Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Application visibility across the security estate the value and the vision - final

420 visualizaciones

Publicado el

Security policy management solutions enable security and operations teams to manage and optimize firewall policy, automate security policy changes and mitigate network security risk - all while avoiding misconfigurations, staying compliant and saving time and resources.

While this provides unprecedented value for network security visibility and management, these teams often lack the business context; the ability to assess the impact of network and firewall rule changes on the company’s business applications, application availability and business processes.

Join Yonatan Klein, Director Product Management at AlgoSec, as he explores why a security policy management solution should also offer application discovery and visibility to enable a truly business-driven approach to security policy management.

The webinar will cover:

Business-driven management of connectivity change requests while avoiding misconfigurations and miscommunications
Pro-active visibility of the security impact of application changes before applying them
How visibility into the applications associated with every firewall rule enhances auditing, compliance and policy cleanup
Clear visibility into the impact of new vulnerabilities and maintenance tasks on business processes
Different ways to discover network connectivity for existing applications

Publicado en: Tecnología
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Application visibility across the security estate the value and the vision - final

  1. 1. APPLICATION VISIBILITY ACROSS THE SECURITY ESTATE Yonatan Klein, Director of Product Management Yonatan.Klein@algosec.com
  2. 2. 2| Confidential WELCOME Have a question? Submit it via the chat This webinar is being recorded! Slides and recording will be sent to you after the webinar 2
  3. 3. 3| Confidential GROWING EXPECTATIONS FROM IT AND SECURITY TEAMS
  4. 4. 4| Confidential RUN FASTER! • Constant demand for higher business agility • Technology enablers (DevOps, cloud, SDN) • Deliver in minutes/hours, not weeks/months DEV OPS PROTECT YOUR NETWORK BETTER! • Attacks and breaches are constantly on the rise, more sophisticated • Security must be stronger and tighter But also…
  5. 5. 5| Confidential THE BALANCING ACT - REALITY Trying to find the perfect balance: • Both agility and security are affected • Constant tension between Security and Apps teams Security Business Agility And if it fails … Shadow IT starts
  6. 6. 6| Confidential BUT WHAT IF YOU COULD… HAVE YOUR CAKE AND EAT IT?
  7. 7. INFORMATIONMANAGING SECURITY WITH THE BUSINESS CONTEXT * Slide from AlgoSec webinar featuring Gartner The move to the cloud, mobile and digital business requires changes in how we approach security People Processes Application & Services Workspace OS Network Hardware TOP DOWN Information, process and Application-centric security Business-driven security BOTTOM UP Device and OS fixation, “lockdown” Asset-centric security
  8. 8. 8| Confidential WHY IS THE BUSINESS CONTEXT SO IMPORTANT • Prioritize risk management by application criticality • Application sensitivity impact security levels • E.g. PCI • Security policy affected by application status Matching of business application to firewall rules
  9. 9. 9| Confidential AlgoSec enables companies to align security with their business processes Business-driven Agility Business-driven Visibility Business-driven Security BUSINESS DRIVEN SECURITY MANAGEMENT
  10. 10. HOW DIFFICULT IS IT FOR YOUR NETWORK TEAMS TO UNDERSTAND THE BUSINESS CONTEXT OF FIREWALL RULES? • Very • Slightly • This is not a challenge Please vote using the “votes from audience” tab in your BrightTALK panel POLL
  11. 11. 11| Confidential THE APPLICATION LIFECYCLE
  12. 12. 12| Confidential THE SECURITY POLICY MANAGEMENT LIFECYCLE Auto-discover and map application connectivity and security infrastructure Allow application owners and architects to easily define their application connectivity needs
