5 Strategies to Improve Firewall Management: How to Automate Operations, Simplify Compliance Audits and Reduce Risk
May 25, 2015
5 Strategies to Improve Firewall Management: How to Automate Operations, Simplify Compliance Audits and Reduce Risk
• Introduction to AlgoSec
• A Look at Today’s Complex Network
• Strategies to Improve Firewall Management
• Next Steps
• Q&A
Agenda
2
Meet our Panelists
3
Kevin Beaver, CISSP Information Security Consultant
& Author
Principle Logic, LLC
Nimmy Reichenberg VP of Marketing & Business
Development
AlgoSec
• The Leader in Network Security Policy Management
• Award Winning Security Management Suite
• 800+ customers in 45 countries.
13 of the Fortune 50
• Fast growing - 95% growth in 2011
• Technology Partners include Check Point, Cisco, Juniper, Fortinet, Palo
Alto Networks, Blue Coat, HP, CA
• “Obsession” for Customer Satisfaction
AlgoSec Introduction
4
• Information Security Consultant
• www.principlelogic.com
• Author
• Some of my books include:
About Kevin Beaver
5
6
• Lack of audits
• Mostly manual
• No processes
• Minimal oversight
Issues I See in My Work
7
Implement
policies/plans
Enforce
with
technology
Know what
you’ve got Know how
it’s at risk
Refine and
repeat
Next-Gen Firewalls
Virtualized Data Centers
All network firewalls
eventually
Network Complexity is Increasing
8
10
Strategy #1:
Assess the risk of
the firewall policy
12
What exactly can
the bad guys see?
Logic and Reasoning
General
lack of
accountability
Strategy #2:
Maintain optimized
firewall rulesets
Logic and Reasoning
Strategy #3:
Manage firewall
changes
One mishap is
worth
hundreds of
thousands of
dollars…
19
Sustainable &
Repeatable Process
Control
Visibility
Automation
20
ROI for Automating Firewall Change Management
21
Annual Savings - $700K
3-Year Savings - $2.1M
Strategy #4:
Keep up with the
rules and regulations
Implement
policies/plans
Enforce
with
technology
Know how
it’s at risk
Refine and
repeat
HIPAA/HITECH
GLBA
SOX
PCI DSS
State breach notification laws
International laws
How is your business impacted?
23
24 24
We’re compliant,
therefore we’re
secure
25
Strategy #5:
Prove where
things stand
Technical issues
Operational Issues
The BIG Oversight
27
Your auditor
will be there
waiting…
28
29
Know your compliance status…
immediately and at all times!
29
Summary
Implement
policies/plans
Enforce
with
technology
Know what
you’ve got
Know how
it’s at risk
Refine and
repeat
The Magic Formula
31
Automation is Key
32
My website: principlelogic.com/resources
My blog/videos: securityonwheels.com/blog
My audio programs: securityonwheels.com
My books:
Let’s Connect: @kevinbeaver
www.linkedin.com/in/kevinbeaver
Kevin’s Information
33
34
• Firewall Management: 5 Challenges Every Company
Must Address http://pages.algosec.com/five_common_challenges.htm
• Trends in Firewall Configuration – Measuring the
holes in Swiss cheese (Research by Prof. Wool) http://arxiv.org/abs/0911.1240
• Firewall Management ROI Calculator http://www.algosec.com/resources/roi_calculator/
• Evaluate the AlgoSec Security Management Suite AlgoSec.com/eval
Next Steps and Q&A
35
Security Management. Made Smarter.
www.AlgoSec.com
Connect with AlgoSec on: