Renowned security expert Bruce Schneier said “Complexity is the enemy of security.” But, complexity is common in today’s network security environment with thousands of security access rules, highly connected business critical applications, and lots of firewall changes that must be processed. This presentation examines: - Why making security changes is so tough - Critical steps for the an ideal security change workflow - How to automate the entire firewall change management process

1. How to Take the Fire Drill
out of Making Firewall Changes

2. “Complexity is the worst
enemy of security”
- Bruce Schneier

3. • Application Connectivity
• Data Center
Migration/Consolidation
• Decommissioned Applications
• M&A
• Next-Generation Policies
• (External) Applications
• Users
• Devices
• New Threats

4. This is Not a
Formal Policy

6. Source: The State of Network Security 2013
20.2%
22.1%
54.5%
43.6%
25.8%
16.6%
23.0%
25.2%
32.5%
0%
10%
20%
30%
40%
50%
60%
70%
80%
In your organization, an out-of-process change has resulted in...
2012
2013
Application Outage
Network Outage
Data Breach System Outage Failing an Audit None of the above

7. 2013Source: The State of Network Security

8. 30%
of
Changes
Made are
Unneeded

9. “The best way to manage network
security operations is to
link security and operations
through change management and
change control, and to supplement
and accelerate automation.”

10. Dissecting the Security
Change Workflow

11. The Security Change Workflow
Request
Analysis
Approval
Implementation
Design
Execution/
Verification
Audit the
Change Process
Recertify Rules
Measure SLAsSecurity Operations
Compliance Executive
Operations
11

12. Request Analysis
• Who can make a request?
• Avoiding miscommunication
• What can be requested?
• Add access
• Remove access
• Recertify access
• Change/Remove objects
• Prioritization
• Eliminating “already works”
• Discovering relevant devices
12

13. Approval
• Risk analysis
• Compliance analysis
• Legal analysis
• Serial vs. Parallel
• Escalation
• Documentation!
13

14. Implementation/Design
• Create new vs. edit existing
• Reusing objects
• Testing the new rule
• Pushing the new rule
14

15. Execution/Verification
• Verify correct execution
• Notify requestor
• Request/Change reconciliation
15

16. Tips to Take
the Fire Drill out of
Firewall Changes!

17. “It is especially critical for people to
document the rules they add or change
so that other administrators know the
purpose of each rule and who to contact
about them. Good documentation can
make troubleshooting easy and reduces
the risk of service disruptions that can be
caused when an administrator deletes or
changes a rule they do not understand.”
- Todd, InfoSec Architect, United States
17
Tip 1: Document, Document, Document

18. “Perform reconciliation between
change requests and actual performed
changes – looking at the unaccounted
changes will always surprise you.
Ensuring every change is accounted for
will greatly simplify your next audit and
help in day-to-day troubleshooting.”
- Ron, Manager, Australia
18
Tip 2: Ensure Accountability

19. 19
Tip 3: Ensure an Application-Centric View
• Provide centralized visibility of
application connectivity needs
• Understand the impact of application
changes on the network and vice-versa
• Understand firewall rule and
application interdependency to safely
decommission applications

20. Your Security Change Management Solution Must:
1. Be firewall-aware
2. Support all firewalls and routers in your network
3. Be topology-aware
4. Integrate with your existing CMS
5. Provide application-level visibility and change
impact analysis
6. Easily customize to your business processes
20
Look for these Key Capabilities

21. Security Change Automation
with the
AlgoSec Security
Management Suite

22. Security
Infrastructure
Business
Applications
Managing Security at the Speed of Business
22
Application Owners SecurityNetwork Operations
Faster Security
Provisioning for
Business
Applications
Align Teams for
Improved Agility
and Accountability
ROI in less than 1 Year!
Gain Total
Visibility and
Control of your
Security Policy
AlgoSec Security Management Suite

23. Security
Infrastructure
Business
Applications
The AlgoSec Suite - BusinessFlow
23
Application Owners SecurityNetwork Operations
AlgoSec Security Management Suite
BusinessFlow
Application-Centric Policy Management
• Easily provision connectivity for business applications
• Improve visibility and application availability
• Securely decommission applications
• Translate business requirements to underlying policy

24. Business
Applications
Security
Infrastructure
The AlgoSec Suite – Firewall Analyzer
24
Application Owners SecurityNetwork Operations
AlgoSec Security Management Suite
BusinessFlow Firewall Analyzer
Security Policy Analysis
• Automate and streamline firewall operations
• Ensure a secure and optimized policy
• Conduct audits in hours instead of weeks

25. Business
Applications
Security
Infrastructure
The AlgoSec Suite – FireFlow
25
Application Owners
AlgoSec Security Management Suite
BusinessFlow FireFlow Firewall Analyzer
Security Policy Change Automation
• Process changes 2x-4x faster
• Improve accuracy and accountability
• Ensure continuous compliance and security
SecurityNetwork Operations

26. Business Impact
26
Annual Savings
Reduction in Auditing Expenses $192,000
Reduction in Change Request Processing Time $180,000
Reduction in Troubleshooting Resolution Time $90,000
Extended Lifespan of Hardware $47,500
Total Annual Savings $509,500
3 Year Savings $1,528,500
Sample Organization
• 50 Network Firewalls
• Loaded IT cost - $60/hour
• 2 changes per firewall per month
Generate your own ROI report at AlgoSec.com/ROI

27. A Real Life,
Automated, Firewall
Change Workflow

28. Q&A and Next Steps
Download the Security Change
Management ebook @
www.algosec.com/securitychanges_ebook
Calculate your potential ROI @
www.algosec.com/ROI
Evaluate the AlgoSec Security
Management Suite @
www.algosec.com/eval
28

29. Connect with AlgoSec on:
www.AlgoSec.com
Managing Security at the Speed of Business