SlideShare a Scribd company logo

Best Practics for Automating Next Generation Firewall Change Processes

Download as PPTX, PDF
Adi Gazit Blecher, profile picture
Adi Gazit Blecher

The document outlines best practices for automating next-generation firewall change processes to support business transformation initiatives while addressing issues such as slow change management and costly misconfigurations. It discusses key capabilities of Algosec's security policy management suite, including seamless policy analysis, zero-touch change management, and integration with Palo Alto Networks. The document also highlights management features in the latest release and improvements in visibility and policy control for enhanced security and compliance.

Technology
Related topics:
security-policySecurity Management
1 of 45
Downloaded 42 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
BEST PRACTICES FOR AUTOMATING NEXT GENERATION FIREWALL CHANGE PROCESSES Edy Almer, VP Product, AlgoSec Moshe Itah, Product Line Manager, Palo Alto Networks
• Supporting business transformation initiatives such as cloud and SDN • Lack of visibility into business application connectivity requirements • Slow, manual and error-prone change management processes • Costly outages and exposure to risk due to misconfigurations • Time-consuming audits and reactive compliance verification 2 | Confidential DO YOU STRUGGLE WITH?
ELIMINATE THE TRADEOFF 3 | Confidential Security Business Agility Avoid misconfiguration and reduce attack surface Proactively mitigate risk Ensure continuous compliance Enforce Network Segmentation Provision network changes in minutes, not days Understand business requirements and avoid application outages Align teams to foster DevSecOps Free up time by automating processes
5 | Confidential THE ALGOSEC SECURITY POLICY MANAGEMENT SUITE
KEY CAPABILITIES Secure Business Application Connectivity Management Security Policy Change Management Continuous Compliance and Auditing Firewall Policy Optimization Security Policy Risk Mitigation NGFW and Datacenter Migration Hybrid Cloud Security
Best Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change Processes
18 | Confidential ALGOSEC INTEGRATION WITH PALO ALTO NETWORKS
APP-ID AND USER-ID SUPPORT • Policy analysis • Automatically and seamlessly replace ports with applications at layer 7 • Zero-touch change management • Proactive risk analysis • Add/remove/modify traffic and intelligent rule design • Policy push directly to Palo Alto Networks devices (through Panorama) • Mixed NGFW and non user/application-aware infrastructure, and cloud (VMware NSX, AWS, Azure) 19 | Confidential
APP-ID AND USER ID CONNECTIVITY MANAGEMENT • Changes include application default, app_id and user data 20 |
PANORAMA SUPPORT • Automated policy push through Panorama to its devices, including user-awareness, application awareness • Support for large estates • Automatically populate firewalls in AlgoSec • Identify and incorporate candidate policies in the analysis (aggregated changes not yet committed to the devices) • Allow low risk change requests to be automatically resolved, while security operations must approve or reject only higher risk items 21 | Confidential
PANORAMA SUPPORT 22 | Confidential
PRAGMATIC AUTOMATION • Collate all changes related to a policy • Allow mixed device based work orders and policy based work orders on the same ticket  Make single change to Panorama instead of hundreds of individual device level changes – while still supporting device based changes for other vendors. 23 |
ACTIVECHANGE THROUGH PANORAMA 24 | Confidential
25 | • Support assignment of Panorama device groups to organizational groups in AD • Each group handles and approves changes to “its” devices • Align with organizational structure • Improve inter team synchronization • Reduce errors • Provide full results to requestors SUPPORT ORGANIZATION STRUCTURE & DEVICE GROUPS
ASSIGN RESPONSIBILITY TO DEVICE GROUP OWNERS 26 | Confidential
Best Practics for Automating Next Generation Firewall Change Processes
Management Features in Release 7.1 Moshe Itah
Palo Alto Networks and AlgoSec  Palo Alto Networks and AlgoSec are close partners  Palo Alto Networks and AlgoSec share  early alpha/beta releases for feedback and testing  product roadmaps  technical discussions  The relationship work are at multiple levels  Business Development  Product Management 29 | ©2016. Palo Alto Networks. Confidential and Proprietary.
