algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
TRANSCRIPT
![Page 1: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/1.jpg)
5 MORE THINGS YOU CAN DO WITH A SECURITY POLICY MANAGEMENT SOLUTION
Jonathan Gold-Shalev
![Page 2: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/2.jpg)
WHAT WE’LL COVER TODAY
• Auto discover and map application connectivity
• Automate application migration projects
• Design application connectivity before your servers are fully allocated
• Enhance C-Level visibility to the network and application security
• Manage disaster recovery devices
2 | Confidential
![Page 3: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/3.jpg)
3 | Confidential
Automatically Discover and Map Application Connectivity
![Page 4: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/4.jpg)
LET’S TALK ABOUT BUSINESSFLOW• With AlgoSec’s BusinessFlow you can manage your applications’
connectivity and security
• Every application contains the definition of the flows it requires to perform its task
• Given this definition, along with AlgoSec’s Firewall Analyzer and FireFlow, BusinessFlow allows you to:• Get visibility to the connectivity status
• Verify the required connectivity is maintained
• Initiate and document changes without losing track
• Migrate applications or servers
• Understand what policy rules support which applications
4 | Confidential
![Page 5: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/5.jpg)
BUSINESSFLOW SNEAK PEEK
5 | Confidential
![Page 6: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/6.jpg)
MAPPING EXISTING APPLICATIONS• BusinessFlow provides visibility and automation for your applications
• However, it requires the applications to be defined in it
• Well… how well are your applications documented?• CMDB?
• Excel Spreadsheet?
• Firewall Rules?
• Most customers don’t have a reliable source of truth
• Automatic discovery is required
6 | Confidential
![Page 7: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/7.jpg)
INTRODUCING – ALGOSEC AUTODISCOVERY
• AlgoSec’s AutoDiscovery sensor/s digest network traffic through:• Live port mirroring
• PCAP files exported from packet brokers
• ESX Internal Traffic (promiscuous mode)
• Local sensors on central servers
• Analyzes network traffic, including:• DPI
• Netflow/Sflow
• And many more…
• Maps all the traffic to business applications
7 | Confidential
![Page 8: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/8.jpg)
THE MAPPED BUSINESS APPLICATIONS
8 | Confidential
![Page 9: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/9.jpg)
ALGOSEC AUTODISCOVERY – CONT.
• The discovered applications are then added to BusinessFlow
• Users can then configure optimization so that thin flows and objects are merged together
• The application owners can then simply apply the configuration and start working with BusinessFlow
9 | Confidential
![Page 10: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/10.jpg)
DISCOVERED APPLICATIONS
10 | Confidential
![Page 11: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/11.jpg)
DISCOVERED APPLICATIONS
11 | Confidential
![Page 12: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/12.jpg)
OPTIMIZED FLOWS
12 | Confidential
![Page 13: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/13.jpg)
13 | Confidential
Application Migration - Automated
![Page 14: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/14.jpg)
APPLICATION MIGRATION – CAN WE AUTOMATE?
• Applications migrate all the time• Data center migrations
• Acquisitions
• Test -> Pre-Production -> Production
• And more
• Migrating the required connectivity is a big deal – it is delicate and there’s a real risk of causing downtime
• BusinessFlow makes sure the migration process is error-free and automated
14 | Confidential
![Page 15: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/15.jpg)
APPLICATION MIGRATION – MAKING IT SIMPLE
• Create an application migration project from BusinessFlow
• Select one or more applications
• For each application server, define the new server it will migrate to
• You can even select whether to move or clone the application
• Evaluate potential impact on the application vulnerability and risk level
• Apply the changes
• That’s it
15 | Confidential
![Page 16: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/16.jpg)
SO WHAT HAPPENS NEXT?
• BusinessFlow will now open change requests
• FireFlow will then process these change requests automatically
• The changes can then be implemented all the way to the devices
• That’s it
16 | Confidential
![Page 17: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/17.jpg)
A PICTURE IS WORTH MORE…
17 | Confidential
![Page 18: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/18.jpg)
DEFINING THE MIGRATION PARAMETERS
18 | Confidential
![Page 19: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/19.jpg)
PROJECT DASHBOARD
19 | Confidential
![Page 20: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/20.jpg)
20 | Confidential
DESIGN YOUR APPLICATION CONNECTIVTY BEFORE THE SERVER IP ADDRESSES ARE KNOWN
![Page 21: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/21.jpg)
DEFINE APPLICATION CONNECTIVITY
• BusinessFlow allows you to describe the connectivity required for your applications
• Flow objects can come from various different sources • CMDB
• Firewalls
• Any CSV exported from any source
• But what do you do when the server IP addresses are not yet allocated?
