SlideShare una empresa de Scribd logo

Ch... Ch... Ch... Changes: The eGuide to Automating Firewall Change Control

AlgoSec
AlgoSec
TecnologíaEmpresariales
1 de 12
Descargar para leer sin conexión
Ch…Ch…Ch…Changes The eGuide to Automating Firewall Change Control Share this eBook
Change. The only thing that stays the same in today’s IT environment is that there is always change. Not only is it common, but change often occurs at a breakneck pace. As business needs change (due to rapid Inside this Ebook business growth from mergers and acquisitions, new applications being spun up, old applications being decommissioned, new users, evolving networks and new threats), so must security policies. What Makes Change So Tough? 3 All of this can lead to major headaches for both IT operations and security teams and become a huge business problem: Mind the Gap? 5 • Manual workflows and change management processes are time-consuming and impede IT agility. Not if You Want a Good Change Management Process • Improper management of changes can lead to serious business risks, from issues as benign as legitimate traffic being blocked, all the way to the entire business network going offline. Real-Life Examples of 6 • Some organizations are so concerned about change control and its potential negative impact that they even Changes Gone Bad resort to network freezes during peak business times. We’ve developed this eGuide to help you (YOU should be an IT security and/or operations professional) embrace Taking the Fire Drill out of 7 change through process improvement and identification of areas where automation and actionable intelligence Firewall Changes can enhance both security AND business agility. The Ideal Firewall Change 8 By continuing on this journey with us, you will learn how to take your firewall change management Management Process Key Capabilities to Look 9 for in a Firewall Change Management Solution From... To Ch-Change… Ch-Ching: 11 Quantifying the ROI of Firewall Change Control Automation Conclusion 12 2 Share this eBook
What Makes Change So Tough? Before we dig into the “how” when it comes to automating firewall change management, let’s first step back and level set on the “why”, as in why change can be so daunting. From an IT perspective, change means work… and potentially a lot of it. And with IT organizations stressed to the max, there The Dangers of the Holiday Freeze are many factors that contribute to problems with firewall change management. Guest Blog by Matthew Pascucci, Information Security Writer and Practitioner Post-it Note Policies Informal Change Processes Placing a sticky note on your firewall administrator’s Having a policy state “this is what we must do” is a good desk and expecting the change request to be performed first step, but without a formal set of steps for carrying During the Christmas holiday season does not constitute a formal policy! Yet shockingly this out and enforcing that policy, you still have a ways to many companies utilize network is commonplace. A formal change request process go in terms of solidifying your change processes. The freezes to protect themselves includes clearly defined and documented steps for majority of challenges (55.6%) managing network from errant changes which could how a change request will be handled, by whom, security devices include cause outages during valuable high addressed within a specified SLA, etc. • Time-consuming manual processes traffic days. Many companies put • Poor change management processes these freezes into effect to prevent • Error-prone processes business disruption – and potentially Firewall change management requires detailed and lost business - and are generally concise steps that everyone follows when changes are needed. Any exceptions need to be approved and good ideas. But by protecting the Thi s is documented. organization could we really be putting ourselves at risk? To freeze NO T “What’s the greatest challenge of managing network security devices in your organization?” for the sake of freezing can cause a form al Tension between IT Time- a company to stay frozen in a policy and InfoSec teams Error-prone 9.4% consuming manual processes Share vulnerable, unprotected state… processes This cause risk 10% Research Read the rest of this blog 30% Preventing 13.3% insider threats 15.6% 21.7% Lack of visibility into Poor change network management security processes policies Source: The State of Network Security 2012, April 2012 3 Share this eBook
What Makes Change So Tough? Communication Breakdown If It’s Broke How Will You Know? Network security and operations staff working in silos is It’s imperative to know what the business is up against DID YOU KNOW? a clear path to trouble and a major contributor to out-of- from the perspective of threats and vulnerabilities. band changes, which typically result in “out-of-service”. What’s often overlooked, however, is the impact In many larger companies, routine IT operational and poorly-managed firewall changes have on the Up to 30 percent administrative tasks may be handled by a different business. Not analyzing and thinking through how of implemented rule changes in team than the one that handles security and risk- even the most minute firewall changes are going to large firewall infrastructures are related tasks.  Although both teams are working toward impact the network environment can have dramatic unnecessary because the firewalls the same end, decisions made by one team may lead effects. Without thoughtful analysis you might not are already allowing the requested to issues for the other.  Sometimes these situations can know things such as: traffic! be dealt with in a rush, with the full intention of dealing with any security issues afterward.  But this latter, • Which applications and connections do your Unfortunately, without the proper crucial element may get overlooked. changes break? solution it is very difficult to determine • Which new security vulnerabilities are going to whether a change is necessary. Out-of-process firewall changes resulted in system outages for a majority (54.5%) of the organizations be introduced? So, more often than not, firewall surveyed. For 77.0% of respondents, out-of-process administrators simply create more changes caused a system outage, a data breach, an audit • How will performance and visibility be affected? (redundant) rules. This wastes failure, or more than one of these serious problems. A lot of money and effort is put into keeping the bad valuable time and, in the process, "In your organization, an out-of-process change has resulted in..." guys out, while we forget that we’re often our own makes the firewalls even harder to 60% worst enemy. manage. Share 50% 54.5% This Network Complexity is a Security Killer Research 40% Renowned security expert Bruce Schneier has stated 30% “complexity is the worst enemy of security.” The 20% 25.8% sheer complexity of any given network can lead to a 23.0% 20.2% lot of mistakes, especially when it comes to multiple 10% firewalls with complex rule sets. Simplifying your 0% firewall environment and management processes is Data breach System outage Failing an audit None of the above a must. Source: The State of Network Security 2012, April 2012 4 Share this eBook