Commit Enhancements 30 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Commit Queue  Once a commit is running, no other commit (user or system triggered) is allowed, preventing …  Commit to multiple VSYS on same device mapped to different DGs in Panorama  Multiple admins from committing to device/Panorama simultaneously  Tenants from committing simultaneously to their VSYS  User commits when DAG updates, FQDN or EDL refreshes are ongoing  New commits are queued when a commit is in progress  All commits are queued in the order they were received  On commit failure the next commit is processed 31 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Commit Queue  Full visibility into queue  Which commit is being processed?  Ability to clear the queue  Queue capacity is platform dependent  Queues not synched across HA peers  CLI and API support  Commits with following changes will fail if the commit queue is not empty  Master key  Mode (single to multi-VSYS)  URL DB  Reverts 32 | ©2016, Palo Alto Networks. Confidential and Proprietary.
How Commit Queue Works 33 | ©2016, Palo Alto Networks. Confidential and Proprietary. Commit Task Queue Commit Processing Commit 1 by jamie Commit 1 by jamie Commit 1 by jamie Commit 2 by saurabh Commit 2 by saurabh Commit 3 by moshe Commit 3 by moshe Commit 3 by moshe FQDN Refresh for Commit 1
Commit Description  Commit description can be up to 512 characters  Use cases  Describe what changes were pushed down with commit  Ticket Numbers, Change Request Numbers, Audit Info etc.  Compare versions based on commit description in config audit  Type in description text into config version selector to compare  Commit description searches available in system logs, task manager 34 | ©2016, Palo Alto Networks. Confidential and Proprietary. Start typing description
Increased Maximum Virtual Disk  Problem – Max size of supported virtual disk is 2TB which leads customers to NFS for more storage  NFS is less than ideal for throughput rates and predictability  Virtual Disk has better performance, but 2TB is not enough storage for many customers  Solution – Support up to 8 TB of virtual disk for VM Panorama  Must have ESXi 5.5+  Will require a new virtual disk (will be covered in LAB session) 35 | ©2016, Palo Alto Networks. Confidential and Proprietary.
New ACC Widgets 36 | ©2016, Palo Alto Networks. Confidential and Proprietary.
New ACC Widgets  Problem – Customers could not see more than top 10 URL categories or File Types / Data Patterns  Currently URL Filtering and Content activity is only shown in the User Activity or IP Activity widgets at top 10 items  Solution – Create two new widgets for URL filtering and Content Activity  Allows admins to view top URL domains and files/patterns in the table with the ability to maximize for an expanded list  The widgets must be added to a tab manually 37 | ©2016, Palo Alto Networks. Confidential and Proprietary.
New ACC Widgets 38 | ©2016, Palo Alto Networks. Confidential and Proprietary.
New ACC Widgets  Problem – Customers wanted visibility into top data transfers and URLs independent of IP or User  Currently URL and Content visibility was restricted to the User Activity or IP Activity widgets at max top 10 items  Solution – Create two new widgets for URL filtering and Content Filtering  Allows admins to view URL / Content at the top level and drill into details  The widgets must be added to a tab manually 39 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Unified Log Viewer 40 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Unified Log Viewer  Problem – Customers cannot see all events associated with a set of filters across databases  Admins can only view the related logs for any single event or re-run the same query on each log type  Solution – Add a unified log viewer  All traffic and threat log types are available  Any column that is common will return results from all of the relevant matching logs 41 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Unified Log Viewer Example 42 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Unified Log Viewer: Specific Query 43 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Unified Log Viewer: Specific Query 44 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Unified Log Viewer: DB Selection 45 | ©2016, Palo Alto Networks. Confidential and Proprietary.
THANK YOU For personal demo: www.algosec.com/Demo More information: marketing@algosec.com 46 | Confidential

