AlgoSec Platform - Full Demo
Summary
TLDRYitzi Tenenbaum introduces AlgoSec's security management solution, emphasizing its business-driven approach to automate network security policy management across cloud, SDN, and enterprise networks. The demonstration showcases key features like application visibility, risk analysis, compliance assurance, and change automation, highlighting how AlgoSec simplifies security policy management, reduces risk, and ensures continuous compliance with minimal manual intervention.
Takeaways
- đ Algosec provides a business-driven approach to security policy management, aligning security with business processes.
- đ€ The solution automates and orchestrates network security policy management across cloud, SDN, and on-premise networks.
- đ Key features include automatic discovery of application connectivity requirements, visibility across the entire network, and proactive risk analysis.
- đ AppViz offers application visibility, allowing owners and architects to track connectivity status and vulnerability of business applications.
- đĄïž Algosec integrates with leading vulnerability management tools to provide application context and visibility into risks.
- đ The solution supports zero-touch automation for security changes, enhancing efficiency and reducing manual intervention.
- đŠ The automated workflow includes risk checks, policy implementation, and smart validation to ensure secure and efficient changes.
- đ ïž Fireflow is the orchestration tool within Algosec, facilitating intelligent automation and integration with third-party ticketing solutions.
- đ Firewall Analyzer offers reporting, analytics, and infrastructure fundamentals, including risk analysis, policy optimization, and regulatory compliance.
- đ§ The platform supports comprehensive policy management, including optimization, cleanup, and auditing, across diverse network environments.
Q & A
What is AlgoSec's approach to security policy management?
-AlgoSec's approach to security policy management is business-driven, enabling organizations to automatically manage security based on business applications that power their business.
How does AlgoSec's solution automate network security policy management?
-AlgoSec's solution intelligently automates and orchestrates network security policy management across cloud, SDN, and on-premise enterprise networks.
What is AppVids and how does it provide application visibility?
-AppVids is a component of AlgoSec's solution that provides application visibility into an organization's business applications, geared towards application owners and architects, and helps bridge the communication gap between business and IT.
How does AlgoSec help in discovering application connectivity requirements?
-AlgoSec can automatically discover application connectivity requirements by analyzing network traffic data, which can be collected in multiple ways including NetFlow, sFlow, offline client-based sensors, or live packet forwarding.
What is the purpose of the AlgoSec's auto-discovery feature?
-Auto-discovery enables customers to map their organization's business applications and connectivity flows by analyzing network traffic data, simplifying the process of understanding and managing network security policies.
How does AlgoSec assist in managing security changes with zero touch automation?
-AlgoSec's solution automates time-consuming security changes and enhances them with business-relevant context, allowing for zero-touch automation of policy changes across multiple devices without causing outages.
What is the role of FireFlow in AlgoSec's suite of tools?
-FireFlow is the operational glue that ties AlgoSec's suite together, providing end-to-end intelligent orchestration and automation for network security policy management.
How does AlgoSec help in ensuring continuous compliance?
-AlgoSec's solution ensures continuous compliance by automatically pushing changes directly onto devices, automating time-consuming security changes, and providing visibility and management of network security across the entire enterprise network.
What kind of reports does AlgoSec Firewall Analyzer provide?
-AlgoSec Firewall Analyzer provides a wide variety of powerful, actionable reports including risk analysis, policy optimization, troubleshooting, regulatory compliance, and more.
How does AlgoSec's solution support application portability and cloud migrations?
-AlgoSec's solution supports application portability by enabling faster migrations to public or private clouds and micro-segmentation, providing visibility and management of application connectivity flows independent of underlying security policies.
What is the significance of AlgoSec's traffic simulation accuracy?
-AlgoSec's traffic simulation accuracy is significant as it provides a high level of proficiency in the security policy management space, supported by experience in the world's largest networks and a wide range of routing implementations.
Outlines
đ ïž AlgoSec Security Management Solution Overview
Yitzi Tenenbaum introduces the AlgoSec security management solution, emphasizing its unique business-driven approach to policy management. The solution automates network security policy management across various network types, offering features like application discovery, risk analysis, compliance assurance, and policy change automation. The demo will showcase how to use AlgoSec to gain visibility into business applications, manage security policies efficiently, and ensure network security aligns with business processes.
