Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
- 1. 5 MORE THINGS YOU CAN DO WITH A SECURITY POLICY MANAGEMENT SOLUTION Jonathan Gold-Shalev
- 2. WHAT WE’LL COVER TODAY • Auto discover and map application connectivity • Automate application migration projects • Design application connectivity before your servers are fully allocated • Enhance C-Level visibility to the network and application security • Manage disaster recovery devices 2 | Confidential
- 3. 3 | Confidential Automatically Discover and Map Application Connectivity
- 4. LET’S TALK ABOUT BUSINESSFLOW • With AlgoSec’s BusinessFlow you can manage your applications’ connectivity and security • Every application contains the definition of the flows it requires to perform its task • Given this definition, along with AlgoSec’s Firewall Analyzer and FireFlow, BusinessFlow allows you to: • Get visibility to the connectivity status • Verify the required connectivity is maintained • Initiate and document changes without losing track • Migrate applications or servers • Understand what policy rules support which applications 4 | Confidential
- 5. BUSINESSFLOW SNEAK PEEK 5 | Confidential
- 6. MAPPING EXISTING APPLICATIONS • BusinessFlow provides visibility and automation for your applications • However, it requires the applications to be defined in it • Well… how well are your applications documented? • CMDB? • Excel Spreadsheet? • Firewall Rules? • Most customers don’t have a reliable source of truth • Automatic discovery is required 6 | Confidential
- 7. INTRODUCING – ALGOSEC AUTODISCOVERY • AlgoSec’s AutoDiscovery sensor/s digest network traffic through: • Live port mirroring • PCAP files exported from packet brokers • ESX Internal Traffic (promiscuous mode) • Local sensors on central servers • Analyzes network traffic, including: • DPI • Netflow/Sflow • And many more… • Maps all the traffic to business applications 7 | Confidential
- 8. THE MAPPED BUSINESS APPLICATIONS 8 | Confidential
- 9. ALGOSEC AUTODISCOVERY – CONT. • The discovered applications are then added to BusinessFlow • Users can then configure optimization so that thin flows and objects are merged together • The application owners can then simply apply the configuration and start working with BusinessFlow 9 | Confidential
- 10. DISCOVERED APPLICATIONS 10 | Confidential
- 11. DISCOVERED APPLICATIONS 11 | Confidential
- 12. OPTIMIZED FLOWS 12 | Confidential
- 13. 13 | Confidential Application Migration - Automated
- 14. APPLICATION MIGRATION – CAN WE AUTOMATE? • Applications migrate all the time • Data center migrations • Acquisitions • Test -> Pre-Production -> Production • And more • Migrating the required connectivity is a big deal – it is delicate and there’s a real risk of causing downtime • BusinessFlow makes sure the migration process is error-free and automated 14 | Confidential
- 15. APPLICATION MIGRATION – MAKING IT SIMPLE • Create an application migration project from BusinessFlow • Select one or more applications • For each application server, define the new server it will migrate to • You can even select whether to move or clone the application • Evaluate potential impact on the application vulnerability and risk level • Apply the changes • That’s it 15 | Confidential
- 16. SO WHAT HAPPENS NEXT? • BusinessFlow will now open change requests • FireFlow will then process these change requests automatically • The changes can then be implemented all the way to the devices • That’s it 16 | Confidential
- 17. A PICTURE IS WORTH MORE… 17 | Confidential
- 18. DEFINING THE MIGRATION PARAMETERS 18 | Confidential
- 19. PROJECT DASHBOARD 19 | Confidential
- 20. 20 | Confidential DESIGN YOUR APPLICATION CONNECTIVTY BEFORE THE SERVER IP ADDRESSES ARE KNOWN
- 21. DEFINE APPLICATION CONNECTIVITY • BusinessFlow allows you to describe the connectivity required for your applications • Flow objects can come from various different sources • CMDB • Firewalls • Any CSV exported from any source • But what do you do when the server IP addresses are not yet allocated? 21 | Confidential
- 22. INTRODUCING – ABSTRACT OBJECTS • BusinessFlow allows defining application flows with abstract objects • Abstract objects function as placeholders • Flows with abstract objects will be visible but will not be active • Once your server IP address is allocated, simply replace object to activate the flow • No more waiting for server IP address allocations before completing application design 22 | Confidential
- 23. ABSTRACT OBJECT IN A FLOW 23 | Confidential
- 24. ALLOCATING ABSTRACT OBJECTS 24 | Confidential
- 25. 25 | Confidential THE ALGOSEC REPORTING TOOL
- 26. ENHANCING C-LEVEL VISIBILITY • C-Level staff need visibility • They need to know about the problems, trends and bottom line numbers • They need to get it periodically • They need it in their mailbox • They need it in colorful dashboards and charts 26 | Confidential
- 27. INTRODUCING THE ALGOSEC REPORTING TOOL • Rich set of out-of-the-box dashboards and charts • Rich reporting capabilities on AlgoSec’s top 3 entities: • Devices • Change Requests • Business Applications • Easily create charts and dashboards • Export the dashboards to PDF or CSV format • Schedule sending these dashboard to C-Level recipients 27 | Confidential
- 28. SOME CHART EXAMPLES - DEVICES • Devices with lowest PCI compliance score • Most risky devices • Average security rating over time • Devices with lowest baseline compliance score • Devices whose policies require the most optimization • And many more… 28 | Confidential
- 29. SOME CHART EXAMPLES – CHANGE REQUESTS • Change requests status distribution • Open change requests by owner • Number of change requests created over time • Number of change requests by device group • Number of change requests in the same status for X days • And many more… 29 | Confidential
- 30. SOME CHART EXAMPLES – APPLICATIONS • Most risky applications • Most vulnerable applications • Applications with highest number of unscanned servers • Applications by connectivity status • Number of change requests per-application • And many more… 30 | Confidential
- 33. 33 | Confidential DISASTER RECOVERY DEVICE PAIRS
- 34. DISASTER RECOVERY DEVICES / PATHS 34 | Confidential • Some organizations define their networks so that if one route is no longer available, traffic takes a different path through DR firewalls and routers • Requires defining device disaster recovery pairs • Traffic that is allowed on one device in the pair must be allowed on the other as well (although the traffic is not currently routed through it) • For devices without a central management system, maintaining the pair synced is a real challenge
- 35. ENTERS ALGOSEC DR-SET 35 | Confidential • AlgoSec allows you to define DR-Sets – groups of devices that must always share the same policy • Whenever FireFlow detects that one of the devices in the pair needs to be changed, the other devices will be automatically added to the list of devices to change • Then, the same traffic that is added to the main device will be added to the rest in the DR Set • Allows for maintaining the consistency, without any manual work and human errors
- 36. DR SETS – HOW IT LOOKS 36 | Confidential
- 37. SUMMARY • AlgoSec provides you with business-centric security policy management capabilities • A single pane of glass for the required connectivity of your applications • Automates business-driven change processes • And much more • Explore the AlgoSec solution, read through the guides, visit our public KnowledgeBase and ask us questions • You are bound to find more and more things you may have not known you can do with AlgoSec 37 | Confidential
- 39. Thank you! Questions can be emailed to marketing@algosec.com