Upload
algosec
View
133
Download
0
Embed Size (px)
Citation preview
5 THINGS YOU DIDN’T KNOW YOU COULD DO WITH A SECURITY POLICY MANAGEMENT SOLUTION
Edy Almer
GOALS FOR TODAY
AlgoSec helps you manage security, reduce risk and respond to incidents, while maximizing business agility and ensuring compliance across your disparate, ever-changing, hybrid networks.
In this webinar we’ll cover how to:
• Automate end-to end change management cross public and private cloud – not just orchestration
• Perform a fully automated, zero-touch security policy change• Make patching and vulnerability assessment business-driven
• Make your cyber response business application-aware and automate it
• Automate firewall migrations
2 | Confidential
3 | Confidential
END-TO-END CHANGE MANAGEMENT
END TO END CHANGE MANAGEMENT
• Network and security change requests keeps piling up
• With them, new technologies and deployments of security devices
• SDN, Cloud, multiple firewall vendors… - managing changes is a pain
• What if you could get a single location to submit the change requests and that automates the entire change process for you?
4 | Confidential
FIRST – AUTOMATICALLY FIND BLOCKING DEVICES
• Utilizes the AlgoSec understanding of the network
• Combines with advanced network analysis algorithms
• Completely vendor agnostic
• Focuses on the devices that require change
• If nothing requires change – automatically closes the change request
5 | Confidential
FIRST – AUTOMATICALLY FIND BLOCKING DEVICES
6 | Confidential
SECOND – RISK CHECK
• What-if analysis for proactive security checks
• Verifies compliance with the organizational security policy
• Everything the security analyst needs – ready and waiting
• Did we mention it is vendor agnostic?
7 | Confidential
SECOND – RISK CHECK
8 | Confidential
THIRD – IMPLEMENTATION
• Every relevant device gets an implementation recommendation
• Add a rule, remove a rule or even edit an existing rule
• In the language and according to the limitations of each device
• Implement to the device with a click of a button (ActiveChange)
9 | Confidential
THIRD – IMPLEMENTATION
10 | Confidential
FINALLY - VALIDATION
• Automatically validates the change request was implemented properly
• Step 1 – make sure traffic is now allowed
• Step 2 – make sure the implementation was accurate
• This is it – end to end in minutes, on premise / public cloud / routers / firewalls – doesn’t matter
11 | Confidential
FINALLY - VALIDATION
12 | Confidential
13 | Confidential
AUTOMATION – ALL THE WAY
INTRODUCING – ZERO-TOUCH WORKFLOW
• If no severe risks are found – why delay?
• Workflows can be configured to be fully automated
• Running through the different stages without human intervention
• Request to implementation in minutes without spending any time
• We even have such out-of-the-box workflow – try it
14 | Confidential
INTRODUCING – ZERO-TOUCH WORKFLOW
15 | Confidential
16 | Confidential
TYING VULNERABILITIES TO THE BUSINESS
MAKE THE BUSINESS OWNER OWN THE SECURITY
• Vulnerability scanners generate a lot of results
• Security engineers are responsible for prioritizing and remediating
• Usually prioritization is according to the severity based on inputs from the scanner
• What about the business impact?
• Vulnerabilities are presented in the context of an application
• Visibility to the most vulnerable applications including drill down
• You can even schedule a periodic C-level report for this info
• Now the business owner can own the security as well
17 | Confidential
VULNERABILITIES IN THE BUSINESS CONTEXT
18 | Confidential
VULNERABILITIES IN THE BUSINESS CONTEXT
19 | Confidential
20 | Confidential
TIE CYBER ATTACKS TO THE BUSINESS IMPACT
INTEGRATION WITH SIEM SYSTEMS
• Your SOC engineer is working on a cyber attack
• A server is flagged as exposed to an attack
• Fast impact analysis and isolation are required
• Introducing – the AlgoSec plugin for your SIEM system
• Get instant visibility to the applications impacted by this server
• Find out if the server is exposed to the Internet
• Immediately initiate isolation of the exposed server
• In the process – no need to leave the SIEM system interface
21 | Confidential
INTEGRATION WITH SIEM SYSTEMS
• Your SOC engineer is working on a cyber attack
• A server is flagged as exposed to an attack
• Fast impact analysis and isolation are required
• Introducing – the AlgoSec plugin to your SIEM system
• Get instant visibility to the applications impacted by this server
• Find out if the server is exposed to the Internet
• Immediately initiate isolation of the exposed server
• In the process – no need to leave the SIEM system interface
22 | Confidential
BUSINESS APPLICATIONS IMPACTED BY INCIDENT
23 | Confidential
- Critical application?(priority, business impact)
- Firewall in path for internet connectivity
INCIDENT REACHABILITY ANALYSIS
24 | Confidential
Can reach Internet?
Data exfiltration
Can reach critical zones?
Damage potential
REMEDIATION – AUTOMATE SERVER ISOLATION
25 | Confidential
Change request to drop traffic to/from infected server (auto-flow)
26 | Confidential
AUTOMATIC FIREWALL MIGRATIONS
FIREWALL MIGRATION – WHY NOT AUTOMATE
• Migrating firewalls is just another big change request
• Manual or semi-manual processes result in human errors
• AlgoSec has visibility into the policies
• AlgoSec knows how to run change requests
• AlgoSec can push changes to devices
• Nothing missing – Let’s automate
• Introducing - firewall migration in three steps
27 | Confidential
STEP 1 – EXPORTING SOURCE POLICY
28 | Confidential
STEP 2 – OPEN A VERBATIM CHANGE REQUEST
29 | Confidential
STEP 3 – SIT BACK AND WAIT
30 | Confidential
• It is that simple!
WHAT DID WE SEE TODAY ?
•Automate end-to-end change management –with zero touch
•Make your patching and vulnerability assessment business-driven
•Make your cyber response business application-aware and automate it
•Automate firewall migrations
31 | Confidential
MORE RESOURCES
32
Thank you!
Questions can be emailed to [email protected]