AlgoSec Platform - Full Demo

00:00

hi i'm yitzi tenenbaum and i'm a product

00:02

marketing manager

00:03

at algosec today i'm going to give you a

00:06

demonstration of the algosex security

00:08

management solution

00:11

security today must align with business

00:13

processes

00:15

therefore algosex unique business driven

00:17

approach to security policy management

00:19

enables the world's largest and most

00:21

complex organizations

00:24

to automatically manage security based

00:26

on what matters most

00:28

the business applications that power

00:29

your business

00:31

the algosex security management solution

00:33

intelligently automates and orchestrates

00:36

network security policy management

00:38

across cloud

00:40

sdn and on-premise enterprise networks

00:44

during today's demo i'll walk you

00:46

through some of the key features

00:47

of the algosex security management

00:49

solution and show you how you can use it

00:51

to

00:52

automatically discover application

00:53

connectivity requirements

00:55

and get visibility of security across

00:57

your entire network infrastructure

00:59

including business applications and

01:01

their connectivity flows

01:02

proactively analyze and mitigate risk

01:05

from the business perspective

01:06

and ensure continuous compliance

01:09

automatically push

01:10

changes directly onto devices all

01:13

with zero touch automate time consuming

01:16

security changes

01:18

and enhance them with business relevant

01:20

context

01:22

and at the end decommission redundant

01:24

security policies without causing

01:26

outages to close up security holes in

01:28

your network perimeter

01:30

now let's move on to the demo and i'll

01:31

show you how it all works

01:34

let's begin our demonstration with

01:36

appvids

01:38

appvids provides application visibility

01:40

into the organization's business

01:41

applications

01:43

geared towards the application owners

01:45

and application architects of the world

01:48

app change will then allow us to drive

01:49

change from the business downwards

01:52

and bridge the communication gap that

01:54

exists between business

01:55

and i.t in the center of the homepage

01:58

i'm provided high-level matrix

02:00

around those applications i can

02:02

understand

02:03

how the applications i own are changing

02:05

over time

02:07

i'm presented with applications by

02:08

connectivity status

02:10

representing which applications can and

02:12

cannot

02:13

correctly function from a layer 3

02:15

standpoint potentially indicating an

02:17

application availability issue

02:20

additionally i can see the most

02:21

vulnerable applications which i own

02:24

based on vulnerability scan data

02:25

collected from qualis

02:27

nessus rapid7 or tenable

02:30

appviz integrates with the leading

02:31

vulnerability management vendors

02:33

to provide business application contacts

02:36

to vulnerability data for application

02:38

owners

02:40

to provide the application intelligence

02:41

and visibility we first need to discover

02:44

all the application flows in the network

02:47

we can do this in multiple ways either

02:49

by receiving the flows from application

02:50

discovery solutions

02:52

such as cisco titration uploading them

02:55

from a csv

02:56

file or using algosec auto discovery

03:01

auto discovery enables customers to map

03:03

their organization's business

03:04

applications and connectivity flows

03:07

by analyzing network traffic data there

03:10

are multiple ways to collect the

03:11

required network traffic information

03:13

including netflow s flow offline

03:17

client-based sensors or live packet

03:20

forwarding

03:22

in this network topology view we can see

03:24

all the discovered endpoints and the

03:26

relationships across the entire

03:28

environment

03:29

you can quickly identify and focus on

03:31

any endpoint of interest

03:33

to view all of its discovered

03:34

connectivity flows if desired

03:38

algosex innovative algorithms create

03:41

thick flows out of multiple connections

03:44

these thick flows are easier to read and

03:46

manage

03:47

and it allows us to eventually create a

03:49

few critical rules on the firewalls

03:51

instead of hundreds of rules

03:53

adding so many rules can crash the

03:54

fireworld and make it difficult to

03:56

manage

03:57

by clicking on applications on the

03:59

appvids homepage i'm presented with a

04:01

list of business applications previously

04:03

discovered

04:05

here i can see all business applications

04:07

i have visibility to

04:08

including their connectivity health

04:10

indicated in red

04:11

green or gray during today's

04:14

demonstration let's focus on a specific

04:16

business application

04:18

crm the application dashboard is

04:22

