transitioning to next-generation firewall management - 3 ways to accelerate the return on your...
DESCRIPTION
Speaker: Gidi Cohen, CEO and Founder – Skybox Security, Inc. Whether you are planning a transition to next-gen firewalls or have already done so, maximizing your next-gen firewall investment is imperative. Yet, most enterprises experience common management challenges that can slow down deployments, complicate existing firewall operations processes, and delay use of the most advanced next-gen firewall features. In this session, Gidi Cohen, CEO and founder of Skybox Security, shares customer case studies and research to illustrate these transition challenges and outline a phased approach to evaluate, adjust, and implement updated processes and tools so you can effectively manage your next-gen firewall deployment.TRANSCRIPT
Transitioning to Next Generation
Firewall Management presented by
Gidi Cohen
CEO and Founder
Skybox Security
November 14, 2012
www.skyboxsecurity.com © 2012 Skybox Security 1
Skybox Security Overview
• Proven deployments in complex networks
• Financial Services, Government, Defense, Energy,
Retail, Service Providers, Manufacturing, Tech
Global 2000 Customers
• Leveraging predictive risk analytics technology
• Designed for continuous, scalable operation
Leader in Proactive Security Risk Management
• Firewall Assurance - Automated Firewall Management
• Change Manager - Secure Change Management
• Network Assurance - Network modeling & compliance
• Risk Control - Risk and Vulnerability Management
Complete Product Portfolio
© 2012 Skybox Security 2
Security Challenges in the
Extended Enterprise
BYOD
demands
Rapidly
mutating
threats
BYOC (Cloud)
data and
applications
Roll-out new
services Protect the
Business
© 2012 Skybox Security 3
Old Gen Tech Is Not Effective
• Traditional Firewalls –
Unable to keep up with
new challenges
• Vulnerability scanners –
Often disruptive, not
suitable for daily use
• SIEM – Reactive, too
much irrelevant data
• Pen Test – Not cost
effective at large scale
© 2012 Skybox Security 4
2012 Skybox Survey:
Reasons for Selecting NGFW’s
© 2012 Skybox Security 5
Nearly 80% use or plan to use NGFWs as
an improved layer of protection
0 10 20 30 40 50 60 70
Protection against complex attacks
Firewall performance
Malware identification
Control access to external apps
BYOD
Control access to internal apps
Cut management time
Fewer security devices
Trim operating costs
Get the newest tech
2012 Skybox Survey:
NGFW’s will be the new norm
© 2012 Skybox Security 6
We estimate that within 12 months 75% or more of
organizations will have Next-Gen Firewalls deployed
% of NGFW
% of orgs
0
5
10
15
20
25
30
None Less than10%
10-24% 25-49% 50-74% 75-100%
Today
In 12 Months
2012 Skybox Survey:
#1 Anticipated Feature - Network IPS
© 2012 Skybox Security 7
0 10 20 30 40 50 60 70 80
Other
Integrated malware detection
User-aware policy enforcement
Address blacklisting and whitelisting
Application-aware policy…
Content-specific policy enforcement
Standard firewall capabilities
Integrated network IPS
93% use or plan to use the network IPS feature.
62% in active protection mode.
But, How Will You Manage?
• 500 Network devices
• 15,000 FW rules
• 100 daily changes
• Infrastructure
spanning three
continents
Now ,add in:
• User and Application
policies
• New security zones
• 4,000 IPS
signatures
ouch!
Effort Today Real Strain Tomorrow
© 2012 Skybox Security 8
Management Challenges
Traditional Firewall Management Challenges
• Continuous Compliance
• Change Management
• Optimization, Troubleshooting
New, Added Challenges
• New network architecture and zoning
• Migration from old gen to next gen
• Effective Threat Protection
© 2012 Skybox Security 9
2012 Skybox Survey:
Top Migration Challenges
© 2012 Skybox Security 10
2.8 2.9 3 3.1 3.2 3.3 3.4 3.5 3.6
Converting trad to NGFW configs
Changing management processes
Planning architecture changes
Creating new, more granular policies
Training administrators on NGFWplatform
Validating correct operation of NGFW
Managing multiple firewalls andvendors
Respondents took an average of 6.5 months
to implement next-gen firewalls
2012 Skybox Survey:
Top Operational Challenges
0 5 10 15 20 25 30 35
Managing trad & NGFWs together
Troubleshooting connectivity issues
Demonstrating policy compliance
Maintaining best practice config
Internal reporting
Verifying rule compliance
Managing firewall changes
Verifying access policies enforced…
Maintaining set of IPS signatures
Optimizing rule-sets
“A lot of manual fine-tuning continues to be necessary.”
Verifying Protection is a
Daily Challenge
Misconfiguration?
Sensitive
assets
Did change
expose a
vulnerability?
Vulnerabilities • CVE 2009-203
• CVE 2006-722
• CVE 2006-490
Risky
Access
Path?
© 2012 Skybox Security 12
A Different Approach is Needed
Need Network and Risk-Aware
Firewall Management
Firewall & Network
Change
Management
Topology and apps
aware, ensure daily
policy & configuration
compliance
Vulnerability and
Threat Management
Identify, prioritize,
remediate critical risk,
enable IPS, Malware
© 2012 Skybox Security 13
Better Approach: Network
Modeling & Risk Analytics
Simulate
Possible
Attacks
© 2012 Skybox Security 14
Prevent
potential
breach
Enable IPS
signatures
Check
Access
Paths
Vulnerabilities • CVE 2009-203
• CVE 2006-722
• CVE 2006-490
Firewall Migration Planning
• Model and visualize
the network topology
• Optimize legacy
rulesets before
migration—maximize
performance
• Plan zone-based
policies
• Check ‘what if’
scenarios
© 2012 Skybox Security 15
Access Path Troubleshooting
• Validate changes with access path analysis
• Troubleshoot outages or connectivity issues in seconds
• Enhance visibility of network security process
© 2012 Skybox Security 16
Application Policy Management
SURVEY:
46% enable BYOD and external social apps
• Enable automated
policy compliance
• View access policy
violations by
application
• Block or limit access
checks by
applications
• Network modeling of
users and
applications
© 2012 Skybox Security 17
Ensure Effective IPS Coverage
SURVEY:
62% plan to use IPS in active protection mode
• Review and report on
configuration of recent
threats
• Understand overall
signature coverage
• Activate only necessary
signatures, maximize
performance and
prioritize vulnerabilities
© 2012 Skybox Security 18
Show Results Quickly for your
NGFW Investment
• Ensure Fast, Successful Firewall Migration
• Model and visualize deployment plan
• Optimize legacy rulesets
• Use Advanced Features to Prevent Attacks
• Optimize IPS signatures for best protection
• Exclusive Skybox and PAN capability
• Show Continuous Policy Compliance
• Ensure configuration best practices
• Check access by applications
© 2012 Skybox Security 19
Automate daily security tasks
Maintain compliance, prevent attacks
Please visit Skybox at our booth at Ignite!
Download the survey at www.skyboxsecurity.com
Thank you!
© 2012 Skybox Security 20