đ AppViz for Application Visibility and Connectivity Management
The paragraph delves into AppViz, a component of AlgoSec that provides visibility into an organization's business applications. It discusses how AppViz can help application owners and architects understand application connectivity, identify vulnerabilities, and manage security risks. The functionality includes traffic simulation, automated architecture diagrams, and the ability to compute changes for maintaining connectivity with new IP addresses, all while integrating with vulnerability management tools for a comprehensive view of application security.
đ FireFlow for Change Automation and Orchestration
FireFlow is presented as the operational backbone of the AlgoSec suite, offering end-to-end automation of network changes. It supports various methods for change request submissions and integrates with third-party ticketing solutions. The paragraph explains the initial planning stage, traffic simulation for understanding device requirements, risk checks to prevent policy risk, and the work order process for translating traffic plans into security policies. FireFlow's ActiveChange technology enables zero-touch automation, allowing for efficient policy implementation across different devices.
đ Firewall Analyzer for Reporting and Analytics
AlgoSec Firewall Analyzer is highlighted for its role in network abstraction and policy analysis. It collects data from firewalls and routers to deliver reports on risk analysis, policy optimization, troubleshooting, and regulatory compliance. The capabilities include a scalable network map for visibility in large networks, traffic simulation for troubleshooting, and detailed analysis of individual devices. The Analyzer also provides actionable insights for policy optimization and regulatory compliance, streamlining the process of maintaining secure network policies.
đ AlgoSec's Unified Network Security Management Capabilities
The final paragraph summarizes AlgoSec's core capabilities, emphasizing its ability to provide unified visibility and management of network security across enterprise networks, both on-premise and in the cloud. It underscores AlgoSec's automation of security change management, risk reduction, and continuous compliance. The speaker invites viewers to explore AlgoSec's website for more information, personal demos, and to learn about additional capabilities and use cases.
Mindmap
Keywords
đĄAlgosec
đĄSecurity Policy Management
đĄBusiness Applications
đĄAppViz
đĄConnectivity Status
đĄVulnerability Management
đĄAuto Discovery
đĄFireflow
đĄRisk Profiles
đĄPolicy Optimization
đĄRegulatory Compliance
đĄActive Change Technology
Highlights
Algosec's security management solution aligns security with business processes through a business-driven approach.
The solution automates network security policy management across cloud, SDN, and on-premise enterprise networks.
Key features of Algosec include automatic discovery of application connectivity requirements and visibility across the network infrastructure.
Proactive risk analysis from a business perspective and ensuring continuous compliance are integral to Algosec's approach.
Algosec enables automatic pushing of changes to devices with zero touch, streamlining security changes.
AppViz provides application visibility for application owners and architects, focusing on business applications.
App Change facilitates top-down change management, bridging the communication gap between business and IT.
Algosec integrates with leading vulnerability management vendors for comprehensive application security.
Auto Discovery maps business applications and connectivity flows by analyzing network traffic data.
Algosec's algorithms create 'thick flows' for easier management and fewer firewall rules.
Application Dashboard offers a window into business application connectivity for owners and architects.
AppViz supports application portability with connectivity divided from underlining security policies.
Algosec's Connectivity Check assists in understanding application connectivity and potential network policy-related outages.
Fireflow provides end-to-end intelligent orchestration and automation within the Algosec suite.
Algosec's Active Change technology enables zero-touch automation for policy implementation on various devices.
Smart Validation serves as an automated peer review, ensuring changes are implemented correctly without human interaction.
Algosec Firewall Analyzer collects log data and configurations for comprehensive reporting and analytics.
Algosec leads in traffic simulation accuracy, supporting a wide range of routing implementations.
Risk Report and Risky Rules provide reactive and proactive methods for viewing and preventing policy risk.
Policy Optimization analytics help identify and action unnecessary or covered rules, streamlining policy management.
Regulatory Compliance Reporting automates compliance efforts for various industry standards, ensuring continuous compliance.
Algosec offers unified visibility and management of network security, automating change management and reducing risk.