designed to provide a window into

04:23

business application connectivity

04:25

for application owners and architects

04:28

the details and structure of the

04:30

application dashboard is very similar to

04:32

application architecture documents your

04:34

organization may create manually today

04:38

here we can see all the general

04:39

information around the crm application

04:42

including business criticality

04:44

expiration information

04:46

business unit as well as any other

04:48

customized metadata you might wish to

04:50

capture

04:52

apis provides a robust labeling

04:54

infrastructure which allows filtering

04:56

and reporting on business applications

04:58

with the states containing thousands of

05:00

business applications

05:02

finally we can quickly understand the

05:04

relevant business context

05:06

for this business application

05:10

the flow section contains all

05:11

connectivity flows this application

05:13

requires to function on the network

05:16

connectivity flows are defined using

05:19

objects within

05:20

appvids allowing application

05:22

connectivity to be divided from

05:23

underlining security policies supporting

05:26

them

05:26

across the network this supports

05:28

application portability

05:30

enabling faster migrations to the public

05:32

or private clouds and micro segmentation

05:36

algo set connectivity check assists our

05:38

customers in providing their application

05:40

owners a self-serve portal

05:42

for understanding their application

05:43

connectivity

05:45

application owners can quickly identify

05:48

network policy related outages

05:50

while network engineers leverage this

05:51

capability to quickly restore

05:53

availability

05:55

by clicking connectivity for a specific

05:56

flow we are presented with the results

05:58

of algosex traffic simulation

06:01

underpinning this particular flow for

06:03

this flow we can see it supported by

06:05

traffic

06:06

routed from the internet through the

06:08

data center

06:09

filtered by a checkpoint and a juniper

06:11

device and path

06:13

scrolling further down we can see the

06:15

relevant viral policy

06:17

allowing traffic on each device this

06:20

answers the age-old question

06:22

which firewall rule is supporting my

06:24

business application

06:27

in the next section appvids provides an

06:29

automated application architecture

06:31

diagram

06:33

outlining all application endpoints

06:35

their relationships and zones

06:38

the arrows between endpoints indicate

06:40

the connectivity flows

06:41

their health and directionality the

06:44

diagram will also show for each

06:46

application

06:47

which network zone it's associated with

06:50

for example

06:51

part of the crm application is hosted in

06:53

the pci zone

06:56

moving forward into the vulnerability

06:58

and risks section

06:59

we begin to see how appvids allows

07:01

application owners to gain visibility to

07:04

and own the risk their applications

07:06

introduce into environments

07:08

today in most organizations network and

07:10

security teams

07:11

unknowingly own the risks introduced by

07:14

security policy changes

07:16

appviz allows application owners their

07:18

own tailored view

07:19

into the risks which their applications

07:21

introduce

07:22

allowing a clearer understanding and

07:24

informed remediation efforts

07:27

for example if this application now

07:29

connects to a new database

07:31

once that database is added and scanned

07:34

and if it's found to be vulnerable

07:36

it's going to affect my security rating

07:37

for the application

07:40

here we can see that appvids provides a

07:42

holistic security rating for the

07:43

business application

07:44

and the specific endpoints it utilizes

07:46

to function

07:47

based on the data collected from the

07:49

vulnerability management tooling

07:52

often undefined network space within

07:54

vulnerability management tooling creates

07:56

unquantified risk by simply not allowing

07:59

successful scans

08:01

appviz also provides a listing of

08:03

unscanned servers

08:04

these are endpoints which crm requires

08:06

to function however no

08:08

scanned data was available which amounts

08:10

to unquantified risk in the environment

08:15

the risks section utilizes algosec risk

08:18

profiles to allow application owners to

08:21

understand

08:22

how their application connectivity flows

08:24

overlap with device security policies

08:27

which violate

08:27

corporate governance in this example

08:30

we see connectivity flow is violating

08:33

infosec policy and allowing traffic

08:35

into the pci zone which is a clear

08:37

violation of any corporate network

08:39

security standard

08:40

this view will allow application owners

08:42

to understand the risk their application