  13. 13. 13| Confidential DESIGN OR DISCOVER EXISTING APPLICATIONS • Existing sources? • CMDB • Excel Spreadsheet • Firewall Rules • APM DB • Network discovery • Firewall logs • Network sensing • 3rd party network probing • Design a new application
  14. 14. 14| Confidential APPLICATION & CONNECTIVITY AUTO-DISCOVERY • Various sources: network mirroring, PCAP files, NetFlow, sFlow Network sensing • Determine hosts • Determine active flows Analyze network traffic • Smart heuristics to identify web services, data bases, applications • Application identity “hints” Identify business applications
  15. 15. 15| Confidential THE MAPPED BUSINESS APPLICATIONS
  16. 16. 16| Confidential DISCOVERED APPLICATIONS
  17. 17. 17| Confidential DISCOVERED APPLICATION FLOWS
  18. 18. 18| Confidential OPTIMIZED FLOWS
  19. 19. 19| Confidential THE SECURITY POLICY MANAGEMENT LIFECYCLE Design for segmentation Translate application connectivity into firewall rules Assess risk and compliance Auto-discover and map application connectivity and security infrastructure Allow application owners and architects to easily define their application connectivity needs
  20. 20. 20| Confidential UNFILTERED FLOWS FOR MICRO- SEGMENTATION If you place endpoints in different segments: • Write policy to allow the flow • … or application will break • Enables Micro-segmentation !
  21. 21. 21| Confidential BETTER SECURITY WITH MICRO-SEGMENTATION • Introduce filtering choke-points between zones • Allows control of east-west traffic • Lets organizations restrict lateral movement between zones • How can we make this a reality?
  22. 22. 22| Confidential INTRODUCING CHOKE POINTS Traditional data center Virtualized network / SDN  • Built-in firewalls as part of the infrastructure • No extra hardware needed • A major effort involving: • Hardware • Cabling • Reconfigure switching and routing
  23. 23. 24| Confidential SEGMENTATION WITH SECURITY PROFILE MATRIX 24
  24. 24. 25| Confidential THE BUSINESS-APPLICATION PERSPECTIVE • East-West traffic is generated by business applications • Each business application has: • Servers supporting it • Clients accessing it • Business application connectivity requirements: • Server-to-server traffic flows • Client-to-server traffic flows Segmentation example: • Human-accessible systems • Web-front • Application Servers • Infrastructure servers • DMZ …
  25. 25. 26| Confidential Design Enforce FULL CYCLE FROM DESIGN TO ENFORCEMENT
  26. 26. 27| Confidential EASILY VISUALIZE AND REVIEW APPLICATION CONNECTIVITY
  27. 27. 28| Confidential ANALYZE AND REVIEW APPLICATION CONNECTIVITY RISKS
  28. 28. 29| Confidential AND … VULNERABILITIES
  29. 29. 30| Confidential THE SECURITY POLICY MANAGEMENT LIFECYCLE Automated policy push Design for segmentation Translate application connectivity into firewall rules Assess risk and compliance Auto-discover and map application connectivity and security infrastructure Allow application owners and architects to easily define their application connectivity needs
  30. 30. 31| Confidential MANAGING APPLICATION LIFECYCLE AS A PROJECT Move Application Payroll from testing to staging
  31. 31. 32| Confidential EASILY MANAGE APPLICATION LIFECYCLE
  32. 32. 33| Confidential REVIEW RISKS
  33. 33. 34| Confidential OPEN CHANGE REQUEST • Easily tracked • Approval workflows
  34. 34. 35| Confidential AUTOMATIC CALCULATION OF DEVICES IN PATH
  35. 35. 36| Confidential AUTOMATIC CALCULATION OF DEVICES IN PATH
  36. 36. 37| Confidential APPROVAL OF RISKS
  37. 37. 38| Confidential TRANSLATION AND IMPLEMENTATION OF POLICY RULES
  38. 38. 39| Confidential THE SECURITY POLICY MANAGEMENT LIFECYCLE Out-of-the box auditing and compliance reports Link firewall rules to applications Policy clean up and optimization Tie cyber attacks and vulnerabilities to business processes Prioritize risks and vulnerabilities Design for segmentation Translate application connectivity into firewall rules Assess risk and compliance Auto-discover and map application connectivity and security infrastructure Allow application owners and architects to easily define their application connectivity needs Automated policy push