Mind the Gap? Not if You Want a Good Change Management Process Change management formalizes the way we work and how to document the “who, what, when, why and how” of all firewall changes. Why operations and security don’t Every new hire, every software patch or upgrade, What’s more, there are solutions that automate mix - and why they should and every network update opens up a security gap day-to-day firewall management tasks and link By Dr. Avishai Wool, AlgoSec CTO and Co-Founder and increases the organization’s risk exposure.  This these changes and procedures so that they are situation becomes further complicated in larger recorded as part of the change management plan. IT operations and security groups are organizations, which may have a mixed security In fact, automated technologies can help bridge the ultimately responsible for making estate comprising traditional, next-generation and gap between change management processes and sure an organization’s systems are virtualized firewalls from multiple vendors, all what’s really taking place. They enhance accuracy functioning so that business goals with hundreds of policies and thousands of rules. and remove people from the equation to a great are met. However these teams extent. For example, a sophisticated firewall - and approach business continuity from Then there are unexpected, quick-fix changes for topology-aware workflow system that is able to access to specific resources or capabilities.  In some different perspectives. The security identify redundant and unneeded change requests department’s number one goal is to cases, the change is made in a rush (after all, who can increase the productivity of your IT staff. wants a C-level exec breathing down their neck protect the company, whereas the because he wants to access the network from his new IT operations team is focused on tablet right now?), without sufficient consideration keeping systems up and running. of whether that change is allowable under current Oftentimes, IT operations and security security policies, or if it introduces new exposure to teams must work together and be on risk. the same page because both have an ownership stake. This is easier said You can’t always predict when users will make change than done. requests, but you can certainly prepare a routine for handling these requests when they arise.  Bringing To achieve this alignment, both IT operations and security teams together to organizations must re-examine prepare game plans for these situations – and for current IT and security processes and… other ‘knowns’ such as network upgrades, change freezes, and audits – helps to minimize the risk of Read more at Last Watchdog these changes causing security holes. 5 Share this eBook
Real-Life Examples of Changes Gone Bad Change can be good. But if not managed properly, change can open up a can of worms when it comes to your security. Here are two examples of changes gone bad: Tips from Your Peers 1. A classic lack of communication between 2. A core provider of e-commerce services to (taken from The Big Collection IT operations and security groups put this businesses in the U.S. suffered a worse fate due of Firewall Management Tips) organization at risk. An administrator, who was to a poorly managed firewall change. One day, trying to be helpful, set up (on his own, with no all e-commerce transactions in and out of its Document, Document, Document… security involvement or documentation) an FTP network ceased and the entire business was “It is especially critical for people share for a client who needed to upload files in taken offline for several hours. Some out-of-band to document the rules they add or a hurry. (and untested) changes to a core firewall broke change so that other administrators the communication between the e-commerce know the purpose of each rule Through this change, the IT admin quickly application and the rest of the Internet. and who to contact about them. addressed the client’s request and the files were Good documentation can make uploaded. However… the FTP account was left up Because of the incident, executive management troubleshooting easy and reduces and unsecured and by the next day, the security got involved and the responsible IT staff members the risk of service disruptions that team noticed larger spikes of inbound traffic to were reprimanded. Hundreds of thousands of can be caused when an administrator the server with this FTP account. The FTP site had dollars later, the root cause of the outage was deletes or changes a rule they do not been compromised and was being used to host revealed: IT staff chose not to test their firewall understand.” pirated movies. changes-bypassing their “burdensome” ITIL-based change management procedures - and ignored Todd, InfoSec Architect, United States the consequences. “Keep a historical change log of your firewall policy, so you can return to safe harbor in case something goes For more real-life firewall changes gone bad, read wrong. A proper change log should Network Security Horror Stories: Change Control include the reason for the change, by infosecurity practitioner Matthew Pascucci. the requester and approval records.” Pedro Cunha, Engineer, Oni, Portugal 6 Share this eBook
Taking the Fire Drill out of Firewall Changes “The best way to manage network security operations is to link security and operations through Tips from Your Peers change management and change control, and to supplement and accelerate automation.” (taken from The Big Collection -Greg Young, Research VP, Gartner of Firewall Management Tips) Accountability between requests Automation helps staff move away from firefighting Watch this video to hear how BT has automated their and actual changes… and being bounced reactively between incidents, and firewall change management process. helps them gain control. The right solution can help “Perform reconciliation between teams track down potential traffic or connectivity change requests and actual issues, highlights areas of risk, and the current status performed changes – looking at the of compliance with policies across mixed estates of unaccounted changes will always traditional, next-generation and virtualized firewalls.  surprise you. Ensuring every change It can also automatically pinpoint the exact devices is accounted for will greatly simplify that may need changes, and show how to design your next audit and help in day-to- and implement that change in the most secure way. day troubleshooting.” Ron, Manager, Australia This not only makes firewall change management easier and more predictable across large estates and “Have a workflow process for multiple teams, but also frees staff to handle more implementing a security rule strategic security and compliance tasks, because the solution is handling much of the heavy lifting. from the user requesting change, Share this video through the approval process and implementation.” To ensure the proper balance of business continuity and security, look for a firewall policy management solution that: Gordy, Senior Network Engineer, • measures every step of the change workflow so you can easily demonstrate SLAs are being met, United States • identifies potential bottlenecks and risks – before changes are made, • and pinpoints change requests that require special attention. 7 Share this eBook
The Ideal Firewall Change Management Process A typical change request process may include the following steps once the request has been made: 1. Clarify the user request and determine dependencies. Obtain all 5. Execute the change. Backup existing configurations, prepare the target relevant information in the change request form (i.e. who is requesting device, notify appropriate workgroups of any planned outage, and the change and why), get proper authorization for the change, match perform the actual change. the change to specific devices, and prioritize the change. Make sure you 6. Verify correct execution to avoid outages. Test the change, including understand the dependencies and the impact to business applications, affected systems and network traffic patterns. other devices and systems, etc. which usually involves multiple 7. Audit and govern the change process. Review the executed change stakeholders from different teams depending on the foreseen impact. and any lessons learned. Having a non-operations related group conduct 2. Validate that the change is needed. AlgoSec research has found that the audit provides the necessary separation of duties and ensures a up to 30% of changes are unnecessary, thus weeding out this redundant documentation trail for every change. work can significantly improve IT operations and business agility. 