08:44

is introducing to the network

08:47

let's use our app vis functionality to

08:50

see how application owners can manage

08:52

connectivity requirements for their

08:53

applications

08:55

for this demonstration let's say the

08:57

application owner needs to provision

08:59

connectivity

09:00

to a time clock server in aws

09:03

appvis will automatically compute all

09:05

the changes you need to make to the

09:06

network infrastructure to

09:08

maintain the existing connectivity but

09:10

with this new ip address

09:11

we can see here that app is open to

09:13

change requests that will now be routed

09:15

for approval

09:16

per the organization's workflow and

09:17

processes for handling changes

09:20

all of this with no manual reviewing of

09:22

excel spreadsheets

09:23

no need to pass it to senior network

09:25

engineers all of this complexity

09:27

is handled under the hood by appviz

09:30

we'll now continue with this ticket in

09:32

the algosec change automation workflow

09:35

fireflow fireflow

09:38

is the operational glue that ties the

09:40

suite together

09:41

providing end-to-end intelligent

09:43

orchestration and automation

09:45

within this workflow is where algosec

09:48

adds unique

09:49

intelligence which you'll see during

09:50

this demonstration

09:52

we've just seen a submission of a change

09:54

request via direct integration with

09:56

appvids

09:57

fireflow also exposes request templates

10:00

for web-based submission

10:01

industry-leading rich apis allowing for

10:04

third-party integration

10:05

and email xls parsing abilities to

10:08

handle bulk submissions

10:10

traditionally the majority of algosec

10:12

customers will integrate fireflow with a

10:14

third-party ticketing solution

10:16

such as servicenow or remedy to avoid

10:18

duplicate submission efforts

10:21

regardless of which change request

10:23

submission method is used

10:24

all requests first pass through the

10:26

initial planning stage

10:28

the purpose of the initial plan is to

10:30

automate a significant

10:32

portion of work effort associated with a

10:34

network analyst planning a change

10:35

request

10:36

we can observe that fireflow has

10:38

automatically detected a change request

10:40

is required on a checkpoint device

10:42

a juniper device and an aws security

10:45

group in the cloud

10:47

if a network analyst processing a change

10:49

request wishes to understand

10:51

how algosec has selected devices

10:53

requiring a change

10:54

they can review the results by clicking

10:56

find out why

10:59

utilizing algosex traffic simulation

11:01

functionality we've seen earlier

11:03

the analysts can learn what are the

11:05

devices and paths that require change to

11:07

allow

11:08

traffic to flow freely between two ips

11:12

we can see that the requested traffic is

11:14

actually permitted

11:15

through the cisco nexus core switches in

11:17

the data center and blocked by all

11:19

devices onward

11:20

including the aws security group in the

11:22

cloud

11:24

algosec's built-in already works check

11:26

automatically closes

11:28

changes where connectivity is already

11:29

functioning in your environment

11:31

on all devices and paths this reduces

11:34

processing of unnecessary changes

11:36

and eliminates potential for policy

11:38

bloat on devices

11:40

typically large customers see 15 to 20

11:43

percent of changes

11:44

close as already work this creates a

11:47

tangible portion of the algosic fireflow

11:49

roi

11:51

by clicking on confirm devices we'll

11:53

move to the next intelligent automation

11:55

step

11:56

the risk check the risk check

11:59

enables our customers to proactively

12:01

prevent net new policy risk from

12:03

entering the environment

12:05

the risk check automatically compares

12:07

the traffic plan for implementation

12:09

against the defined algosec risk profile

12:12

defined to the chosen devices

12:14

risk profiles which support the risk

12:16

check can be tailored to your

12:18

organization's specific network security

12:20

guidance

12:21

allowing for infinite combinations of

12:23

requirement security governance

12:26

we can see for example in this case that

12:29

we have a high level risk

12:30

where unauthorized traffic is allowed

12:33

into the pci zone

12:34

and a low level risk where ftp traffic

12:37

is entering the network

12:39

in reality we likely wouldn't approve

12:41

such a risky change

12:43

but for the sake of this demonstration

12:45

we'll click approve and continue to the

12:46

next intelligent step

12:48

the work order the work order is where

12:52

algosec fireflow begins to translate our

12:55

requested traffic

12:56

into security policies to be implemented

12:58

on devices

13:00

the work order aims to design the most