Transcripts
hi i'm yitzi tenenbaum and i'm a product
marketing manager
at algosec today i'm going to give you a
demonstration of the algosex security
management solution
security today must align with business
processes
therefore algosex unique business driven
approach to security policy management
enables the world's largest and most
complex organizations
to automatically manage security based
on what matters most
the business applications that power
your business
the algosex security management solution
intelligently automates and orchestrates
network security policy management
across cloud
sdn and on-premise enterprise networks
during today's demo i'll walk you
through some of the key features
of the algosex security management
solution and show you how you can use it
to
automatically discover application
connectivity requirements
and get visibility of security across
your entire network infrastructure
including business applications and
their connectivity flows
proactively analyze and mitigate risk
from the business perspective
and ensure continuous compliance
automatically push
changes directly onto devices all
with zero touch automate time consuming
security changes
and enhance them with business relevant
context
and at the end decommission redundant
security policies without causing
outages to close up security holes in
your network perimeter
now let's move on to the demo and i'll
show you how it all works
let's begin our demonstration with
appvids
appvids provides application visibility
into the organization's business
applications
geared towards the application owners
and application architects of the world
app change will then allow us to drive
change from the business downwards
and bridge the communication gap that
exists between business
and i.t in the center of the homepage
i'm provided high-level matrix
around those applications i can
understand
how the applications i own are changing
over time
i'm presented with applications by
connectivity status
representing which applications can and
cannot
correctly function from a layer 3
standpoint potentially indicating an
application availability issue
additionally i can see the most
vulnerable applications which i own
based on vulnerability scan data
collected from qualis
nessus rapid7 or tenable
appviz integrates with the leading
vulnerability management vendors
to provide business application contacts
to vulnerability data for application
owners
to provide the application intelligence
and visibility we first need to discover
all the application flows in the network
we can do this in multiple ways either
by receiving the flows from application
discovery solutions
such as cisco titration uploading them
from a csv
file or using algosec auto discovery
auto discovery enables customers to map
their organization's business
applications and connectivity flows
by analyzing network traffic data there
are multiple ways to collect the
required network traffic information
including netflow s flow offline
client-based sensors or live packet
forwarding
in this network topology view we can see
all the discovered endpoints and the
relationships across the entire
environment
you can quickly identify and focus on
any endpoint of interest
to view all of its discovered
connectivity flows if desired
algosex innovative algorithms create
thick flows out of multiple connections
these thick flows are easier to read and
manage
and it allows us to eventually create a
few critical rules on the firewalls
instead of hundreds of rules
adding so many rules can crash the
fireworld and make it difficult to
manage
by clicking on applications on the
appvids homepage i'm presented with a
list of business applications previously
discovered
here i can see all business applications
i have visibility to
including their connectivity health
indicated in red
green or gray during today's
demonstration let's focus on a specific
business application
crm the application dashboard is
designed to provide a window into
business application connectivity
for application owners and architects
the details and structure of the
application dashboard is very similar to
application architecture documents your
organization may create manually today
here we can see all the general
information around the crm application
including business criticality
expiration information
business unit as well as any other
customized metadata you might wish to
capture
apis provides a robust labeling
infrastructure which allows filtering
and reporting on business applications
with the states containing thousands of
business applications
finally we can quickly understand the
relevant business context
for this business application
the flow section contains all
connectivity flows this application
requires to function on the network
connectivity flows are defined using
objects within
appvids allowing application
connectivity to be divided from
underlining security policies supporting
them
across the network this supports
application portability
enabling faster migrations to the public
or private clouds and micro segmentation
algo set connectivity check assists our
customers in providing their application
owners a self-serve portal
for understanding their application
connectivity
application owners can quickly identify
network policy related outages
while network engineers leverage this
capability to quickly restore
availability
by clicking connectivity for a specific
flow we are presented with the results
of algosex traffic simulation
underpinning this particular flow for
this flow we can see it supported by
traffic
routed from the internet through the
data center
filtered by a checkpoint and a juniper
device and path
scrolling further down we can see the
relevant viral policy
allowing traffic on each device this
answers the age-old question
which firewall rule is supporting my
business application
in the next section appvids provides an
automated application architecture
diagram
outlining all application endpoints
their relationships and zones
the arrows between endpoints indicate
the connectivity flows
their health and directionality the
diagram will also show for each
application
which network zone it's associated with
for example
part of the crm application is hosted in
the pci zone