8. Measure SLAs. Establish new performance metrics and obtain a baseline 3. Perform a risk assessment. Thoroughly test the change and analyze the results before approving the change, so as not to unintentionally measurement. open up a can of worms. Does a proposed change create a new risk in 9. Recertify policies. While not necessary for every rule change, it should the security policy? You want to know this BEFORE making the change. be a part of your change management process at an interval that you 4. Plan the change. Assign resources, create and test your back out plans, define (i.e. once a year, twice a year, etc.) to review and recertify policies. and schedule the change. Part of a good change plan involves having Oftentimes there are rules only needed for a period of time, but left in a backup plan in case a change goes bad. This is also a good place place beyond their intent. This step forces you to review why policies in the process to ensure that everything is properly documented for are in place, to improve documentation, and to remove or tweak rules troubleshooting or recertification purposes. to align with the business. In some cases (i.e. data breach) a change to the firewall rule set must be made immediately, where even with all the automation in the world, there is no time to go through all of the above steps. To address this type of situation, an emergency process should be defined and documented. The Security Change Workflow Request Validate Risk Check Plan Execute Verify Audit Measure Recertify SLAs Emergency Update 8 Share this eBook
Key Capabilities to Look for in a Firewall Change Management Solution There are several baseline requirements when selecting a firewall change management solution that you should make sure are on your checklist. 1. Your workflow system must be 3. Your solution must be topology-aware. firewall-aware. This allows the system This means that the solution must: to gather the proper intelligence, by • Understand how the network is laid out pulling the configuration information from the firewalls to understand the • Understand the devices fit and interact current policies and ultimately reduce • Provide the necessary visibility of how the time it takes to complete many traffic is flowing through the network of the critical steps within a change process. In contrast, a general change management system will not have this integration and thus will provide no domain-specific expertise when it comes to making firewall rule changes. 2. Your system must support all of the 4. Your system must integrate with firewalls and routers used within your existing general change management organization. With the evolution of systems. This is important so that you next-generation firewalls, you should can maximize the return on previously also consider your plans here and made investments. What you don’t want how that fits into you firewall change to have happen is to require massive management decisions. In larger retraining of process and systems organizations there are typically many because now there is a new system to firewalls from different vendors and manage. This integration allows users if your solution cannot support the to continue using the software they are current and or potential future devices used to, but with the added intelligence in the environment, then it isn’t the having that firewall-aware visibility and solution for you! understanding. Continued... 9 Share this eBook
Key Capabilities to Look for in a Firewall Change Management Solution 5. Your system must provide out-of-the-box 99 Detect and filter unneeded/redundant requests change workflows to streamline the process for traffic that is already permitted. Out-of-the-Box Workflows as well as be highly customizable – as no for Real Life Scenarios 99 Provide “what-if” risk-check analyses to ensure organization’s network and change processes compliance with regulations and policies. are exactly the same. Adding new rules via a wizard- 99 Automatically produce detailed work orders, driven request process and flow Key workflow capabilities to look for a solution: indicating which new or existing rules to add or that includes impact analysis, 99 Provide out-of-the-box change workflows to edit and which objects to create or reuse. change validation and audit. help you quickly tackle common change request 99 Prevent unauthorized changes by automatically Changing rules and objects by scenarios matching detected policy changes with request easily defining the requests for 99 Provide the ability to tailor the change process to tickets and report on mismatches. creation, modification and deletion, your unique business needs and identify rules affected by 99 Ensure that change requests have actually suggested object modifications for • Create request templates that define the been implemented on the network, preventing best impact analysis. information required to start a change process premature closing of tickets. and pre-populate information where possible. Removing rules by automatically retrieving a list of change requests • Enable parallel approval steps within the related to the rule removal workflow – ideal for when multiple approvals are request, notify all requestors of the required to process a change. impending change, manage the • Influence the workflow according to dynamic approval process, document and information obtained during ticket processing validate removal. (i.e. risk level, affected firewalls, urgency, etc.). Recertifying rules by automatically presenting all tickets with • Ensure accountability and increase corporate deadlines to the responsible party governance with logic that routes change for recertification or rejection, and requests to specific roles in the workflow. 99 Identify which firewalls and which rules block ru le s ch an ge maintaining a full audit trail with actionable reporting. the requested traffic. 10 Share this eBook
Ch-Change… Ch-Ching: Quantifying the ROI on Firewall Change Control Automation As we’ve examined, manual firewall change management is a time-consuming and error-prone process. Automating this process can result in significant and measurable savings for an enterprise (see the following table). Consider a typical change order that requires a total of four hours of work by all team members throughout the change life cycle, including communication, validation, risk assessment, planning and design, execution, verification, documentation, auditing and measurement. The “loaded” cost per working hour of the IT staff involved in the change process is $60. Based on these assumptions, AlgoSec customers have reported significant cost savings of up to 60 percent, achieved through: 99 Reduction of 50 percent in processing time using automation 99 Elimination of 20 to 30 percent of unneeded changes 99 Elimination of 2 to 8 percent of changes reopened due to incorrect implementation Annual Changes Working Hours Annual Cost ($) Annual Savings ($) 500 2,000 $120,000 $72,000 2,000 8,000 $480,000 $288,000 5,000 20,000 $1,200,000 $720,000 Now that puts the “ch-ching” into “change”! 11 Share this eBook
Conclusion While change management is complex stuff, the decision for your business is actually fairly simple. You could continue to slowly chug along with manual change management processes that drain your IT resources and impede agility. Or you could amp it up with an automated workflow system that helps align the different stakeholders involved in the change process (i.e. network operations, network security, compliance, business owners, etc.) and ultimately helps the business run more smoothly. Think of your change process as a key component of the engine of an expensive car (in this case your organization). Would you drive your car at any speed if you didn’t have brakes? Hopefully the answer is no! The brakes and steering wheel are analogous to change controls and processes. Rather than slowing you down, they can actually make you go faster! Power steering and power brakes (in this case firewall-aware integration and automation) further help you put the pedal to the metal. 12 Share this eBook

