a business driven approach to security policy management a technical perspective final
TRANSCRIPT
A BUSINESS-DRIVEN APPROACH TO SECURITY POLICY MANAGEMENT – A TECHNICAL PERSPECTIVEJoe DiPietro, SE Director
AGENDA• How to get holistic visibly of security risk and
compliance across the enterprise network• How to reduce risk and avoid application outages• How to tie cyber threats to business processes• How to enhance security processes with business
context, including impact analysis and risk assessment• How to accelerate application deployments to the cloud
LINKING SECURITY INSIGHTS TO BUSINESS APPLICATIONS• Applications run the business• Applications run over the network• Security devices protect the data and applications• Security teams must inject business context into the
security management process to be relevant for the business to understand
• For example…
UNDERSTANDING YOUR BUSINESS APPLICATIONS • How many security
devices are protecting your critical business applications?
• 11 for Payroll• 11 for GameStop• 5 for MobileBanking
UNDERSTANDING YOUR BUSINESS APPLICATIONS
• What components of your business applications are being blocked by your security policies?
• No blocking for• Asset Management• Domino Server• ERP• Employee Portal
• Blocking issues for these applications:• 3 for Sequoia• 2 for MobileBanking• 1 for GameStop• 1 for Payroll
Blocked Flow
UNDERSTANDING YOUR BUSINESS APPLICATIONS • How many critical
business applications go through each firewall device?
• Do you have a plan if these devices go down?
• What happens if any of these devices are misconfigured because of a change to their security policy?
UNDERSTANDING YOUR BUSINESS APPLICATIONS • How often do your
business applications change?
• Do you understand the details of these changes?
• What happens if a change request occurs during a critical lock down period, like the holiday shopping season?
UNDERSTANDING YOUR BUSINESS APPLICATIONS
• What are your most vulnerable applications?
• Applications need to be linked to security policies to understand the risks
• Are all of the components of the application accounted for?
UNDERSTANDING YOUR BUSINESS APPLICATIONS • Which applications have
“unscanned” servers?• Unscanned servers are
potentially very high risk!
• You need to understand these details for your total application risk exposure
UNDERSTANDING YOUR BUSINESS APPLICATIONS
Which are your most complicated applications?
KEY BUSINESS CHALLENGES THAT MUST BE ADDRESSED
11 | Confidential
Automating security change
management
Tying cyber threats to business
applications
Single pane of glass for network
security policy management
Securing business
transformation to the cloud
Ensuring continuous compliance
Effectively managing application connectivity
Reducing risk from
misconfigurations
Avoiding application
outages due to connectivity
issues
Business-Driven
SECURITY
Business-Driven
AGILITY
KEY BUSINESS CHALLENGES THAT MUST BE ADDRESSED
12 | Confidential
Automating security change
management
Tying cyber threats to business
applications
Single pane of glass for network
security policy management
Securing business
transformation to the cloud
Ensuring continuous compliance
Effectively managing application connectivity
Reducing risk from
misconfigurations
Avoiding application
outages due to connectivity
issues
Business-Driven
SECURITY
Business-Driven
AGILITY
• Step 1 – Understand your applications
• There are a variety of methods to auto-discover applications
• The goal is to capture the relevant information in order to build an application diagram
EFFECTIVELY MANAGING APPLICATION CONNECTIVITY
Easily discover existing application connectivity flows
PacketBroker
ESX Server Host base sensorOn Application Server
Let’s walk through an application discovery process…
DISCOVERY YOUR APPLICATIONS AUTOMATICALLY • “Auto discover” your
applications • Collected data is
visualized • Understanding the
connections is critical to security and business processes
• How does this device interact with the rest of the application?
UNDERSTANDING THE APPLICATIONAre you aware that this server has
email and SSH outgoing connections?
Is this really part of the application?
