rules

9. 9| Confidential
AlgoSec enables
companies to align
security with their
business processes
Business-driven Agility
Business-driven Visibility
Business-driven Security
BUSINESS DRIVEN SECURITY MANAGEMENT

10. HOW DIFFICULT IS IT FOR YOUR NETWORK TEAMS
TO UNDERSTAND THE BUSINESS CONTEXT OF
FIREWALL RULES?
• Very
• Slightly
• This is not a challenge
Please vote using the “votes from audience” tab in your BrightTALK panel
POLL

11. 11| Confidential
THE APPLICATION LIFECYCLE

12. 12| Confidential
THE SECURITY POLICY MANAGEMENT LIFECYCLE
Auto-discover and map application
connectivity and security
infrastructure
Allow application owners and
architects to easily define their
application connectivity needs

13. 13| Confidential
DESIGN OR DISCOVER EXISTING APPLICATIONS
• Existing sources?
• CMDB
• Excel Spreadsheet
• Firewall Rules
• APM DB
• Network discovery
• Firewall logs
• Network sensing
• 3rd party network probing
• Design a new application

14. 14| Confidential
APPLICATION & CONNECTIVITY AUTO-DISCOVERY
• Various sources: network mirroring, PCAP files, NetFlow, sFlow
Network
sensing
• Determine hosts
• Determine active flows
Analyze
network traffic
• Smart heuristics to identify web services, data bases, applications
• Application identity “hints”
Identify business
applications

15. 15| Confidential
THE MAPPED
BUSINESS
APPLICATIONS

16. 16| Confidential
DISCOVERED
APPLICATIONS

17. 17| Confidential
DISCOVERED
APPLICATION
FLOWS

18. 18| Confidential
OPTIMIZED
FLOWS

19. 19| Confidential
THE SECURITY POLICY MANAGEMENT LIFECYCLE
Design for segmentation
Translate application connectivity
into firewall rules
Assess risk and compliance
Auto-discover and map application
connectivity and security
infrastructure
Allow application owners and
architects to easily define their
application connectivity needs

20. 20| Confidential
UNFILTERED
FLOWS FOR
MICRO-
SEGMENTATION
If you place endpoints in different
segments:
• Write policy to allow the flow
• … or application will break
• Enables Micro-segmentation !

21. 21| Confidential
BETTER SECURITY WITH MICRO-SEGMENTATION
• Introduce filtering choke-points between zones
• Allows control of east-west traffic
• Lets organizations restrict lateral movement between zones
• How can we make this a reality?

22. 22| Confidential
INTRODUCING CHOKE POINTS
Traditional data center Virtualized network / SDN

• Built-in firewalls as part of the infrastructure
• No extra hardware needed
• A major effort involving:
• Hardware
• Cabling
• Reconfigure switching and routing

23. 24| Confidential
SEGMENTATION WITH SECURITY PROFILE MATRIX
24

24. 25| Confidential
THE BUSINESS-APPLICATION PERSPECTIVE
• East-West traffic is generated by business applications
• Each business application has:
• Servers supporting it
• Clients accessing it
• Business application connectivity requirements:
• Server-to-server traffic flows
• Client-to-server traffic flows
Segmentation example:
• Human-accessible systems
• Web-front
• Application Servers
• Infrastructure servers
• DMZ …

25. 26| Confidential
Design Enforce
FULL CYCLE FROM DESIGN TO ENFORCEMENT

26. 27| Confidential
EASILY
VISUALIZE AND
REVIEW
APPLICATION
CONNECTIVITY

27. 28| Confidential
ANALYZE AND
REVIEW
APPLICATION
CONNECTIVITY
RISKS

28. 29| Confidential
AND …
VULNERABILITIES

29. 30| Confidential
THE SECURITY POLICY MANAGEMENT LIFECYCLE
Automated policy push
Design for segmentation
Translate application connectivity
into firewall rules
Assess risk and compliance
Auto-discover and map application
connectivity and security
infrastructure
Allow application owners and
architects to easily define their
application connectivity needs

30. 31| Confidential
MANAGING APPLICATION LIFECYCLE AS A PROJECT
Move Application Payroll from testing to staging