moving forward into the vulnerability
and risks section
we begin to see how appvids allows
application owners to gain visibility to
and own the risk their applications
introduce into environments
today in most organizations network and
security teams
unknowingly own the risks introduced by
security policy changes
appviz allows application owners their
own tailored view
into the risks which their applications
introduce
allowing a clearer understanding and
informed remediation efforts
for example if this application now
connects to a new database
once that database is added and scanned
and if it's found to be vulnerable
it's going to affect my security rating
for the application
here we can see that appvids provides a
holistic security rating for the
business application
and the specific endpoints it utilizes
to function
based on the data collected from the
vulnerability management tooling
often undefined network space within
vulnerability management tooling creates
unquantified risk by simply not allowing
successful scans
appviz also provides a listing of
unscanned servers
these are endpoints which crm requires
to function however no
scanned data was available which amounts
to unquantified risk in the environment
the risks section utilizes algosec risk
profiles to allow application owners to
understand
how their application connectivity flows
overlap with device security policies
which violate
corporate governance in this example
we see connectivity flow is violating
infosec policy and allowing traffic
into the pci zone which is a clear
violation of any corporate network
security standard
this view will allow application owners
to understand the risk their application
is introducing to the network
let's use our app vis functionality to
see how application owners can manage
connectivity requirements for their
applications
for this demonstration let's say the
application owner needs to provision
connectivity
to a time clock server in aws
appvis will automatically compute all
the changes you need to make to the
network infrastructure to
maintain the existing connectivity but
with this new ip address
we can see here that app is open to
change requests that will now be routed
for approval
per the organization's workflow and
processes for handling changes
all of this with no manual reviewing of
excel spreadsheets
no need to pass it to senior network
engineers all of this complexity
is handled under the hood by appviz
we'll now continue with this ticket in
the algosec change automation workflow
fireflow fireflow
is the operational glue that ties the
suite together
providing end-to-end intelligent
orchestration and automation
within this workflow is where algosec
adds unique
intelligence which you'll see during
this demonstration
we've just seen a submission of a change
request via direct integration with
appvids
fireflow also exposes request templates
for web-based submission
industry-leading rich apis allowing for
third-party integration
and email xls parsing abilities to
handle bulk submissions
traditionally the majority of algosec
customers will integrate fireflow with a
third-party ticketing solution
such as servicenow or remedy to avoid
duplicate submission efforts
regardless of which change request
submission method is used
all requests first pass through the
initial planning stage
the purpose of the initial plan is to
automate a significant
portion of work effort associated with a
network analyst planning a change
request
we can observe that fireflow has
automatically detected a change request
is required on a checkpoint device
a juniper device and an aws security
group in the cloud
if a network analyst processing a change
request wishes to understand
how algosec has selected devices
requiring a change
they can review the results by clicking
find out why
utilizing algosex traffic simulation
functionality we've seen earlier
the analysts can learn what are the
devices and paths that require change to
allow
traffic to flow freely between two ips
we can see that the requested traffic is
actually permitted
through the cisco nexus core switches in
the data center and blocked by all
devices onward
including the aws security group in the
cloud
algosec's built-in already works check
automatically closes
changes where connectivity is already
functioning in your environment
on all devices and paths this reduces
processing of unnecessary changes
and eliminates potential for policy
bloat on devices
typically large customers see 15 to 20
percent of changes
close as already work this creates a
tangible portion of the algosic fireflow
roi
by clicking on confirm devices we'll
move to the next intelligent automation
step
the risk check the risk check
enables our customers to proactively
prevent net new policy risk from
entering the environment
the risk check automatically compares
the traffic plan for implementation
against the defined algosec risk profile
defined to the chosen devices
risk profiles which support the risk
check can be tailored to your
organization's specific network security
guidance
allowing for infinite combinations of
requirement security governance
we can see for example in this case that
we have a high level risk
where unauthorized traffic is allowed
into the pci zone
and a low level risk where ftp traffic
is entering the network
in reality we likely wouldn't approve
such a risky change
but for the sake of this demonstration
we'll click approve and continue to the
next intelligent step
the work order the work order is where
algosec fireflow begins to translate our
requested traffic
into security policies to be implemented
on devices
the work order aims to design the most
efficient method of implementing
policies
this may involve reuse of existing
objects modification of existing rules
or creating new rules or objects
this logic maintains the overall policy
optimization integrity of the security
policy
by reusing existing objects and even
opting for rule modifications were
possible
all the while while maintaining least
privileged access
as we now have a defined policy to be
implemented on devices
algosec active change technology can
take over
and implement these policies on devices
requiring a change
activechange technology is unique to
algosec and allows us to provide