13:02

efficient method of implementing

13:04

policies

13:05

this may involve reuse of existing

13:07

objects modification of existing rules

13:09

or creating new rules or objects

13:12

this logic maintains the overall policy

13:14

optimization integrity of the security

13:16

policy

13:17

by reusing existing objects and even

13:19

opting for rule modifications were

13:21

possible

13:22

all the while while maintaining least

13:24

privileged access

13:27

as we now have a defined policy to be

13:29

implemented on devices

13:31

algosec active change technology can

13:33

take over

13:34

and implement these policies on devices

13:36

requiring a change

13:39

activechange technology is unique to

13:41

algosec and allows us to provide

13:42

end-to-end zero-touch automation

13:45

customers can choose to stage or fully

13:47

commit policy to devices

13:49

depending on their comfort levels and

13:51

goals for automation

13:53

a single action can implement policy

13:55

across multiple devices

13:58

which may be entirely different brands

13:59

of devices

14:01

active change can also be configured to

14:03

push policy during a specific device

14:05

change window if desired

14:07

now the policies have been implemented

14:09

on devices we can move

14:11

into smart validation smart validation

14:14

should be thought of as

14:16

automated peer review allowing

14:18

implementation engineers to be confident

14:20

changes are implemented

14:22

and the business can proceed without

14:23

delay under normal circumstances

14:26

smart validation occurs entirely without

14:29

human interaction

14:30

and implementation engineers are

14:31

notified if an issue occurs

14:34

this information can quickly allow an

14:36

implementation engineer to make the

14:37

necessary corrections

14:39

before the change window ends driving

14:41

change for the business

14:42

faster by clicking resolve the change

14:46

request is now completed

14:47

and audible in fireflow algosex

14:51

automated change process

14:52

saves customers time and eliminates

14:54

human error

14:55

each step in the workflow can be done

14:57

manually or automatically

15:00

many algoset customers choose to adopt

15:02

the zero touch

15:03

strategy algosec zero touch

15:05

functionality

15:06

allows any intelligent step in the

15:08

workflow to occur without human

15:10

interaction

15:11

drastically speeding up change delivery

15:13

to business owners

15:15

for example if your organization is

15:17

processing 100 requests per week

15:19

it makes more sense to deeply assess the

15:21

10 percent which introduce tangible risk

15:24

versus all 100 requests less thoroughly

15:27

the risk check can be zero touched

15:29

enabled

15:30

to automatically move changes forward

15:32

which introduce no tangible risk

15:35

this concludes and rounds out the entire

15:37

security policy lifecycle

15:40

let's move into firewall analyzer to

15:42

discuss the reporting

15:43

analytics and infrastructure

15:45

fundamentals

15:47

algosec firewall analyzer is a network

15:50

abstraction

15:50

and policy analysis component of the

15:53

algosex security management solution

15:56

it reaches out to all your firewalls

15:58

routers

15:59

and network infrastructure and collects

16:01

log data configuration

16:02

and routing information to deliver all

16:05

of the suites reporting and analytics

16:08

algostec firewall analyzer provides a

16:10

wide variety of powerful

16:11

actionable reports including risk

16:13

analysis policy optimization

16:16

troubleshooting regulatory compliance

16:18

and many more

16:20

let's start by diving into algosex

16:22

network topology intelligence

16:25

algosec's superscalable network map

16:28

based on html5

16:29

automatically compresses

16:31

interconnections allowing clear

16:33

visibility

16:33

even in network topologies exceeding 30

16:36

000 nodes

16:37

algosec is a leader in traffic

16:39

simulation accuracy

16:40

within the security policy management

16:42

space this proficiency comes through

16:45

experience in the world's largest

16:47

networks

16:47

and support for wide range of routing

16:49

implementations

16:50

such as mpls multi-hop bgp

16:54

nat l2 transparent devices vrfs and many

16:58

others

17:00

the same traffic simulations which

17:01

underpin fireflow app vis

17:03

and app change automation capabilities

17:06

can run ad hoc within algosec firewall

17:08

analyzer

17:09

traffic simulation can quickly be used

17:11

to drive troubleshooting during network

17:12

connectivity issues

17:14

enabling network analysts to determine

17:17

it's not the firewall

17:24

in this example of a traffic simulation

17:26

we can observe

17:27

traffic passing from the data center

17:29

into the azure cloud

17:30

through a cisco router we can also

