Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution

5 MORE THINGS YOU CAN DO WITH A SECURITY POLICY MANAGEMENT SOLUTION

Jonathan Gold-Shalev

WHAT WE’LL COVER TODAY

• Auto discover and map application connectivity

• Automate application migration projects

• Design application connectivity before your servers are fully allocated

• Enhance C-Level visibility to the network and application security

• Manage disaster recovery devices

2 | Confidential

3 | Confidential

Automatically Discover and Map Application Connectivity

LET’S TALK ABOUT BUSINESSFLOW• With AlgoSec’s BusinessFlow you can manage your applications’

connectivity and security

• Every application contains the definition of the flows it requires to perform its task

• Given this definition, along with AlgoSec’s Firewall Analyzer and FireFlow, BusinessFlow allows you to:• Get visibility to the connectivity status

• Verify the required connectivity is maintained

• Initiate and document changes without losing track

• Migrate applications or servers

• Understand what policy rules support which applications

4 | Confidential

BUSINESSFLOW SNEAK PEEK

5 | Confidential

MAPPING EXISTING APPLICATIONS• BusinessFlow provides visibility and automation for your applications

• However, it requires the applications to be defined in it

• Well… how well are your applications documented?• CMDB?

• Excel Spreadsheet?

• Firewall Rules?

• Most customers don’t have a reliable source of truth

• Automatic discovery is required

6 | Confidential

INTRODUCING – ALGOSEC AUTODISCOVERY

• AlgoSec’s AutoDiscovery sensor/s digest network traffic through:• Live port mirroring

• PCAP files exported from packet brokers

• ESX Internal Traffic (promiscuous mode)

• Local sensors on central servers

• Analyzes network traffic, including:• DPI

• Netflow/Sflow

• And many more…

• Maps all the traffic to business applications

7 | Confidential

THE MAPPED BUSINESS APPLICATIONS

8 | Confidential

ALGOSEC AUTODISCOVERY – CONT.

• The discovered applications are then added to BusinessFlow

• Users can then configure optimization so that thin flows and objects are merged together

• The application owners can then simply apply the configuration and start working with BusinessFlow

9 | Confidential

DISCOVERED APPLICATIONS

10 | Confidential

DISCOVERED APPLICATIONS

11 | Confidential

OPTIMIZED FLOWS

12 | Confidential

13 | Confidential

Application Migration - Automated

APPLICATION MIGRATION – CAN WE AUTOMATE?

• Applications migrate all the time• Data center migrations

• Acquisitions

• Test -> Pre-Production -> Production

• And more

• Migrating the required connectivity is a big deal – it is delicate and there’s a real risk of causing downtime

• BusinessFlow makes sure the migration process is error-free and automated

14 | Confidential

APPLICATION MIGRATION – MAKING IT SIMPLE

• Create an application migration project from BusinessFlow

• Select one or more applications

• For each application server, define the new server it will migrate to

• You can even select whether to move or clone the application

• Evaluate potential impact on the application vulnerability and risk level

• Apply the changes

• That’s it

15 | Confidential

SO WHAT HAPPENS NEXT?

• BusinessFlow will now open change requests

• FireFlow will then process these change requests automatically

• The changes can then be implemented all the way to the devices

• That’s it

16 | Confidential

A PICTURE IS WORTH MORE…

17 | Confidential

DEFINING THE MIGRATION PARAMETERS

18 | Confidential

PROJECT DASHBOARD

19 | Confidential

20 | Confidential

DESIGN YOUR APPLICATION CONNECTIVTY BEFORE THE SERVER IP ADDRESSES ARE KNOWN

DEFINE APPLICATION CONNECTIVITY

• BusinessFlow allows you to describe the connectivity required for your applications

• Flow objects can come from various different sources • CMDB

• Firewalls

• Any CSV exported from any source

• But what do you do when the server IP addresses are not yet allocated?

21 | Confidential

INTRODUCING – ABSTRACT OBJECTS

• BusinessFlow allows defining application flows with abstract objects

• Abstract objects function as placeholders

• Flows with abstract objects will be visible but will not be active

• Once your server IP address is allocated, simply replace object to activate the flow

• No more waiting for server IP address allocations before completing application design

22 | Confidential

ABSTRACT OBJECT IN A FLOW

23 | Confidential

ALLOCATING ABSTRACT OBJECTS

24 | Confidential

25 | Confidential

THE ALGOSEC REPORTING TOOL

ENHANCING C-LEVEL VISIBILITY

• C-Level staff need visibility

• They need to know about the problems, trends and bottom line numbers

• They need to get it periodically

• They need it in their mailbox

• They need it in colorful dashboards and charts

26 | Confidential

INTRODUCING THE ALGOSEC REPORTING TOOL

• Rich set of out-of-the-box dashboards and charts

• Rich reporting capabilities on AlgoSec’s top 3 entities:• Devices

• Change Requests

• Business Applications

• Easily create charts and dashboards

• Export the dashboards to PDF or CSV format

• Schedule sending these dashboard to C-Level recipients

27 | Confidential

SOME CHART EXAMPLES - DEVICES

• Devices with lowest PCI compliance score

• Most risky devices

• Average security rating over time

• Devices with lowest baseline compliance score

• Devices whose policies require the most optimization

• And many more…

28 | Confidential

SOME CHART EXAMPLES – CHANGE REQUESTS

• Change requests status distribution

• Open change requests by owner

• Number of change requests created over time

• Number of change requests by device group

• Number of change requests in the same status for X days

• And many more…

29 | Confidential

SOME CHART EXAMPLES – APPLICATIONS

• Most risky applications

• Most vulnerable applications

• Applications with highest number of unscanned servers

• Applications by connectivity status

• Number of change requests per-application

• And many more…

30 | Confidential

SOME DASHBOARD SAMPLES

SCHEDULING DASHBOARD EMAILS

33 | Confidential

DISASTER RECOVERY DEVICE PAIRS

DISASTER RECOVERY DEVICES / PATHS

34 | Confidential

• Some organizations define their networks so that if one route is no longer available, traffic takes a different path through DR firewalls and routers

• Requires defining device disaster recovery pairs

• Traffic that is allowed on one device in the pair must be allowed on the other as well (although the traffic is not currently routed through it)

• For devices without a central management system, maintaining the pair synced is a real challenge

ENTERS ALGOSEC DR-SET

35 | Confidential

• AlgoSec allows you to define DR-Sets – groups of devices that must always share the same policy

• Whenever FireFlow detects that one of the devices in the pair needs to be changed, the other devices will be automatically added to the list of devices to change

• Then, the same traffic that is added to the main device will be added to the rest in the DR Set

• Allows for maintaining the consistency, without any manual work and human errors

DR SETS – HOW IT LOOKS

36 | Confidential

SUMMARY

• AlgoSec provides you with business-centric security policy management capabilities

• A single pane of glass for the required connectivity of your applications

• Automates business-driven change processes

• And much more

• Explore the AlgoSec solution, read through the guides, visit our public KnowledgeBase and ask us questions

• You are bound to find more and more things you may have not known you can do with AlgoSec

37 | Confidential

MORE RESOURCES

38

Thank you!

Questions can be emailed to marketing@algosec.com