More Related Content

PDF
2021 01-27 reducing risk of ransomware webinar
AlgoSec
 
PDF
Build and enforce defense in depth - an algo sec-cisco tetration webinar
AlgoSec
 
PDF
best practices-managing_security_in_the hybrid cloud
AlgoSec
 
PDF
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
AlgoSec
 
PDF
Microsegmentation from strategy to execution
AlgoSec
 
PPTX
2018 11-19 improving business agility with security policy automation final
AlgoSec
 
PDF
2020 04-07 webinar slides -turning network security alerts into action change...
AlgoSec
 
PPTX
SDN's managing security across the virtual network final
AlgoSec
 
2021 01-27 reducing risk of ransomware webinar
AlgoSec
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
AlgoSec
 
best practices-managing_security_in_the hybrid cloud
AlgoSec
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
AlgoSec
 
Microsegmentation from strategy to execution
AlgoSec
 
2018 11-19 improving business agility with security policy automation final
AlgoSec
 
2020 04-07 webinar slides -turning network security alerts into action change...
AlgoSec
 
SDN's managing security across the virtual network final
AlgoSec
 

What's hot (20)

PPTX
Application visibility across the security estate the value and the vision ...
AlgoSec
 
PDF
compliance made easy. pass your audits stress-free webinar
AlgoSec
 
PPTX
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
AlgoSec
 
PPT
More Things You Can Do with the AlgoSec Security Policy Management Suite
AlgoSec
 
PPT
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
AlgoSec
 
PPTX
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
AlgoSec
 
PDF
Managing Application Connectivity in the World of Network Security
shira koper
 
PPTX
2019 08-13 selecting the right security policy management solution
AlgoSec
 
PDF
The state of the cloud csa survey webinar
AlgoSec
 
PDF
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
shira koper
 
PPTX
2018 10-11 automating network security policy management allows financial ins...
AlgoSec
 
PPT
Create and Manage a Micro-Segmented Data Center – Best Practices
AlgoSec
 
PPTX
Tying cyber attacks to business processes, for faster mitigation
Maytal Levi
 
PDF
DevSecOps: Putting the Sec into the DevOps
shira koper
 
PPTX
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
AlgoSec
 
PDF
2021 01-13 reducing risk-of_ransomware
AlgoSec
 
PDF
Migrating and Managing Security in an AWS Environment- Best Practices
shira koper
 
PDF
Cisco aci and AlgoSec webinar
Maytal Levi
 
PDF
Examining the Impact of Security Management on the Business (Infographic)
AlgoSec
 
PDF
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
AlgoSec
 
Application visibility across the security estate the value and the vision ...
AlgoSec
 
compliance made easy. pass your audits stress-free webinar
AlgoSec
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
AlgoSec
 
More Things You Can Do with the AlgoSec Security Policy Management Suite
AlgoSec
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
AlgoSec
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
AlgoSec
 
Managing Application Connectivity in the World of Network Security
shira koper
 
2019 08-13 selecting the right security policy management solution
AlgoSec
 
The state of the cloud csa survey webinar
AlgoSec
 
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
shira koper
 
2018 10-11 automating network security policy management allows financial ins...
AlgoSec
 
Create and Manage a Micro-Segmented Data Center – Best Practices
AlgoSec
 
Tying cyber attacks to business processes, for faster mitigation
Maytal Levi
 
DevSecOps: Putting the Sec into the DevOps
shira koper
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
AlgoSec
 
2021 01-13 reducing risk-of_ransomware
AlgoSec
 
Migrating and Managing Security in an AWS Environment- Best Practices
shira koper
 
Cisco aci and AlgoSec webinar
Maytal Levi
 
Examining the Impact of Security Management on the Business (Infographic)
AlgoSec
 
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
AlgoSec
 
Ad

Viewers also liked (20)

PDF
Cisco aci and AlgoSec webinar
Maytal Levi
 
PDF
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
Adi Gazit Blecher
 
PPTX
Palo Alto Networks authentication
Alberto Rivai
 
PPT
Next Generation Security
neoma329
 
PDF
Openstack Ops Meetup Palo Alto LT
Toshikazu Ichikawa
 
PDF
OPNFV Use Case: VPN in the Cloud
OPNFV
 
PDF
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Ajeet Singh
 
PDF
Managing risk and vulnerabilities in a business context
AlgoSec
 
PDF
Learn how an app-centric approach will improve security & operational efficiency
Adi Gazit Blecher
 
PDF
Avoid outages-from-misconfigured-devices-webinar-slides
AlgoSec
 
PPTX
Shift Happens: Eliminating the Risks of Network Security Policy Changes
AlgoSec
 
PPTX
Dos and Don’ts for Managing External Connectivity to/from Your Network
AlgoSec
 