Application data is verified and turned into
application flows
APPLICATION FLOWS
• Raw connection data is translated into flows• Change management processes work on the flows• Automating security change management processes
CHANGE MANAGEMENT MIGRATE TO THE CLOUD• Migrate time clock server to
amazon server in the cloud
NEW CHANGE REQUEST HAS BEEN SUBMITTED
• DC Time Clock Server can not reach the Amazon cloud time clock server yet…
• So the flow is “RED”Who is blocking
this?
FULL NETWORK VIEW OF THE APPLICATION FLOW
These devices
These devices allow the traffic
KEY BUSINESS CHALLENGES THAT MUST BE ADDRESSED
20 | Confidential
Automating security change
management
Tying cyber threats to business
applications
Single pane of glass for network
security policy management
Securing business
transformation to the cloud
Ensuring continuous compliance
Effectively managing application connectivity
Reducing risk from
misconfigurations
Avoiding application
outages due to connectivity
issues
Business-Driven
SECURITY
Business-Driven
AGILITY
CHANGE REQUEST HAS BEEN SUBMITTED AND IS BEING PLANNED
• This change request applies to the 4 devices blocking the traffic
Appropriate review cycle can continue for the application change request
KEY BUSINESS CHALLENGES THAT MUST BE ADDRESSED
22 | Confidential
Automating security change
management
Tying cyber threats to business
applications
Single pane of glass for network
security policy management
Securing business
transformation to the cloud
Ensuring continuous compliance
Effectively managing application connectivity
Reducing risk from
misconfigurations
Avoiding application
outages due to connectivity
issues
Business-Driven
SECURITY
Business-Driven
AGILITY
SECURING BUSINESS TRANSFORMATION TO THE CLOUD• Identify applications
• Extract relevant components
• Map new IP information• Automatically prepare
firewall changes for new connectivity
• Implement changes• Decommission old rules
HELP DESK APPLICATION 1. This is the application to migrate2. Identify the flows3. Identify the relevant servers4. Prepare change requests
Help Desk Application1
2
MIGRATING THE HELP DESK APPLICATION
Extract required servers and prepare them for the planning stage
Help Desk Application
3
LETS MIGRATE A SERVER FROM THE APPLICATION
SMS SERVER DC1 HAS A NEW DEFINITION
• Understanding the architecture helps you identify what components need to talk to each other
• If this server moves to a new location, these flows will be affected
WE
We have the server definitions defined, but now we need to update the application
OPEN REQUEST CREATED
Updated kicks off an open request to modify application connectivity
4
CHANGE REQUEST IS AUTOMATICALLY PLANNED
RISK CHECKS FOR NEW SERVER MOVE (TO BE APPROVED)
This is where we can understand how much risk is introduced by the application move
SECURITY POLICY DETAILS FOR EACH DEVICE (TO BE IMPLEMENTED)
ANOTHER DEVICE IN THE PATH
PROGRESSING ALONG THE PATH
APPLICATION IS MIGRATED, NOW DECOMMISSION OLD COMPONENTS
36 | ConfidentialPlease
decommission
Legacy WebAccess
#6757 Firewall Change Request to remove WebAccess application
MIGRATION COMPLETE
KEY BUSINESS CHALLENGES THAT MUST BE ADDRESSED
38 | Confidential
Automating security change
management
Tying cyber threats to business
applications
Single pane of glass for network
security policy management
Securing business
transformation to the cloud
Ensuring continuous compliance
Effectively managing application connectivity
Reducing risk from
misconfigurations
Avoiding application
outages due to connectivity
issues
Business-Driven
SECURITY
Business-Driven
AGILITY
AUTOMATING SECURITY CHANGE MANAGEMENT
•Automated process•Segregation of duties
•Embedded risk checks
Plan
Approve
ImplementValidate
Close
Request
1 2
3
4
6
5
2
Notify Reques
ter
Each Firewall Policy is automatically analyzed to see if request is already allowed
3
4•Add a new rule?•Modify an existing rule?•Create new objects?•Automatically document the rule change
5
6
Automatic “Push” to reduce misconfigurations
KEY BUSINESS CHALLENGES THAT MUST BE ADDRESSED
40 | Confidential
Automating security change
management
Tying cyber threats to business
applications
Single pane of glass for network
security policy management
Securing business
transformation to the cloud
Ensuring continuous compliance
Effectively managing application connectivity
Reducing risk from
misconfigurations
Avoiding application
outages due to connectivity
issues
Business-Driven
SECURITY
Business-Driven
AGILITY
TYING CYBER THREATS TO BUSINESS APPLICATIONSRequirement:
• Understand the business application involved in the security incident to put context around the business impact
• SIEM receives a security incident, what do you do?