21 | Confidential
![Page 22: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/22.jpg)
INTRODUCING – ABSTRACT OBJECTS
• BusinessFlow allows defining application flows with abstract objects
• Abstract objects function as placeholders
• Flows with abstract objects will be visible but will not be active
• Once your server IP address is allocated, simply replace object to activate the flow
• No more waiting for server IP address allocations before completing application design
22 | Confidential
![Page 23: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/23.jpg)
ABSTRACT OBJECT IN A FLOW
23 | Confidential
![Page 24: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/24.jpg)
ALLOCATING ABSTRACT OBJECTS
24 | Confidential
![Page 25: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/25.jpg)
25 | Confidential
THE ALGOSEC REPORTING TOOL
![Page 26: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/26.jpg)
ENHANCING C-LEVEL VISIBILITY
• C-Level staff need visibility
• They need to know about the problems, trends and bottom line numbers
• They need to get it periodically
• They need it in their mailbox
• They need it in colorful dashboards and charts
26 | Confidential
![Page 27: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/27.jpg)
INTRODUCING THE ALGOSEC REPORTING TOOL
• Rich set of out-of-the-box dashboards and charts
• Rich reporting capabilities on AlgoSec’s top 3 entities:• Devices
• Change Requests
• Business Applications
• Easily create charts and dashboards
• Export the dashboards to PDF or CSV format
• Schedule sending these dashboard to C-Level recipients
27 | Confidential
![Page 28: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/28.jpg)
SOME CHART EXAMPLES - DEVICES
• Devices with lowest PCI compliance score
• Most risky devices
• Average security rating over time
• Devices with lowest baseline compliance score
• Devices whose policies require the most optimization
• And many more…
28 | Confidential
![Page 29: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/29.jpg)
SOME CHART EXAMPLES – CHANGE REQUESTS
• Change requests status distribution
• Open change requests by owner
• Number of change requests created over time
• Number of change requests by device group
• Number of change requests in the same status for X days
• And many more…
29 | Confidential
![Page 30: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/30.jpg)
SOME CHART EXAMPLES – APPLICATIONS
• Most risky applications
• Most vulnerable applications
• Applications with highest number of unscanned servers
• Applications by connectivity status
• Number of change requests per-application
• And many more…
30 | Confidential
![Page 31: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/31.jpg)
SOME DASHBOARD SAMPLES
![Page 32: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/32.jpg)
SCHEDULING DASHBOARD EMAILS
![Page 33: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/33.jpg)
33 | Confidential
DISASTER RECOVERY DEVICE PAIRS
![Page 34: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/34.jpg)
DISASTER RECOVERY DEVICES / PATHS
34 | Confidential
• Some organizations define their networks so that if one route is no longer available, traffic takes a different path through DR firewalls and routers
• Requires defining device disaster recovery pairs
• Traffic that is allowed on one device in the pair must be allowed on the other as well (although the traffic is not currently routed through it)
• For devices without a central management system, maintaining the pair synced is a real challenge
![Page 35: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/35.jpg)
ENTERS ALGOSEC DR-SET
35 | Confidential
• AlgoSec allows you to define DR-Sets – groups of devices that must always share the same policy
• Whenever FireFlow detects that one of the devices in the pair needs to be changed, the other devices will be automatically added to the list of devices to change
• Then, the same traffic that is added to the main device will be added to the rest in the DR Set
• Allows for maintaining the consistency, without any manual work and human errors
![Page 36: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/36.jpg)
DR SETS – HOW IT LOOKS
36 | Confidential
![Page 37: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/37.jpg)
SUMMARY
• AlgoSec provides you with business-centric security policy management capabilities
• A single pane of glass for the required connectivity of your applications
• Automates business-driven change processes
• And much more
• Explore the AlgoSec solution, read through the guides, visit our public KnowledgeBase and ask us questions
• You are bound to find more and more things you may have not known you can do with AlgoSec
37 | Confidential
![Page 38: Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution](https://reader031.vdocuments.site/reader031/viewer/2022021922/5a6602367f8b9a214f8b489b/html5/thumbnails/38.jpg)
MORE RESOURCES
38