Micro-segmentation protects your network by limiting the lateral movement of ransomware and other threats in your network. Yet successfully implementing a defense-in-depth strategy using micro-segmentation may be complicated.
In this second webinar in a series of two webinars about ransomware, Yitzy Tannenbaum, Product Marketing Manager from AlgoSec and Jan Heijdra, Cisco Security Specialist, will provide a blueprint to implementing micro-segmentation using Cisco Secure Workload (formerly Cisco Tetration) and AlgoSec Network Security Policy Management.
Join our live webinar to learn:
• Why micro-segmentation is critical to fighting ransomware
• Understand your business applications to create your micro-segmentation policy
• Validate your micro-segmentation policy is accurate
• Enforce these granular policies on workloads and summarized policies across your infrastructure
• Use risk and vulnerability analysis to tighten your workload and network security
• Identify and manage security risk and compliance in your micro-segmented environment
2. Have you already started a micro-segmentation
project in your organization?
• Yes, we’ve completed our micro-segmentation project
• Yes, we are currently in the midst of a micro-segmentation
project
• No, but it is in our roadmap
• No, and we don’t plan to in the near future
2 | Confidential
POLL
4. JAN HEIJDRA – CISCO SECURITY
Enterprise Mobility
Management
Network Traffic Security Analytics
(Cloud) Workload
Protection
Web
Security
Email
Security
Advanced
Threat
Secure
SD-WAN / Routers
Identity and Network
Access Control
Secure Internet
Gateway
Switches and
Access Points
Next-Gen
FW/IPS
Cloud Access Security
5. 2 | Confidential
YITZY TANNENBAUM – ALGOSEC OVERVIEW
Founded 2004
1800+ Enterprise Customers
Serving 20 of the Fortune 50
24/7 Support via 3 Global Centers
ISO 27001 Certified
Passionate about Customer Satisfaction
FORTUNE
50
ISO
27001
2004
30. What is your main challenge when rolling out a
micro-segmentation project in your organization?
• Complex network, lack of visibility
• Defining the segments based on application dependency
• Make the policy changes required to create the segments
• Not enough manpower / time
30 | Confidential
POLL
38. TRADITIONAL EXCUSES IN A TRADITIONAL DATA CENTER
Use standard or virtualized firewalls
Requires:
• Reassigning IP addresses
• Making routing changes
• Defining new VLANs
• Possibly connecting new cables
Hard Work!
38
39. SOFTWARE-DEFINED DATA CENTERS
• Comes with filtering capabilities inside the networking fabric
• Reassigning IP addresses
• Making routing changes
• Defining new VLANs
• Possibly connecting new cables
• On-premise data center:
• Cisco ACI
• VMware NSX
• Public cloud:
• Amazon AWS
• Microsoft Azure
Old excuses are gone!
Technology is just the 1st step.
You still need to configure it!
39
40. NEXT CHALLENGES
• Where to place the segment boundaries?
• What filtering policy should you write ?
• So all legitimate business traffic is allowed!
• To do this – you just need to know all the legitimate traffic in the
data center, so you can write policy allowing it.
Naturally, you have perfectly accurate records
of all the application flows running through
the data center, so it’s easy. right?
40
41. FOR EVERYONE ELSE: APPLICATION DISCOVERY
• Need to:
• Detect all the network flows
• Annotate them with application name (“intent”)
• Aggregate & optimize “thin” flows into “fat” flows
• Put them in the filtering policy
• How:
• Netflow > AlgoSec AutoDiscovery
• Or Cisco Tetration
• Import into AlgoSec AppViz
• Results:
• Micro-segmentation knowhow
• Application name annotates current + future rules that support it
41
57. WHAT TO DO NEXT?
ATTACHMENTS TAB
Connect with us on LinkedIn
Join the Raffle request a Ransomware Assessment Service
1 random winner will be selected for a free of charge assessment
Request your copy of:
• Cisco Zero Trust Security
• Ransomware Defense for dummies
Select