Recomendados

Tenrox Workflow Overview 200907
Tenrox Workflow Overview 200907Tenrox Workflow Overview 200907
Tenrox Workflow Overview 200907nightskyy
 
Infosec 2014: Tech Talk - Firewall Change Management
Infosec 2014: Tech Talk - Firewall Change ManagementInfosec 2014: Tech Talk - Firewall Change Management
Infosec 2014: Tech Talk - Firewall Change ManagementSkybox Security
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall EssentialsSylvain Maret
 
Firewall
Firewall Firewall
Firewall Amuthavalli Nachiyar
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Firewall
FirewallFirewall
Firewallsyeda zoya mehdi
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloudAlgoSec
 
compliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarcompliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarAlgoSec
 

Recomendados

Tenrox Workflow Overview 200907
Tenrox Workflow Overview 200907Tenrox Workflow Overview 200907
Tenrox Workflow Overview 200907nightskyy
 
Infosec 2014: Tech Talk - Firewall Change Management
Infosec 2014: Tech Talk - Firewall Change ManagementInfosec 2014: Tech Talk - Firewall Change Management
Infosec 2014: Tech Talk - Firewall Change ManagementSkybox Security
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall EssentialsSylvain Maret
 
Firewall
Firewall Firewall
Firewall Amuthavalli Nachiyar
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Firewall
FirewallFirewall
Firewallsyeda zoya mehdi
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloudAlgoSec
 
compliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarcompliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarAlgoSec
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinarAlgoSec
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...AlgoSec
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinarAlgoSec
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.AlgoSec
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomwareAlgoSec
 
Cloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsCloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsAlgoSec
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to executionAlgoSec
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarBuild and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarAlgoSec
 
Radically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertificationRadically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertificationAlgoSec
 
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...AlgoSec
 
2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...AlgoSec
 
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...AlgoSec
 
Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time AlgoSec
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementAlgoSec
 
2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solutionAlgoSec
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar finalAlgoSec
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarAlgoSec
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)AlgoSec
 
More Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management SuiteMore Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management SuiteAlgoSec
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation finalAlgoSec
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Más contenido relacionado

Más de AlgoSec

The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinarAlgoSec
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...AlgoSec
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinarAlgoSec
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.AlgoSec
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomwareAlgoSec
 
Cloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsCloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsAlgoSec
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to executionAlgoSec
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarBuild and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarAlgoSec
 
Radically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertificationRadically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertificationAlgoSec
 
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...AlgoSec
 
2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...AlgoSec
 
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...AlgoSec
 
Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time AlgoSec
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementAlgoSec
 
2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solutionAlgoSec
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar finalAlgoSec
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarAlgoSec
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)AlgoSec
 
More Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management SuiteMore Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management SuiteAlgoSec
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation finalAlgoSec
 

Más de AlgoSec (20)

The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinar
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware
 
Cloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsCloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrations
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to execution
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarBuild and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinar
 
Radically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertificationRadically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertification
 
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
 
2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...
 
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
 
Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
 
2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)
 
More Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management SuiteMore Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management Suite
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final
 

Último

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Último (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Ch... Ch... Ch... Changes: The eGuide to Automating Firewall Change Control

