5 THINGS YOU DIDN’T KNOW YOU COULD DO WITH A SECURITY POLICY MANAGEMENT SOLUTION

Edy Almer

GOALS FOR TODAY

AlgoSec helps you manage security, reduce risk and respond to incidents, while maximizing business agility and ensuring compliance across your disparate, ever-changing, hybrid networks.

In this webinar we’ll cover how to:

• Automate end-to end change management cross public and private cloud – not just orchestration

• Perform a fully automated, zero-touch security policy change• Make patching and vulnerability assessment business-driven

• Make your cyber response business application-aware and automate it

• Automate firewall migrations

2 | Confidential

3 | Confidential

END-TO-END CHANGE MANAGEMENT

END TO END CHANGE MANAGEMENT

• Network and security change requests keeps piling up

• With them, new technologies and deployments of security devices

• SDN, Cloud, multiple firewall vendors… - managing changes is a pain

• What if you could get a single location to submit the change requests and that automates the entire change process for you?

4 | Confidential

FIRST – AUTOMATICALLY FIND BLOCKING DEVICES

• Utilizes the AlgoSec understanding of the network

• Combines with advanced network analysis algorithms

• Completely vendor agnostic

• Focuses on the devices that require change

• If nothing requires change – automatically closes the change request

5 | Confidential

FIRST – AUTOMATICALLY FIND BLOCKING DEVICES

6 | Confidential

SECOND – RISK CHECK

• What-if analysis for proactive security checks

• Verifies compliance with the organizational security policy

• Everything the security analyst needs – ready and waiting

• Did we mention it is vendor agnostic?

7 | Confidential

SECOND – RISK CHECK

8 | Confidential

THIRD – IMPLEMENTATION

• Every relevant device gets an implementation recommendation

• Add a rule, remove a rule or even edit an existing rule

• In the language and according to the limitations of each device

• Implement to the device with a click of a button (ActiveChange)

9 | Confidential

THIRD – IMPLEMENTATION

10 | Confidential

FINALLY - VALIDATION

• Automatically validates the change request was implemented properly

• Step 1 – make sure traffic is now allowed

• Step 2 – make sure the implementation was accurate

• This is it – end to end in minutes, on premise / public cloud / routers / firewalls – doesn’t matter

11 | Confidential

FINALLY - VALIDATION

12 | Confidential

13 | Confidential

AUTOMATION – ALL THE WAY

INTRODUCING – ZERO-TOUCH WORKFLOW

• If no severe risks are found – why delay?

• Workflows can be configured to be fully automated

• Running through the different stages without human intervention

• Request to implementation in minutes without spending any time

• We even have such out-of-the-box workflow – try it

14 | Confidential

INTRODUCING – ZERO-TOUCH WORKFLOW

15 | Confidential

16 | Confidential

TYING VULNERABILITIES TO THE BUSINESS

MAKE THE BUSINESS OWNER OWN THE SECURITY

• Vulnerability scanners generate a lot of results

• Security engineers are responsible for prioritizing and remediating

• Usually prioritization is according to the severity based on inputs from the scanner

• What about the business impact?

• Vulnerabilities are presented in the context of an application

• Visibility to the most vulnerable applications including drill down

• You can even schedule a periodic C-level report for this info

• Now the business owner can own the security as well

17 | Confidential

VULNERABILITIES IN THE BUSINESS CONTEXT

18 | Confidential

VULNERABILITIES IN THE BUSINESS CONTEXT

19 | Confidential

20 | Confidential

TIE CYBER ATTACKS TO THE BUSINESS IMPACT

INTEGRATION WITH SIEM SYSTEMS

• Your SOC engineer is working on a cyber attack

• A server is flagged as exposed to an attack

• Fast impact analysis and isolation are required

• Introducing – the AlgoSec plugin for your SIEM system

• Get instant visibility to the applications impacted by this server

• Find out if the server is exposed to the Internet

• Immediately initiate isolation of the exposed server

• In the process – no need to leave the SIEM system interface

21 | Confidential

INTEGRATION WITH SIEM SYSTEMS

• Your SOC engineer is working on a cyber attack

• A server is flagged as exposed to an attack

• Fast impact analysis and isolation are required

• Introducing – the AlgoSec plugin to your SIEM system

• Get instant visibility to the applications impacted by this server

• Find out if the server is exposed to the Internet

• Immediately initiate isolation of the exposed server

• In the process – no need to leave the SIEM system interface

22 | Confidential

BUSINESS APPLICATIONS IMPACTED BY INCIDENT

23 | Confidential

- Critical application?(priority, business impact)

- Firewall in path for internet connectivity

INCIDENT REACHABILITY ANALYSIS

24 | Confidential

Can reach Internet?

Data exfiltration

Can reach critical zones?

Damage potential

REMEDIATION – AUTOMATE SERVER ISOLATION

25 | Confidential

Change request to drop traffic to/from infected server (auto-flow)

26 | Confidential

AUTOMATIC FIREWALL MIGRATIONS

FIREWALL MIGRATION – WHY NOT AUTOMATE

• Migrating firewalls is just another big change request

• Manual or semi-manual processes result in human errors

• AlgoSec has visibility into the policies

• AlgoSec knows how to run change requests

• AlgoSec can push changes to devices

• Nothing missing – Let’s automate

• Introducing - firewall migration in three steps

27 | Confidential

STEP 1 – EXPORTING SOURCE POLICY

28 | Confidential

STEP 2 – OPEN A VERBATIM CHANGE REQUEST

29 | Confidential

STEP 3 – SIT BACK AND WAIT

30 | Confidential

• It is that simple!

WHAT DID WE SEE TODAY ?

•Automate end-to-end change management –with zero touch

•Make your patching and vulnerability assessment business-driven

•Make your cyber response business application-aware and automate it

•Automate firewall migrations

31 | Confidential

MORE RESOURCES

32

Thank you!

Questions can be emailed to marketing@algosec.Com