PPTX
AWS Security Fundamentals: Dos and Don’ts
AlgoSec
 
PDF
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
AlgoSec
 
PDF
NGFW Brochure 08 08
Sunardi Fatan
 
PPTX
Lecture The Search for Innovation
Event StoryBoard
 
PDF
Taking the fire drill out of making firewall changes
AlgoSec
 
PPTX
Segmenting your Network for Security - The Good, the Bad and the Ugly
AlgoSec
 
PPTX
Zero Trust Networking with Palo Alto Networks Security
Denis Batrankov, CISSP
 
PDF
Whats new in neutron for open stack havana
Kamesh Pemmaraju
 
Cisco aci and AlgoSec webinar
Maytal Levi
 
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
Adi Gazit Blecher
 
Palo Alto Networks authentication
Alberto Rivai
 
Next Generation Security
neoma329
 
Openstack Ops Meetup Palo Alto LT
Toshikazu Ichikawa
 
OPNFV Use Case: VPN in the Cloud
OPNFV
 
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Ajeet Singh
 
Managing risk and vulnerabilities in a business context
AlgoSec
 
Learn how an app-centric approach will improve security & operational efficiency
Adi Gazit Blecher
 
Avoid outages-from-misconfigured-devices-webinar-slides
AlgoSec
 
Shift Happens: Eliminating the Risks of Network Security Policy Changes
AlgoSec
 
Dos and Don’ts for Managing External Connectivity to/from Your Network
AlgoSec
 
AWS Security Fundamentals: Dos and Don’ts
AlgoSec
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
AlgoSec
 
NGFW Brochure 08 08
Sunardi Fatan
 
Lecture The Search for Innovation
Event StoryBoard
 
Taking the fire drill out of making firewall changes
AlgoSec
 
Segmenting your Network for Security - The Good, the Bad and the Ugly
AlgoSec
 
Zero Trust Networking with Palo Alto Networks Security
Denis Batrankov, CISSP
 
Whats new in neutron for open stack havana
Kamesh Pemmaraju
 
Ad

Similar to Best Practics for Automating Next Generation Firewall Change Processes (20)

PDF
Feasibility Study Template for Electronic Software Distribution
Flevy.com Best Practices
 
PPTX
Kafka/SMM Crash Course
DataWorks Summit
 
PPTX
Design and Deploy Secure Clouds for Financial Services Use Cases
PLUMgrid
 
PPTX
Yongsan presentation 3
GovCloud Network
 
PDF
OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...
NETWAYS
 
PPTX
Techcello at a glance
kanimozhin
 
PPTX
Nagios Consulting Implementation and Maintenance
Razak Mohammed Ali
 
PPTX
Best practices for application migration to public clouds interop presentation
esebeus
 
PPTX
IBM i Development: Increase Accuracy and Efficiency with SEQUEL's ABSTRACT a...
HelpSystems
 
PPT
What’s new in Rational collaborative lifecycle management 2011?
IBM Danmark
 
PPTX
Understanding saa s
Umesh Kodmur
 
PDF
Partner Connect APAC - 2022 - April
confluent
 
PDF
Which Application Modernization Pattern Is Right For You?
Apigee | Google Cloud
 
PDF
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...
panagenda
 
PPTX
Gain Insights, Make Decisions, and Take Action Across a Streamlined and Autom...
Arraya Solutions
 
PPT
Forrester Research on Globally Distributed Development Using Subversion
WANdisco Plc
 
PPT
Forrester Research on Optimizing Globally Distributed Software Development Us...
WANdisco Plc
 
PDF
Adopting the Cloud
Tapio Rautonen
 
PPTX
The Top 5 Practices of a Highly Successful ChangeMan ZMF Administrator
Serena Software
 
PDF
VMworld 2013: Architecting the Software-Defined Data Center
VMworld
 
Feasibility Study Template for Electronic Software Distribution
Flevy.com Best Practices
 
Kafka/SMM Crash Course
DataWorks Summit
 
Design and Deploy Secure Clouds for Financial Services Use Cases
PLUMgrid
 
Yongsan presentation 3
GovCloud Network
 
OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...
NETWAYS
 
Techcello at a glance
kanimozhin
 
Nagios Consulting Implementation and Maintenance
Razak Mohammed Ali
 
Best practices for application migration to public clouds interop presentation
esebeus
 