31. 32| Confidential
EASILY MANAGE APPLICATION LIFECYCLE

32. 33| Confidential
REVIEW RISKS

33. 34| Confidential
OPEN CHANGE REQUEST
• Easily tracked
• Approval workflows

34. 35| Confidential
AUTOMATIC CALCULATION OF DEVICES IN PATH

35. 36| Confidential
AUTOMATIC CALCULATION OF DEVICES IN PATH

36. 37| Confidential
APPROVAL OF RISKS

37. 38| Confidential
TRANSLATION AND IMPLEMENTATION OF POLICY RULES

38. 39| Confidential
THE SECURITY POLICY MANAGEMENT LIFECYCLE
Out-of-the box auditing and
compliance reports
Link firewall rules to applications
Policy clean up and optimization
Tie cyber attacks and vulnerabilities
to business processes
Prioritize risks and vulnerabilities
Design for segmentation
Translate application connectivity
into firewall rules
Assess risk and compliance
Auto-discover and map application
connectivity and security
infrastructure
Allow application owners and
architects to easily define their
application connectivity needs
Automated policy push

39. 40| Confidential
RISK AND THE
APPLICATION
• Easily identify the applications most
at risk
• Present risk also to application
owners and BU managers
• Prioritize based on risk level,
applications sensitivity and criticality

40. 41| Confidential
BRING BUSINESS-
CENTRIC
VULNERABILITY
MODELING INTO
REGULATORY
COMPLIANCE
PCI sensitive
applications…

41. 42| Confidential
CONSIDER THE
APPLICATION IN
POLICY CLEAN UP
Example: we are considering the effect
of a new FTP related threat – what
applications at risk?

42. 43| Confidential
APPLICATION
IMPACT IN
INCIDENT
RESPONSE
Incident identified in SIEM

43. 44| Confidential
APPLICATION
IMPACT IN
INCIDENT
RESPONSE
Use AlgoSec to correlate to application

44. 45| Confidential
APPLICATION
IMPACT IN
INCIDENT
RESPONSE
Investigate path and possible ways or
closing the attach vector.

45. 46| Confidential
THE SECURITY POLICY MANAGEMENT LIFECYCLE
Decommission redundant
firewall rules and application
connectivity
Out-of-the box auditing and
compliance reports
Link firewall rules to applications
Policy clean up and optimization
Tie cyber attacks and vulnerabilities
to business processes
Auto-discover and map application
connectivity and security
infrastructure
Allow application owners and
architects to easily define their
application connectivity needs
Design for segmentation
Translate application connectivity
into firewall rules
Assess risk and compliance
Automated policy push

46. Please vote using the “votes from audience” tab in your BrightTALK panel
HOW MANY TIMES A YEAR DO YOU RE-CERTIFY
YOUR FIREWALL RULES?
• On a project basis
• Once a year
• Twice a year
• Once every 2 years
POLL

47. 48| Confidential
WHY FIREWALL RULES BECOME REDUNDANT
An application is
decommissioned
An application is
upgraded and uses
different services/ ports
An endpoint is moved to a
different datacenter
Decommissioning of outdated rules is best practice:
• Security: reduce attack surface and risk
• Compliance: periodic reviews are mandated

48. 49| Confidential
TRADITIONAL METHODOLOGY
REVIEW
the firewall logs
and determine
when the rule was
last used
READ
the comments to
see who
requested the rule
and which
application it
serves
VALIDATE
that the
application is not
in use with the
relevant contact
REMOVE
the rule or extend
the expiration
date

49. 50| Confidential
FIREWALL
RULE BASE

50. 51| Confidential
AN APPLICATION
CENTRIC
APPROACH

51. 52| Confidential
AN APPLICATION
CENTRIC
APPROACH

52. 53| Confidential
AN APPLICATION
CENTRIC
APPROACH

53. 54| Confidential
RULE DECOMMISSIONING
Manual Process
Manage each rule separately
Bombarded by rule recertification
notifications
Problematic to track rules to
originating purpose
With Automation
Business application expiration date
Timely configured notification – per
application
Single click to decommission or
extend expiration date

54. 55| Confidential
SUMMARY
• Top-down, business driven approach enables security
officers to make better decisions considering the balance
of business needs and security.
• Business-Driven automation enables fast application
delivery while enforcing security and ensure continuous
compliance.
• Design -> review risks - > enforce
And of course … all is documented
• Tying application info to security controls enables
prioritization, visibility and better decision making

55. 56| Confidential
Q&A

56. 57| Confidential
MORE RESOURCES
www.algosec.com/resources
WHITEPAPER SOLUTION BROCHURE PPT
PROF. WOOL EDUCATIONAL VIDEOS

57. 58| Confidential
UPCOMING WEBINARS
https://www.algosec.com/webinars
Topic: Securely Managing External Network Connections — Tips & Tricks
When: Tuesday, June 12th
Presented by: Prof. Avishai Wool, CTO
Topic: Selecting the right security policy management solution for your organization
When: Tuesday, July 10th
Presented by: Kyle Wickert, Worldwide Strategic Architect
---Sign up now ---

59. THANK YOU!
Questions can be emailed to
marketing@algosec.com