In this webinar, Asher Benbenisty, Director of Product Marketing at AlgoSec, will show how even the most complex security policies can be updated automatically and coherently across the network without introducing new problems. Webinar participants will learn how to achieve:
Powerful and convenient policy automation without human intervention
Rapid application delivery that improves business agility
Reduced risk while updating network security policies
6. RUN FASTER!
Constant demand
for better business
agility
Deliver in
minutes/hours,
not weeks/months
Technology
enablers
Continuous
Integration/
Deployment,
DevOps
Virtualization
Cloud, Software
Defined
Networking (SDN)
7. PROTECT YOUR
NETWORK BETTER!
• Attacks and breaches are constantly on the rise,
and getting more sophisticated
• Security must be stronger and tighter
• Otherwise, you can expect
• Service outages
• Critical data leakage
• Audits will fail
• Your name in the news
• Lack of enablers for Network Security
8. Which challenge is most prominent in your
organization?
• Network complexity
• Increased number of change requests coming from business units
• Increase in hacker attempts
• Lack of technology enablers for the network security team
Please vote using the “Votes from Audience” tab in your BrightTALK panel
9. STANDARDIZE &
AUTOMATE
• Standardize your network security
change process
• Keep an audit trial of the change
process
• Automate the change process
11. MAP DEVICES IN PATH
Find which security devices are in the
path and are blocking the requested
traffic
• Firewall policies
• Router ACLs
• SDN segmentation
• Cloud security groups
12. CHECK FOR RISKS
INVOLVED
• Define allowed connectivity between
zones
• Whatever is not pre-approved
should raise a risk
13. PLAN THE RULES
• Vendor-specific decisions – choose
policy, zones, ACLs, objects
• Implement optimally (avoid
rule/object duplications)
• Enforce naming conventions and
best practices
14. IMPLEMENT THE CHANGE ON THE DEVICES
• Push change to device
management (via APIs)
or directly to the device
(CLI), as available
REST API
16. STANDARDIZE &
AUTOMATE
• Standardize your network security
change process
• Keep an audit trail of the change
process
• Automate the change process
17. DOCUMENTATION AND LOGGING
• Full audit trail
• Including human approvals
• Compliance and audits
• Troubleshooting
• Ability to undo changes
18. STANDARDIZE &
AUTOMATE
• Standardize your network security
change process
• Keep an audit trial of the change
process
• Automate the change process
19. AUTOMATION
Automate every step along the change process
• Enable zero-touch changes within
minutes – business agility
• Save time even when human
intervention is required
• Avoid typos and mistakes
• Full and accurate documentation (for
audit, undo change)
20. In the network security world, what do you find
most difficult to achieve ?
• Standardization of the change process
• Full documentation of the change process
• Automation of the change process
Please vote using the “votes from audience” tab in your BrightTALK panel
22. DEFINE YOUR SECURITY POLICY
• Segmentation
• Low risk
• Specific environments, business applications,
firewalls, requestors
• Compliance with organization policy
• Compliance with regulatory standards
23. TRUST DOES NOT
COME IN A DAY
• Start with more control
• Gradually increase degree of automation
• Share quantitative data with all stakeholders
• Monitor and fine-tune
24. FINE-TUNING
• Study statistics
• What percentage of changes
required human intervention?
• Why?
• How many SLA breaches?
• Consider widening pre-approved
policy, if needed
Change Requests
25. SUMMARY
25
• Today, network security teams are facing 3 main challenges:
• Network complexity
• Need to perform rapid changes
• Increased sophistication and numbers of hacker attacks
• Standardization & automation of the change cycle help Jack (and you)
overcome the hurdles