IBM i Development: Increase Accuracy and Efficiency with SEQUEL's ABSTRACT a...
HelpSystems
 
What’s new in Rational collaborative lifecycle management 2011?
IBM Danmark
 
Understanding saa s
Umesh Kodmur
 
Partner Connect APAC - 2022 - April
confluent
 
Which Application Modernization Pattern Is Right For You?
Apigee | Google Cloud
 
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...
panagenda
 
Gain Insights, Make Decisions, and Take Action Across a Streamlined and Autom...
Arraya Solutions
 
Forrester Research on Globally Distributed Development Using Subversion
WANdisco Plc
 
Forrester Research on Optimizing Globally Distributed Software Development Us...
WANdisco Plc
 
Adopting the Cloud
Tapio Rautonen
 
The Top 5 Practices of a Highly Successful ChangeMan ZMF Administrator
Serena Software
 
VMworld 2013: Architecting the Software-Defined Data Center
VMworld
 

Recently uploaded (20)

PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Approach and Philosophy of On baking technology
30anthuong17
 

Best Practics for Automating Next Generation Firewall Change Processes

  • 1. BEST PRACTICES FOR AUTOMATING NEXT GENERATION FIREWALL CHANGE PROCESSES Edy Almer, VP Product, AlgoSec Moshe Itah, Product Line Manager, Palo Alto Networks
  • 2. • Supporting business transformation initiatives such as cloud and SDN • Lack of visibility into business application connectivity requirements • Slow, manual and error-prone change management processes • Costly outages and exposure to risk due to misconfigurations • Time-consuming audits and reactive compliance verification 2 | Confidential DO YOU STRUGGLE WITH?
  • 3. ELIMINATE THE TRADEOFF 3 | Confidential Security Business Agility Avoid misconfiguration and reduce attack surface Proactively mitigate risk Ensure continuous compliance Enforce Network Segmentation Provision network changes in minutes, not days Understand business requirements and avoid application outages Align teams to foster DevSecOps Free up time by automating processes
  • 4. 5 | Confidential THE ALGOSEC SECURITY POLICY MANAGEMENT SUITE
  • 5. KEY CAPABILITIES Secure Business Application Connectivity Management Security Policy Change Management Continuous Compliance and Auditing Firewall Policy Optimization Security Policy Risk Mitigation NGFW and Datacenter Migration Hybrid Cloud Security
  • 17. 18 | Confidential ALGOSEC INTEGRATION WITH PALO ALTO NETWORKS
  • 18. APP-ID AND USER-ID SUPPORT • Policy analysis • Automatically and seamlessly replace ports with applications at layer 7 • Zero-touch change management • Proactive risk analysis • Add/remove/modify traffic and intelligent rule design • Policy push directly to Palo Alto Networks devices (through Panorama) • Mixed NGFW and non user/application-aware infrastructure, and cloud (VMware NSX, AWS, Azure) 19 | Confidential
  • 19. APP-ID AND USER ID CONNECTIVITY MANAGEMENT • Changes include application default, app_id and user data 20 |
  • 20. PANORAMA SUPPORT • Automated policy push through Panorama to its devices, including user-awareness, application awareness • Support for large estates • Automatically populate firewalls in AlgoSec • Identify and incorporate candidate policies in the analysis (aggregated changes not yet committed to the devices) • Allow low risk change requests to be automatically resolved, while security operations must approve or reject only higher risk items 21 | Confidential
  • 21. PANORAMA SUPPORT 22 | Confidential
  • 22. PRAGMATIC AUTOMATION • Collate all changes related to a policy • Allow mixed device based work orders and policy based work orders on the same ticket  Make single change to Panorama instead of hundreds of individual device level changes – while still supporting device based changes for other vendors. 23 |
  • 24. 25 | • Support assignment of Panorama device groups to organizational groups in AD • Each group handles and approves changes to “its” devices • Align with organizational structure • Improve inter team synchronization • Reduce errors • Provide full results to requestors SUPPORT ORGANIZATION STRUCTURE & DEVICE GROUPS
  • 25. ASSIGN RESPONSIBILITY TO DEVICE GROUP OWNERS 26 | Confidential
  • 28. Palo Alto Networks and AlgoSec  Palo Alto Networks and AlgoSec are close partners  Palo Alto Networks and AlgoSec share  early alpha/beta releases for feedback and testing  product roadmaps  technical discussions  The relationship work are at multiple levels  Business Development  Product Management 29 | ©2016. Palo Alto Networks. Confidential and Proprietary.