  • 1. Ch…Ch…Ch…Changes The eGuide to Automating Firewall Change Control Share this eBook
  • 2. Change. The only thing that stays the same in today’s IT environment is that there is always change. Not only is it common, but change often occurs at a breakneck pace. As business needs change (due to rapid Inside this Ebook business growth from mergers and acquisitions, new applications being spun up, old applications being decommissioned, new users, evolving networks and new threats), so must security policies. What Makes Change So Tough? 3 All of this can lead to major headaches for both IT operations and security teams and become a huge business problem: Mind the Gap? 5 • Manual workflows and change management processes are time-consuming and impede IT agility. Not if You Want a Good Change Management Process • Improper management of changes can lead to serious business risks, from issues as benign as legitimate traffic being blocked, all the way to the entire business network going offline. Real-Life Examples of 6 • Some organizations are so concerned about change control and its potential negative impact that they even Changes Gone Bad resort to network freezes during peak business times. We’ve developed this eGuide to help you (YOU should be an IT security and/or operations professional) embrace Taking the Fire Drill out of 7 change through process improvement and identification of areas where automation and actionable intelligence Firewall Changes can enhance both security AND business agility. The Ideal Firewall Change 8 By continuing on this journey with us, you will learn how to take your firewall change management Management Process Key Capabilities to Look 9 for in a Firewall Change Management Solution From... To Ch-Change… Ch-Ching: 11 Quantifying the ROI of Firewall Change Control Automation Conclusion 12 2 Share this eBook
  • 3. What Makes Change So Tough? Before we dig into the “how” when it comes to automating firewall change management, let’s first step back and level set on the “why”, as in why change can be so daunting. From an IT perspective, change means work… and potentially a lot of it. And with IT organizations stressed to the max, there The Dangers of the Holiday Freeze are many factors that contribute to problems with firewall change management. Guest Blog by Matthew Pascucci, Information Security Writer and Practitioner Post-it Note Policies Informal Change Processes Placing a sticky note on your firewall administrator’s Having a policy state “this is what we must do” is a good desk and expecting the change request to be performed first step, but without a formal set of steps for carrying During the Christmas holiday season does not constitute a formal policy! Yet shockingly this out and enforcing that policy, you still have a ways to many companies utilize network is commonplace. A formal change request process go in terms of solidifying your change processes. The freezes to protect themselves includes clearly defined and documented steps for majority of challenges (55.6%) managing network from errant changes which could how a change request will be handled, by whom, security devices include cause outages during valuable high addressed within a specified SLA, etc. • Time-consuming manual processes traffic days. Many companies put • Poor change management processes these freezes into effect to prevent • Error-prone processes business disruption – and potentially Firewall change management requires detailed and lost business - and are generally concise steps that everyone follows when changes are needed. Any exceptions need to be approved and good ideas. But by protecting the Thi s is documented. organization could we really be putting ourselves at risk? To freeze NO T “What’s the greatest challenge of managing network security devices in your organization?” for the sake of freezing can cause a form al Tension between IT Time- a company to stay frozen in a policy and InfoSec teams Error-prone 9.4% consuming manual processes Share vulnerable, unprotected state… processes This cause risk 10% Research Read the rest of this blog 30% Preventing 13.3% insider threats 15.6% 21.7% Lack of visibility into Poor change network management security processes policies Source: The State of Network Security 2012, April 2012 3 Share this eBook
  • 4. What Makes Change So Tough? Communication Breakdown If It’s Broke How Will You Know? Network security and operations staff working in silos is It’s imperative to know what the business is up against DID YOU KNOW? a clear path to trouble and a major contributor to out-of- from the perspective of threats and vulnerabilities. band changes, which typically result in “out-of-service”. What’s often overlooked, however, is the impact In many larger companies, routine IT operational and poorly-managed firewall changes have on the Up to 30 percent administrative tasks may be handled by a different business. Not analyzing and thinking through how of implemented rule changes in team than the one that handles security and risk- even the most minute firewall changes are going to large firewall infrastructures are related tasks.  Although both teams are working toward impact the network environment can have dramatic unnecessary because the firewalls the same end, decisions made by one team may lead effects. Without thoughtful analysis you might not are already allowing the requested to issues for the other.  Sometimes these situations can know things such as: traffic! be dealt with in a rush, with the full intention of dealing with any security issues afterward.  But this latter, • Which applications and connections do your Unfortunately, without the proper crucial element may get overlooked. changes break? solution it is very difficult to determine • Which new security vulnerabilities are going to whether a change is necessary. Out-of-process firewall changes resulted in system outages for a majority (54.5%) of the organizations be introduced? So, more often than not, firewall surveyed. For 77.0% of respondents, out-of-process administrators simply create more changes caused a system outage, a data breach, an audit • How will performance and visibility be affected? (redundant) rules. This wastes failure, or more than one of these serious problems. A lot of money and effort is put into keeping the bad valuable time and, in the process, "In your organization, an out-of-process change has resulted in..." guys out, while we forget that we’re often our own makes the firewalls even harder to 60% worst enemy. manage. Share 50% 54.5% This Network Complexity is a Security Killer Research 40% Renowned security expert Bruce Schneier has stated 30% “complexity is the worst enemy of security.” The 20% 25.8% sheer complexity of any given network can lead to a 23.0% 20.2% lot of mistakes, especially when it comes to multiple 10% firewalls with complex rule sets. Simplifying your 0% firewall environment and management processes is Data breach System outage Failing an audit None of the above a must. Source: The State of Network Security 2012, April 2012 4 Share this eBook
