algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
TRANSCRIPT
5 MORE THINGS YOU CAN DO WITH A SECURITY POLICY MANAGEMENT SOLUTION
Jonathan Gold-Shalev
WHAT WE’LL COVER TODAY
• Auto discover and map application connectivity
• Automate application migration projects
• Design application connectivity before your servers are fully allocated
• Enhance C-Level visibility to the network and application security
• Manage disaster recovery devices
2 | Confidential
3 | Confidential
Automatically Discover and Map Application Connectivity
LET’S TALK ABOUT BUSINESSFLOW• With AlgoSec’s BusinessFlow you can manage your applications’
connectivity and security
• Every application contains the definition of the flows it requires to perform its task
• Given this definition, along with AlgoSec’s Firewall Analyzer and FireFlow, BusinessFlow allows you to:• Get visibility to the connectivity status
• Verify the required connectivity is maintained
• Initiate and document changes without losing track
• Migrate applications or servers
• Understand what policy rules support which applications
4 | Confidential
BUSINESSFLOW SNEAK PEEK
5 | Confidential
MAPPING EXISTING APPLICATIONS• BusinessFlow provides visibility and automation for your applications
• However, it requires the applications to be defined in it
• Well… how well are your applications documented?• CMDB?
• Excel Spreadsheet?
• Firewall Rules?
• Most customers don’t have a reliable source of truth
• Automatic discovery is required
6 | Confidential
INTRODUCING – ALGOSEC AUTODISCOVERY
• AlgoSec’s AutoDiscovery sensor/s digest network traffic through:• Live port mirroring
• PCAP files exported from packet brokers
• ESX Internal Traffic (promiscuous mode)
• Local sensors on central servers
• Analyzes network traffic, including:• DPI
• Netflow/Sflow
• And many more…
• Maps all the traffic to business applications
7 | Confidential
THE MAPPED BUSINESS APPLICATIONS
8 | Confidential
ALGOSEC AUTODISCOVERY – CONT.
• The discovered applications are then added to BusinessFlow
• Users can then configure optimization so that thin flows and objects are merged together
• The application owners can then simply apply the configuration and start working with BusinessFlow
9 | Confidential
DISCOVERED APPLICATIONS
10 | Confidential
DISCOVERED APPLICATIONS
11 | Confidential
OPTIMIZED FLOWS
12 | Confidential
13 | Confidential
Application Migration - Automated
APPLICATION MIGRATION – CAN WE AUTOMATE?
• Applications migrate all the time• Data center migrations
• Acquisitions
• Test -> Pre-Production -> Production
• And more
• Migrating the required connectivity is a big deal – it is delicate and there’s a real risk of causing downtime
• BusinessFlow makes sure the migration process is error-free and automated
14 | Confidential
APPLICATION MIGRATION – MAKING IT SIMPLE
• Create an application migration project from BusinessFlow
• Select one or more applications
• For each application server, define the new server it will migrate to
• You can even select whether to move or clone the application
• Evaluate potential impact on the application vulnerability and risk level
• Apply the changes
• That’s it
15 | Confidential
SO WHAT HAPPENS NEXT?
• BusinessFlow will now open change requests
• FireFlow will then process these change requests automatically
• The changes can then be implemented all the way to the devices
• That’s it
16 | Confidential
A PICTURE IS WORTH MORE…
17 | Confidential
DEFINING THE MIGRATION PARAMETERS
18 | Confidential
PROJECT DASHBOARD
19 | Confidential
20 | Confidential
DESIGN YOUR APPLICATION CONNECTIVTY BEFORE THE SERVER IP ADDRESSES ARE KNOWN
DEFINE APPLICATION CONNECTIVITY
• BusinessFlow allows you to describe the connectivity required for your applications
• Flow objects can come from various different sources • CMDB
• Firewalls
• Any CSV exported from any source
• But what do you do when the server IP addresses are not yet allocated?
21 | Confidential
INTRODUCING – ABSTRACT OBJECTS
• BusinessFlow allows defining application flows with abstract objects
• Abstract objects function as placeholders
• Flows with abstract objects will be visible but will not be active
• Once your server IP address is allocated, simply replace object to activate the flow
• No more waiting for server IP address allocations before completing application design
22 | Confidential
ABSTRACT OBJECT IN A FLOW
23 | Confidential
ALLOCATING ABSTRACT OBJECTS
24 | Confidential
25 | Confidential
THE ALGOSEC REPORTING TOOL
ENHANCING C-LEVEL VISIBILITY
• C-Level staff need visibility
• They need to know about the problems, trends and bottom line numbers
• They need to get it periodically
• They need it in their mailbox
• They need it in colorful dashboards and charts
26 | Confidential
INTRODUCING THE ALGOSEC REPORTING TOOL
• Rich set of out-of-the-box dashboards and charts
• Rich reporting capabilities on AlgoSec’s top 3 entities:• Devices
• Change Requests
• Business Applications
• Easily create charts and dashboards
• Export the dashboards to PDF or CSV format
• Schedule sending these dashboard to C-Level recipients
27 | Confidential
SOME CHART EXAMPLES - DEVICES
• Devices with lowest PCI compliance score
• Most risky devices
• Average security rating over time
• Devices with lowest baseline compliance score
• Devices whose policies require the most optimization
• And many more…
28 | Confidential
SOME CHART EXAMPLES – CHANGE REQUESTS
• Change requests status distribution
• Open change requests by owner
• Number of change requests created over time
• Number of change requests by device group
• Number of change requests in the same status for X days
• And many more…
29 | Confidential
SOME CHART EXAMPLES – APPLICATIONS
• Most risky applications
• Most vulnerable applications
• Applications with highest number of unscanned servers
• Applications by connectivity status
• Number of change requests per-application
• And many more…
30 | Confidential
SOME DASHBOARD SAMPLES
SCHEDULING DASHBOARD EMAILS
33 | Confidential
DISASTER RECOVERY DEVICE PAIRS
DISASTER RECOVERY DEVICES / PATHS
34 | Confidential
• Some organizations define their networks so that if one route is no longer available, traffic takes a different path through DR firewalls and routers
• Requires defining device disaster recovery pairs
• Traffic that is allowed on one device in the pair must be allowed on the other as well (although the traffic is not currently routed through it)
• For devices without a central management system, maintaining the pair synced is a real challenge
ENTERS ALGOSEC DR-SET
35 | Confidential
• AlgoSec allows you to define DR-Sets – groups of devices that must always share the same policy
• Whenever FireFlow detects that one of the devices in the pair needs to be changed, the other devices will be automatically added to the list of devices to change
• Then, the same traffic that is added to the main device will be added to the rest in the DR Set
• Allows for maintaining the consistency, without any manual work and human errors
DR SETS – HOW IT LOOKS
36 | Confidential
SUMMARY
• AlgoSec provides you with business-centric security policy management capabilities
• A single pane of glass for the required connectivity of your applications
• Automates business-driven change processes
• And much more
• Explore the AlgoSec solution, read through the guides, visit our public KnowledgeBase and ask us questions
• You are bound to find more and more things you may have not known you can do with AlgoSec
37 | Confidential
MORE RESOURCES
38
Thank you!
Questions can be emailed to [email protected]