  • 29. Commit Enhancements 30 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 30. Commit Queue  Once a commit is running, no other commit (user or system triggered) is allowed, preventing …  Commit to multiple VSYS on same device mapped to different DGs in Panorama  Multiple admins from committing to device/Panorama simultaneously  Tenants from committing simultaneously to their VSYS  User commits when DAG updates, FQDN or EDL refreshes are ongoing  New commits are queued when a commit is in progress  All commits are queued in the order they were received  On commit failure the next commit is processed 31 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 31. Commit Queue  Full visibility into queue  Which commit is being processed?  Ability to clear the queue  Queue capacity is platform dependent  Queues not synched across HA peers  CLI and API support  Commits with following changes will fail if the commit queue is not empty  Master key  Mode (single to multi-VSYS)  URL DB  Reverts 32 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 32. How Commit Queue Works 33 | ©2016, Palo Alto Networks. Confidential and Proprietary. Commit Task Queue Commit Processing Commit 1 by jamie Commit 1 by jamie Commit 1 by jamie Commit 2 by saurabh Commit 2 by saurabh Commit 3 by moshe Commit 3 by moshe Commit 3 by moshe FQDN Refresh for Commit 1
  • 33. Commit Description  Commit description can be up to 512 characters  Use cases  Describe what changes were pushed down with commit  Ticket Numbers, Change Request Numbers, Audit Info etc.  Compare versions based on commit description in config audit  Type in description text into config version selector to compare  Commit description searches available in system logs, task manager 34 | ©2016, Palo Alto Networks. Confidential and Proprietary. Start typing description
  • 34. Increased Maximum Virtual Disk  Problem – Max size of supported virtual disk is 2TB which leads customers to NFS for more storage  NFS is less than ideal for throughput rates and predictability  Virtual Disk has better performance, but 2TB is not enough storage for many customers  Solution – Support up to 8 TB of virtual disk for VM Panorama  Must have ESXi 5.5+  Will require a new virtual disk (will be covered in LAB session) 35 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 35. New ACC Widgets 36 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 36. New ACC Widgets  Problem – Customers could not see more than top 10 URL categories or File Types / Data Patterns  Currently URL Filtering and Content activity is only shown in the User Activity or IP Activity widgets at top 10 items  Solution – Create two new widgets for URL filtering and Content Activity  Allows admins to view top URL domains and files/patterns in the table with the ability to maximize for an expanded list  The widgets must be added to a tab manually 37 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 37. New ACC Widgets 38 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 38. New ACC Widgets  Problem – Customers wanted visibility into top data transfers and URLs independent of IP or User  Currently URL and Content visibility was restricted to the User Activity or IP Activity widgets at max top 10 items  Solution – Create two new widgets for URL filtering and Content Filtering  Allows admins to view URL / Content at the top level and drill into details  The widgets must be added to a tab manually 39 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 39. Unified Log Viewer 40 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 40. Unified Log Viewer  Problem – Customers cannot see all events associated with a set of filters across databases  Admins can only view the related logs for any single event or re-run the same query on each log type  Solution – Add a unified log viewer  All traffic and threat log types are available  Any column that is common will return results from all of the relevant matching logs 41 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 41. Unified Log Viewer Example 42 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 42. Unified Log Viewer: Specific Query 43 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 43. Unified Log Viewer: Specific Query 44 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 44. Unified Log Viewer: DB Selection 45 | ©2016, Palo Alto Networks. Confidential and Proprietary.
  • 45. THANK YOU For personal demo: www.algosec.com/Demo More information: marketing@algosec.com 46 | Confidential

Editor's Notes

  • #3: Managing network security across complex heterogeneous networks
  • #4: - Mention minutes to provision servers and storage, but weeks to provision security.
  • #5: Hidden slide: Just mention that we are the leaders in Security Policy Management Have 1500 enterprise customers including 20 of the Fortune 50
  • #22: Save lots of time in defining a large firewall estate, correctly analyze global policy for change and for optimization