  • 5. Mind the Gap? Not if You Want a Good Change Management Process Change management formalizes the way we work and how to document the “who, what, when, why and how” of all firewall changes. Why operations and security don’t Every new hire, every software patch or upgrade, What’s more, there are solutions that automate mix - and why they should and every network update opens up a security gap day-to-day firewall management tasks and link By Dr. Avishai Wool, AlgoSec CTO and Co-Founder and increases the organization’s risk exposure.  This these changes and procedures so that they are situation becomes further complicated in larger recorded as part of the change management plan. IT operations and security groups are organizations, which may have a mixed security In fact, automated technologies can help bridge the ultimately responsible for making estate comprising traditional, next-generation and gap between change management processes and sure an organization’s systems are virtualized firewalls from multiple vendors, all what’s really taking place. They enhance accuracy functioning so that business goals with hundreds of policies and thousands of rules. and remove people from the equation to a great are met. However these teams extent. For example, a sophisticated firewall - and approach business continuity from Then there are unexpected, quick-fix changes for topology-aware workflow system that is able to access to specific resources or capabilities.  In some different perspectives. The security identify redundant and unneeded change requests department’s number one goal is to cases, the change is made in a rush (after all, who can increase the productivity of your IT staff. wants a C-level exec breathing down their neck protect the company, whereas the because he wants to access the network from his new IT operations team is focused on tablet right now?), without sufficient consideration keeping systems up and running. of whether that change is allowable under current Oftentimes, IT operations and security security policies, or if it introduces new exposure to teams must work together and be on risk. the same page because both have an ownership stake. This is easier said You can’t always predict when users will make change than done. requests, but you can certainly prepare a routine for handling these requests when they arise.  Bringing To achieve this alignment, both IT operations and security teams together to organizations must re-examine prepare game plans for these situations – and for current IT and security processes and… other ‘knowns’ such as network upgrades, change freezes, and audits – helps to minimize the risk of Read more at Last Watchdog these changes causing security holes. 5 Share this eBook
  • 6. Real-Life Examples of Changes Gone Bad Change can be good. But if not managed properly, change can open up a can of worms when it comes to your security. Here are two examples of changes gone bad: Tips from Your Peers 1. A classic lack of communication between 2. A core provider of e-commerce services to (taken from The Big Collection IT operations and security groups put this businesses in the U.S. suffered a worse fate due of Firewall Management Tips) organization at risk. An administrator, who was to a poorly managed firewall change. One day, trying to be helpful, set up (on his own, with no all e-commerce transactions in and out of its Document, Document, Document… security involvement or documentation) an FTP network ceased and the entire business was “It is especially critical for people share for a client who needed to upload files in taken offline for several hours. Some out-of-band to document the rules they add or a hurry. (and untested) changes to a core firewall broke change so that other administrators the communication between the e-commerce know the purpose of each rule Through this change, the IT admin quickly application and the rest of the Internet. and who to contact about them. addressed the client’s request and the files were Good documentation can make uploaded. However… the FTP account was left up Because of the incident, executive management troubleshooting easy and reduces and unsecured and by the next day, the security got involved and the responsible IT staff members the risk of service disruptions that team noticed larger spikes of inbound traffic to were reprimanded. Hundreds of thousands of can be caused when an administrator the server with this FTP account. The FTP site had dollars later, the root cause of the outage was deletes or changes a rule they do not been compromised and was being used to host revealed: IT staff chose not to test their firewall understand.” pirated movies. changes-bypassing their “burdensome” ITIL-based change management procedures - and ignored Todd, InfoSec Architect, United States the consequences. “Keep a historical change log of your firewall policy, so you can return to safe harbor in case something goes For more real-life firewall changes gone bad, read wrong. A proper change log should Network Security Horror Stories: Change Control include the reason for the change, by infosecurity practitioner Matthew Pascucci. the requester and approval records.” Pedro Cunha, Engineer, Oni, Portugal 6 Share this eBook
  • 7. Taking the Fire Drill out of Firewall Changes “The best way to manage network security operations is to link security and operations through Tips from Your Peers change management and change control, and to supplement and accelerate automation.” (taken from The Big Collection -Greg Young, Research VP, Gartner of Firewall Management Tips) Accountability between requests Automation helps staff move away from firefighting Watch this video to hear how BT has automated their and actual changes… and being bounced reactively between incidents, and firewall change management process. helps them gain control. The right solution can help “Perform reconciliation between teams track down potential traffic or connectivity change requests and actual issues, highlights areas of risk, and the current status performed changes – looking at the of compliance with policies across mixed estates of unaccounted changes will always traditional, next-generation and virtualized firewalls.  surprise you. Ensuring every change It can also automatically pinpoint the exact devices is accounted for will greatly simplify that may need changes, and show how to design your next audit and help in day-to- and implement that change in the most secure way. day troubleshooting.” Ron, Manager, Australia This not only makes firewall change management easier and more predictable across large estates and “Have a workflow process for multiple teams, but also frees staff to handle more implementing a security rule strategic security and compliance tasks, because the solution is handling much of the heavy lifting. from the user requesting change, Share this video through the approval process and implementation.” To ensure the proper balance of business continuity and security, look for a firewall policy management solution that: Gordy, Senior Network Engineer, • measures every step of the change workflow so you can easily demonstrate SLAs are being met, United States • identifies potential bottlenecks and risks – before changes are made, • and pinpoints change requests that require special attention. 7 Share this eBook
  • 8. The Ideal Firewall Change Management Process A typical change request process may include the following steps once the request has been made: 1. Clarify the user request and determine dependencies. Obtain all 5. Execute the change. Backup existing configurations, prepare the target relevant information in the change request form (i.e. who is requesting device, notify appropriate workgroups of any planned outage, and the change and why), get proper authorization for the change, match perform the actual change. the change to specific devices, and prioritize the change. Make sure you 6. Verify correct execution to avoid outages. Test the change, including understand the dependencies and the impact to business applications, affected systems and network traffic patterns. other devices and systems, etc. which usually involves multiple 7. Audit and govern the change process. Review the executed change stakeholders from different teams depending on the foreseen impact. and any lessons learned. Having a non-operations related group conduct 2. Validate that the change is needed. AlgoSec research has found that the audit provides the necessary separation of duties and ensures a up to 30% of changes are unnecessary, thus weeding out this redundant documentation trail for every change. work can significantly improve IT operations and business agility. 