17:33

understand that a security group in

17:35

azure is blocking this traffic

17:38

this information can help us accelerate

17:40

cloud migrations and troubleshooting

17:41

when working on cloud migrations

17:44

let's continue our demonstration by

17:46

reviewing a specific analysis for a

17:48

unique device

17:49

in this case a palo alto networks

17:51

firewall

17:53

although the analysis is normalized and

17:55

provides identical analytics across all

17:57

supported vendors

17:59

algosec provides point-in-time analysis

18:02

of devices

18:02

enabling thorough visibility to a number

18:04

of aspects of the security policy

18:07

the homepage of each analysis provides a

18:09

high-level overview of all the available

18:11

data including security ratings

18:14

changes compliance optimization and more

18:18

the first analysis section with tangible

18:20

analytics

18:21

is a risk section while fireflow aims to

18:24

proactively prevent risk

18:26

the risk report is a reactive method of

18:28

viewing risk introduced by the firewall

18:30

policy today

18:32

based on the defined risk profile i can

18:35

drill down on any specific risk to

18:37

understand the details

18:38

and exposure and drill deeper into the

18:40

firewall policy creating this risk

18:43

risky rules provide an alternative

18:45

method of viewing device risk and

18:47

vulnerabilities

18:48

enabling you to understand the risk and

18:50

vulnerabilities each particular policy

18:52

introduces

18:54

algosec integrates with vulnerability

18:56

scanners to present the vulnerabilities

18:58

associated with each risky rule

19:00

for example we can see that this

19:02

particular rule introduces these

19:04

specific risks and a set of

19:05

vulnerabilities that correlate to this

19:07

specific risky rule

19:10

simply by the nature of algosex

19:12

visibility to devices

19:13

we create an audit trail capturing all

19:16

changes to rules

19:17

objects topology and more

19:20

continuing forward we have the policy

19:22

optimization section

19:24

the majority of algosec customers spend

19:26

a significant amount of time

19:28

reviewing policy optimization purely

19:30

because of the amount of analytics

19:31

available

19:33

algosec provides all industry standard

19:35

policy optimization opportunities

19:37

including covered rules unused rules

19:40

consolidation opportunities

19:41

and more while it's valuable to provide

19:44

policy optimization analytics

19:46

making these results actionable allows

19:49

organizations to quickly realize cleanup

19:51

efforts

19:52

algosec leads the industry by allowing

19:54

policy optimization reporting to be

19:56

actioned automatically

19:58

significantly speeding up any policy

20:00

cleanup effort

20:02

simply by choosing policies eligible for

20:04

cleanup and clicking disable

20:06

i can automatically create a rule

20:08

removal request in algosec fireflow

20:10

to remove policies in a controlled

20:13

automated and audible manner

20:16

algosec provides a wide variety of

20:18

regulatory compliance reporting

20:20

automating efforts which are typically

20:22

performed by outside consultants or

20:24

internal auditors with the click of a

20:26

button

20:27

algosec automatically generates

20:29

regulatory compliance for all leading

20:31

industry standards including pci

20:34

sox iso 2700 gdpr

20:37

and many more each regulatory compliance

20:40

report provides a standard pass

20:42

fail report card view covering each

20:44

specific requirement for the regulation

20:47

to ensure continuous compliance

20:50

finally baseline compliance performs os

20:53

level configuration compliance auditing

20:56

which can be tailored to your

20:57

organization's specific platform

20:58

security standards

21:00

baseline compliance also provides a pass

21:03

fail report card view

21:04

for each defined compliance check

21:07

scrolling further down through the

21:08

report

21:09

we can drill into a specific technical

21:11

criteria

21:12

for each test and rationale for any

21:14

compliance failure

21:18

this demo highlighted just a few of

21:20

algosec's core capabilities which enable

21:22

you to address a multitude of business

21:24

challenges

21:26

to summarize algoset gives you unified

21:28

visibility and management of network

21:30

security

21:31

across the entire enterprise network on

21:34

premise and in the cloud

21:36

algosec also enables you to automate

21:38

security change management

21:40

reduce risk and ensure continuous

21:42

compliance if you want to expand more in

21:45

one of the topics we discussed today

21:47

or learn about other algosec

21:48

capabilities and use cases

21:50

visit algosec.com and schedule a live

21:53

personal demo

21:54

today thank you so much for tuning in