  39. 39. 40| Confidential RISK AND THE APPLICATION • Easily identify the applications most at risk • Present risk also to application owners and BU managers • Prioritize based on risk level, applications sensitivity and criticality
  40. 40. 41| Confidential BRING BUSINESS- CENTRIC VULNERABILITY MODELING INTO REGULATORY COMPLIANCE PCI sensitive applications…
  41. 41. 42| Confidential CONSIDER THE APPLICATION IN POLICY CLEAN UP Example: we are considering the effect of a new FTP related threat – what applications at risk?
  42. 42. 43| Confidential APPLICATION IMPACT IN INCIDENT RESPONSE Incident identified in SIEM
  43. 43. 44| Confidential APPLICATION IMPACT IN INCIDENT RESPONSE Use AlgoSec to correlate to application
  44. 44. 45| Confidential APPLICATION IMPACT IN INCIDENT RESPONSE Investigate path and possible ways or closing the attach vector.
  45. 45. 46| Confidential THE SECURITY POLICY MANAGEMENT LIFECYCLE Decommission redundant firewall rules and application connectivity Out-of-the box auditing and compliance reports Link firewall rules to applications Policy clean up and optimization Tie cyber attacks and vulnerabilities to business processes Auto-discover and map application connectivity and security infrastructure Allow application owners and architects to easily define their application connectivity needs Design for segmentation Translate application connectivity into firewall rules Assess risk and compliance Automated policy push
  46. 46. Please vote using the “votes from audience” tab in your BrightTALK panel HOW MANY TIMES A YEAR DO YOU RE-CERTIFY YOUR FIREWALL RULES? • On a project basis • Once a year • Twice a year • Once every 2 years POLL
  47. 47. 48| Confidential WHY FIREWALL RULES BECOME REDUNDANT An application is decommissioned An application is upgraded and uses different services/ ports An endpoint is moved to a different datacenter Decommissioning of outdated rules is best practice: • Security: reduce attack surface and risk • Compliance: periodic reviews are mandated
  48. 48. 49| Confidential TRADITIONAL METHODOLOGY REVIEW the firewall logs and determine when the rule was last used READ the comments to see who requested the rule and which application it serves VALIDATE that the application is not in use with the relevant contact REMOVE the rule or extend the expiration date
  49. 49. 50| Confidential FIREWALL RULE BASE
  50. 50. 51| Confidential AN APPLICATION CENTRIC APPROACH
  51. 51. 52| Confidential AN APPLICATION CENTRIC APPROACH
  52. 52. 53| Confidential AN APPLICATION CENTRIC APPROACH
  53. 53. 54| Confidential RULE DECOMMISSIONING Manual Process Manage each rule separately Bombarded by rule recertification notifications Problematic to track rules to originating purpose With Automation Business application expiration date Timely configured notification – per application Single click to decommission or extend expiration date
  54. 54. 55| Confidential SUMMARY • Top-down, business driven approach enables security officers to make better decisions considering the balance of business needs and security. • Business-Driven automation enables fast application delivery while enforcing security and ensure continuous compliance. • Design -> review risks - > enforce And of course … all is documented • Tying application info to security controls enables prioritization, visibility and better decision making
  55. 55. 56| Confidential Q&A
  56. 56. 57| Confidential MORE RESOURCES www.algosec.com/resources WHITEPAPER SOLUTION BROCHURE PPT PROF. WOOL EDUCATIONAL VIDEOS
  57. 57. 58| Confidential UPCOMING WEBINARS https://www.algosec.com/webinars Topic: Securely Managing External Network Connections — Tips & Tricks When: Tuesday, June 12th Presented by: Prof. Avishai Wool, CTO Topic: Selecting the right security policy management solution for your organization When: Tuesday, July 10th Presented by: Kyle Wickert, Worldwide Strategic Architect ---Sign up now ---
  58. 58. THANK YOU! Questions can be emailed to marketing@algosec.com

×