8. Measure SLAs. Establish new performance metrics and obtain a baseline 3. Perform a risk assessment. Thoroughly test the change and analyze the results before approving the change, so as not to unintentionally measurement. open up a can of worms. Does a proposed change create a new risk in 9. Recertify policies. While not necessary for every rule change, it should the security policy? You want to know this BEFORE making the change. be a part of your change management process at an interval that you 4. Plan the change. Assign resources, create and test your back out plans, define (i.e. once a year, twice a year, etc.) to review and recertify policies. and schedule the change. Part of a good change plan involves having Oftentimes there are rules only needed for a period of time, but left in a backup plan in case a change goes bad. This is also a good place place beyond their intent. This step forces you to review why policies in the process to ensure that everything is properly documented for are in place, to improve documentation, and to remove or tweak rules troubleshooting or recertification purposes. to align with the business. In some cases (i.e. data breach) a change to the firewall rule set must be made immediately, where even with all the automation in the world, there is no time to go through all of the above steps. To address this type of situation, an emergency process should be defined and documented. The Security Change Workflow Request Validate Risk Check Plan Execute Verify Audit Measure Recertify SLAs Emergency Update 8 Share this eBook
  • 9. Key Capabilities to Look for in a Firewall Change Management Solution There are several baseline requirements when selecting a firewall change management solution that you should make sure are on your checklist. 1. Your workflow system must be 3. Your solution must be topology-aware. firewall-aware. This allows the system This means that the solution must: to gather the proper intelligence, by • Understand how the network is laid out pulling the configuration information from the firewalls to understand the • Understand the devices fit and interact current policies and ultimately reduce • Provide the necessary visibility of how the time it takes to complete many traffic is flowing through the network of the critical steps within a change process. In contrast, a general change management system will not have this integration and thus will provide no domain-specific expertise when it comes to making firewall rule changes. 2. Your system must support all of the 4. Your system must integrate with firewalls and routers used within your existing general change management organization. With the evolution of systems. This is important so that you next-generation firewalls, you should can maximize the return on previously also consider your plans here and made investments. What you don’t want how that fits into you firewall change to have happen is to require massive management decisions. In larger retraining of process and systems organizations there are typically many because now there is a new system to firewalls from different vendors and manage. This integration allows users if your solution cannot support the to continue using the software they are current and or potential future devices used to, but with the added intelligence in the environment, then it isn’t the having that firewall-aware visibility and solution for you! understanding. Continued... 9 Share this eBook
  • 10. Key Capabilities to Look for in a Firewall Change Management Solution 5. Your system must provide out-of-the-box 99 Detect and filter unneeded/redundant requests change workflows to streamline the process for traffic that is already permitted. Out-of-the-Box Workflows as well as be highly customizable – as no for Real Life Scenarios 99 Provide “what-if” risk-check analyses to ensure organization’s network and change processes compliance with regulations and policies. are exactly the same. Adding new rules via a wizard- 99 Automatically produce detailed work orders, driven request process and flow Key workflow capabilities to look for a solution: indicating which new or existing rules to add or that includes impact analysis, 99 Provide out-of-the-box change workflows to edit and which objects to create or reuse. change validation and audit. help you quickly tackle common change request 99 Prevent unauthorized changes by automatically Changing rules and objects by scenarios matching detected policy changes with request easily defining the requests for 99 Provide the ability to tailor the change process to tickets and report on mismatches. creation, modification and deletion, your unique business needs and identify rules affected by 99 Ensure that change requests have actually suggested object modifications for • Create request templates that define the been implemented on the network, preventing best impact analysis. information required to start a change process premature closing of tickets. and pre-populate information where possible. Removing rules by automatically retrieving a list of change requests • Enable parallel approval steps within the related to the rule removal workflow – ideal for when multiple approvals are request, notify all requestors of the required to process a change. impending change, manage the • Influence the workflow according to dynamic approval process, document and information obtained during ticket processing validate removal. (i.e. risk level, affected firewalls, urgency, etc.). Recertifying rules by automatically presenting all tickets with • Ensure accountability and increase corporate deadlines to the responsible party governance with logic that routes change for recertification or rejection, and requests to specific roles in the workflow. 99 Identify which firewalls and which rules block ru le s ch an ge maintaining a full audit trail with actionable reporting. the requested traffic. 10 Share this eBook
  • 11. Ch-Change… Ch-Ching: Quantifying the ROI on Firewall Change Control Automation As we’ve examined, manual firewall change management is a time-consuming and error-prone process. Automating this process can result in significant and measurable savings for an enterprise (see the following table). Consider a typical change order that requires a total of four hours of work by all team members throughout the change life cycle, including communication, validation, risk assessment, planning and design, execution, verification, documentation, auditing and measurement. The “loaded” cost per working hour of the IT staff involved in the change process is $60. Based on these assumptions, AlgoSec customers have reported significant cost savings of up to 60 percent, achieved through: 99 Reduction of 50 percent in processing time using automation 99 Elimination of 20 to 30 percent of unneeded changes 99 Elimination of 2 to 8 percent of changes reopened due to incorrect implementation Annual Changes Working Hours Annual Cost ($) Annual Savings ($) 500 2,000 $120,000 $72,000 2,000 8,000 $480,000 $288,000 5,000 20,000 $1,200,000 $720,000 Now that puts the “ch-ching” into “change”! 11 Share this eBook
  • 12. Conclusion While change management is complex stuff, the decision for your business is actually fairly simple. You could continue to slowly chug along with manual change management processes that drain your IT resources and impede agility. Or you could amp it up with an automated workflow system that helps align the different stakeholders involved in the change process (i.e. network operations, network security, compliance, business owners, etc.) and ultimately helps the business run more smoothly. Think of your change process as a key component of the engine of an expensive car (in this case your organization). Would you drive your car at any speed if you didn’t have brakes? Hopefully the answer is no! The brakes and steering wheel are analogous to change controls and processes. Rather than slowing you down, they can actually make you go faster! Power steering and power brakes (in this case firewall-aware integration and automation) further help you put the pedal to the metal. 12 Share this eBook