Security policy management solutions enable security and operations teams to manage and optimize firewall policy, automate security policy changes and mitigate network security risk - all while avoiding misconfigurations, staying compliant and saving time and resources.
While this provides unprecedented value for network security visibility and management, these teams often lack the business context; the ability to assess the impact of network and firewall rule changes on the company’s business applications, application availability and business processes.
Join Yonatan Klein, Director Product Management at AlgoSec, as he explores why a security policy management solution should also offer application discovery and visibility to enable a truly business-driven approach to security policy management.
The webinar will cover:
Business-driven management of connectivity change requests while avoiding misconfigurations and miscommunications
Pro-active visibility of the security impact of application changes before applying them
How visibility into the applications associated with every firewall rule enhances auditing, compliance and policy cleanup
Clear visibility into the impact of new vulnerabilities and maintenance tasks on business processes
Different ways to discover network connectivity for existing applications
2. 2| Confidential
WELCOME
Have a question? Submit it via the chat
This webinar is being recorded!
Slides and recording will be sent to you after the webinar
2
4. 4| Confidential
RUN FASTER!
• Constant demand for higher business agility
• Technology enablers (DevOps, cloud, SDN)
• Deliver in minutes/hours, not weeks/months
DEV
OPS
PROTECT YOUR NETWORK BETTER!
• Attacks and breaches are constantly on
the rise, more sophisticated
• Security must be stronger and tighter
But also…
5. 5| Confidential
THE BALANCING ACT - REALITY
Trying to find the perfect balance:
• Both agility and security are affected
• Constant tension between Security and Apps teams
Security Business Agility
And if it fails … Shadow IT starts
7. INFORMATIONMANAGING SECURITY WITH THE BUSINESS CONTEXT
* Slide from AlgoSec webinar featuring Gartner
The move to the cloud, mobile and digital business requires changes in how we approach security
People
Processes
Application &
Services
Workspace
OS
Network
Hardware
TOP DOWN
Information, process and
Application-centric security
Business-driven security
BOTTOM UP
Device and OS fixation, “lockdown”
Asset-centric security
8. 8| Confidential
WHY IS THE
BUSINESS
CONTEXT SO
IMPORTANT
• Prioritize risk management by
application criticality
• Application sensitivity impact
security levels
• E.g. PCI
• Security policy affected by
application status
Matching of business application to firewall rules
9. 9| Confidential
AlgoSec enables
companies to align
security with their
business processes
Business-driven Agility
Business-driven Visibility
Business-driven Security
BUSINESS DRIVEN SECURITY MANAGEMENT
10. HOW DIFFICULT IS IT FOR YOUR NETWORK TEAMS
TO UNDERSTAND THE BUSINESS CONTEXT OF
FIREWALL RULES?
• Very
• Slightly
• This is not a challenge
Please vote using the “votes from audience” tab in your BrightTALK panel
POLL
12. 12| Confidential
THE SECURITY POLICY MANAGEMENT LIFECYCLE
Auto-discover and map application
connectivity and security
infrastructure
Allow application owners and
architects to easily define their
application connectivity needs
13. 13| Confidential
DESIGN OR DISCOVER EXISTING APPLICATIONS
• Existing sources?
• CMDB
• Excel Spreadsheet
• Firewall Rules
• APM DB
• Network discovery
• Firewall logs
• Network sensing
• 3rd party network probing
• Design a new application
14. 14| Confidential
APPLICATION & CONNECTIVITY AUTO-DISCOVERY
• Various sources: network mirroring, PCAP files, NetFlow, sFlow
Network
sensing
• Determine hosts
• Determine active flows
Analyze
network traffic
• Smart heuristics to identify web services, data bases, applications
• Application identity “hints”
Identify business
applications
19. 19| Confidential
THE SECURITY POLICY MANAGEMENT LIFECYCLE
Design for segmentation
Translate application connectivity
into firewall rules
Assess risk and compliance
Auto-discover and map application
connectivity and security
infrastructure
Allow application owners and
architects to easily define their
application connectivity needs
21. 21| Confidential
BETTER SECURITY WITH MICRO-SEGMENTATION
• Introduce filtering choke-points between zones
• Allows control of east-west traffic
• Lets organizations restrict lateral movement between zones
• How can we make this a reality?
22. 22| Confidential
INTRODUCING CHOKE POINTS
Traditional data center Virtualized network / SDN
• Built-in firewalls as part of the infrastructure
• No extra hardware needed
• A major effort involving:
• Hardware
• Cabling
• Reconfigure switching and routing
29. 30| Confidential
THE SECURITY POLICY MANAGEMENT LIFECYCLE
Automated policy push
Design for segmentation
Translate application connectivity
into firewall rules
Assess risk and compliance
Auto-discover and map application
connectivity and security
infrastructure
Allow application owners and
architects to easily define their
application connectivity needs
38. 39| Confidential
THE SECURITY POLICY MANAGEMENT LIFECYCLE
Out-of-the box auditing and
compliance reports
Link firewall rules to applications
Policy clean up and optimization
Tie cyber attacks and vulnerabilities
to business processes
Prioritize risks and vulnerabilities
Design for segmentation
Translate application connectivity
into firewall rules
Assess risk and compliance
Auto-discover and map application
connectivity and security
infrastructure
Allow application owners and
architects to easily define their
application connectivity needs
Automated policy push
39. 40| Confidential
RISK AND THE
APPLICATION
• Easily identify the applications most
at risk
• Present risk also to application
owners and BU managers
• Prioritize based on risk level,
applications sensitivity and criticality
45. 46| Confidential
THE SECURITY POLICY MANAGEMENT LIFECYCLE
Decommission redundant
firewall rules and application
connectivity
Out-of-the box auditing and
compliance reports
Link firewall rules to applications
Policy clean up and optimization
Tie cyber attacks and vulnerabilities
to business processes
Auto-discover and map application
connectivity and security
infrastructure
Allow application owners and
architects to easily define their
application connectivity needs
Design for segmentation
Translate application connectivity
into firewall rules
Assess risk and compliance
Automated policy push
46. Please vote using the “votes from audience” tab in your BrightTALK panel
HOW MANY TIMES A YEAR DO YOU RE-CERTIFY
YOUR FIREWALL RULES?
• On a project basis
• Once a year
• Twice a year
• Once every 2 years
POLL
47. 48| Confidential
WHY FIREWALL RULES BECOME REDUNDANT
An application is
decommissioned
An application is
upgraded and uses
different services/ ports
An endpoint is moved to a
different datacenter
Decommissioning of outdated rules is best practice:
• Security: reduce attack surface and risk
• Compliance: periodic reviews are mandated
48. 49| Confidential
TRADITIONAL METHODOLOGY
REVIEW
the firewall logs
and determine
when the rule was
last used
READ
the comments to
see who
requested the rule
and which
application it
serves
VALIDATE
that the
application is not
in use with the
relevant contact
REMOVE
the rule or extend
the expiration
date
53. 54| Confidential
RULE DECOMMISSIONING
Manual Process
Manage each rule separately
Bombarded by rule recertification
notifications
Problematic to track rules to
originating purpose
With Automation
Business application expiration date
Timely configured notification – per
application
Single click to decommission or
extend expiration date
54. 55| Confidential
SUMMARY
• Top-down, business driven approach enables security
officers to make better decisions considering the balance
of business needs and security.
• Business-Driven automation enables fast application
delivery while enforcing security and ensure continuous
compliance.
• Design -> review risks - > enforce
And of course … all is documented
• Tying application info to security controls enables
prioritization, visibility and better decision making