Renowned security expert Bruce Schneier said “Complexity is the enemy of security.” But, complexity is common in today’s network security environment with thousands of security access rules, highly connected business critical applications, and lots of firewall changes that must be processed. This presentation examines:
- Why making security changes is so tough
- Critical steps for the an ideal security change workflow
- How to automate the entire firewall change management process
6. Source: The State of Network Security 2013
20.2%
22.1%
54.5%
43.6%
25.8%
16.6%
23.0%
25.2%
32.5%
0%
10%
20%
30%
40%
50%
60%
70%
80%
In your organization, an out-of-process change has resulted in...
2012
2013
Application Outage
Network Outage
Data Breach System Outage Failing an Audit None of the above
9. “The best way to manage network
security operations is to
link security and operations
through change management and
change control, and to supplement
and accelerate automation.”
17. “It is especially critical for people to
document the rules they add or change
so that other administrators know the
purpose of each rule and who to contact
about them. Good documentation can
make troubleshooting easy and reduces
the risk of service disruptions that can be
caused when an administrator deletes or
changes a rule they do not understand.”
- Todd, InfoSec Architect, United States
17
Tip 1: Document, Document, Document
18. “Perform reconciliation between
change requests and actual performed
changes – looking at the unaccounted
changes will always surprise you.
Ensuring every change is accounted for
will greatly simplify your next audit and
help in day-to-day troubleshooting.”
- Ron, Manager, Australia
18
Tip 2: Ensure Accountability
19. 19
Tip 3: Ensure an Application-Centric View
• Provide centralized visibility of
application connectivity needs
• Understand the impact of application
changes on the network and vice-versa
• Understand firewall rule and
application interdependency to safely
decommission applications
20. Your Security Change Management Solution Must:
1. Be firewall-aware
2. Support all firewalls and routers in your network
3. Be topology-aware
4. Integrate with your existing CMS
5. Provide application-level visibility and change
impact analysis
6. Easily customize to your business processes
20
Look for these Key Capabilities
22. Security
Infrastructure
Business
Applications
Managing Security at the Speed of Business
22
Application Owners SecurityNetwork Operations
Faster Security
Provisioning for
Business
Applications
Align Teams for
Improved Agility
and Accountability
ROI in less than 1 Year!
Gain Total
Visibility and
Control of your
Security Policy
AlgoSec Security Management Suite
23. Security
Infrastructure
Business
Applications
The AlgoSec Suite - BusinessFlow
23
Application Owners SecurityNetwork Operations
AlgoSec Security Management Suite
BusinessFlow
Application-Centric Policy Management
• Easily provision connectivity for business applications
• Improve visibility and application availability
• Securely decommission applications
• Translate business requirements to underlying policy
24. Business
Applications
Security
Infrastructure
The AlgoSec Suite – Firewall Analyzer
24
Application Owners SecurityNetwork Operations
AlgoSec Security Management Suite
BusinessFlow Firewall Analyzer
Security Policy Analysis
• Automate and streamline firewall operations
• Ensure a secure and optimized policy
• Conduct audits in hours instead of weeks
25. Business
Applications
Security
Infrastructure
The AlgoSec Suite – FireFlow
25
Application Owners
AlgoSec Security Management Suite
BusinessFlow FireFlow Firewall Analyzer
Security Policy Change Automation
• Process changes 2x-4x faster
• Improve accuracy and accountability
• Ensure continuous compliance and security
SecurityNetwork Operations
26. Business Impact
26
Annual Savings
Reduction in Auditing Expenses $192,000
Reduction in Change Request Processing Time $180,000
Reduction in Troubleshooting Resolution Time $90,000
Extended Lifespan of Hardware $47,500
Total Annual Savings $509,500
3 Year Savings $1,528,500
Sample Organization
• 50 Network Firewalls
• Loaded IT cost - $60/hour
• 2 changes per firewall per month
Generate your own ROI report at AlgoSec.com/ROI
28. Q&A and Next Steps
Download the Security Change
Management ebook @
www.algosec.com/securitychanges_ebook
Calculate your potential ROI @
www.algosec.com/ROI
Evaluate the AlgoSec Security
Management Suite @
www.algosec.com/eval
28
29. Connect with AlgoSec on:
www.AlgoSec.com
Managing Security at the Speed of Business