BUSINESS APPLICATIONS AFFECTED BY INCIDENT
• Automatically identify business applications• Identify the specific components of the application
HOW DOES THIS ACCESS OCCUR THROUGH THE NETWORK?
KEY BUSINESS CHALLENGES THAT MUST BE ADDRESSED
44 | Confidential
Automating security change
management
Tying cyber threats to business
applications
Single pane of glass for network
security policy management
Securing business
transformation to the cloud
Ensuring continuous compliance
Effectively managing application connectivity
Reducing risk from
misconfigurations
Avoiding application
outages due to connectivity
issues
Business-Driven
SECURITY
Business-Driven
AGILITY
COMPLEXITY = MISCONFIGURATIONS
• Security policy clean up …• Rules• Objects• Permissions
Regularly use recommendations to tight the security policies….
INTELLIGENTLY TIGHTEN YOUR SECURITY POLICY
KEEP YOUR POLICIES CLEAN AS YOU GO ALONG!
Start the process of “rule re-certification” when you first make the request!
RULE RECERTIFICATION PROJECT TO KEEP SECURITY POLICY TIGHT
KEY BUSINESS CHALLENGES THAT MUST BE ADDRESSED
49 | Confidential
Automating security change
management
Tying cyber threats to business
applications
Single pane of glass for network
security policy management
Securing business
transformation to the cloud
Ensuring continuous compliance
Effectively managing application connectivity
Reducing risk from
misconfigurations
Avoiding application
outages due to connectivity
issues
Business-Driven
SECURITY
Business-Driven
AGILITY
CONTINUOUS COMPLIANCE• Dashboard
s help you keep score for compliance
COMPLIANCE DASHBOARD FOR ALL FIREWALLS
KEY BUSINESS CHALLENGES THAT MUST BE ADDRESSED
52 | Confidential
Automating security change
management
Tying cyber threats to business
applications
Single pane of glass for network
security policy management
Securing business
transformation to the cloud
Ensuring continuous compliance
Effectively managing application connectivity
Reducing risk from
misconfigurations
Avoiding application
outages due to connectivity
issues
Business-Driven
SECURITY
Business-Driven
AGILITY
• Heterogeneous device support
• Traffic simulations
• Route lookup• Security and
networking teams working together
SINGLE PANE OF GLASS…
SINGLE PANE OF GLASS…• Bring in the application development team into the single
pane of glass
Application Networking Security Different views of the same application
Red = high riskYellow = medium risk
What specific risks in these components?
PROACTIVE RISK ANALYSIS• These risks are within this application flow…
• Different risk profiles can be applied to your application flows• PCI • Corporate risk policy• Etc.
KEY BUSINESS CHALLENGES THAT MUST BE ARE ADDRESSED
56 | Confidential
Automating security change
management
Tying cyber threats to business
applications
Single pane of glass for network
security policy management
Securing business
transformation to the cloud
Ensuring continuous compliance
Effectively managing application connectivity
Reducing risk from
misconfigurations
Avoiding application
outages due to connectivity
issues
Business-Driven
SECURITY
Business-Driven
AGILITY
MORE RESOURCES
48