end-to-end zero-touch automation
customers can choose to stage or fully
commit policy to devices
depending on their comfort levels and
goals for automation
a single action can implement policy
across multiple devices
which may be entirely different brands
of devices
active change can also be configured to
push policy during a specific device
change window if desired
now the policies have been implemented
on devices we can move
into smart validation smart validation
should be thought of as
automated peer review allowing
implementation engineers to be confident
changes are implemented
and the business can proceed without
delay under normal circumstances
smart validation occurs entirely without
human interaction
and implementation engineers are
notified if an issue occurs
this information can quickly allow an
implementation engineer to make the
necessary corrections
before the change window ends driving
change for the business
faster by clicking resolve the change
request is now completed
and audible in fireflow algosex
automated change process
saves customers time and eliminates
human error
each step in the workflow can be done
manually or automatically
many algoset customers choose to adopt
the zero touch
strategy algosec zero touch
functionality
allows any intelligent step in the
workflow to occur without human
interaction
drastically speeding up change delivery
to business owners
for example if your organization is
processing 100 requests per week
it makes more sense to deeply assess the
10 percent which introduce tangible risk
versus all 100 requests less thoroughly
the risk check can be zero touched
enabled
to automatically move changes forward
which introduce no tangible risk
this concludes and rounds out the entire
security policy lifecycle
let's move into firewall analyzer to
discuss the reporting
analytics and infrastructure
fundamentals
algosec firewall analyzer is a network
abstraction
and policy analysis component of the
algosex security management solution
it reaches out to all your firewalls
routers
and network infrastructure and collects
log data configuration
and routing information to deliver all
of the suites reporting and analytics
algostec firewall analyzer provides a
wide variety of powerful
actionable reports including risk
analysis policy optimization
troubleshooting regulatory compliance
and many more
let's start by diving into algosex
network topology intelligence
algosec's superscalable network map
based on html5
automatically compresses
interconnections allowing clear
visibility
even in network topologies exceeding 30
000 nodes
algosec is a leader in traffic
simulation accuracy
within the security policy management
space this proficiency comes through
experience in the world's largest
networks
and support for wide range of routing
implementations
such as mpls multi-hop bgp
nat l2 transparent devices vrfs and many
others
the same traffic simulations which
underpin fireflow app vis
and app change automation capabilities
can run ad hoc within algosec firewall
analyzer
traffic simulation can quickly be used
to drive troubleshooting during network
connectivity issues
enabling network analysts to determine
it's not the firewall
in this example of a traffic simulation
we can observe
traffic passing from the data center
into the azure cloud
through a cisco router we can also
understand that a security group in
azure is blocking this traffic
this information can help us accelerate
cloud migrations and troubleshooting
when working on cloud migrations
let's continue our demonstration by
reviewing a specific analysis for a
unique device
in this case a palo alto networks
firewall
although the analysis is normalized and
provides identical analytics across all
supported vendors
algosec provides point-in-time analysis
of devices
enabling thorough visibility to a number
of aspects of the security policy
the homepage of each analysis provides a
high-level overview of all the available
data including security ratings
changes compliance optimization and more
the first analysis section with tangible
analytics
is a risk section while fireflow aims to
proactively prevent risk
the risk report is a reactive method of
viewing risk introduced by the firewall
policy today
based on the defined risk profile i can
drill down on any specific risk to
understand the details
and exposure and drill deeper into the
firewall policy creating this risk
risky rules provide an alternative
method of viewing device risk and
vulnerabilities
enabling you to understand the risk and
vulnerabilities each particular policy
introduces
algosec integrates with vulnerability
scanners to present the vulnerabilities
associated with each risky rule
for example we can see that this
particular rule introduces these
specific risks and a set of
vulnerabilities that correlate to this
specific risky rule
simply by the nature of algosex
visibility to devices
we create an audit trail capturing all
changes to rules
objects topology and more
continuing forward we have the policy
optimization section
the majority of algosec customers spend
a significant amount of time
reviewing policy optimization purely
because of the amount of analytics
available
algosec provides all industry standard
policy optimization opportunities
including covered rules unused rules
consolidation opportunities
and more while it's valuable to provide
policy optimization analytics
making these results actionable allows
organizations to quickly realize cleanup
efforts
algosec leads the industry by allowing
policy optimization reporting to be
actioned automatically
significantly speeding up any policy
cleanup effort
simply by choosing policies eligible for
cleanup and clicking disable
i can automatically create a rule
removal request in algosec fireflow
to remove policies in a controlled
automated and audible manner
algosec provides a wide variety of
regulatory compliance reporting
automating efforts which are typically
performed by outside consultants or
internal auditors with the click of a
button
algosec automatically generates
regulatory compliance for all leading
industry standards including pci
sox iso 2700 gdpr
and many more each regulatory compliance
report provides a standard pass
fail report card view covering each
specific requirement for the regulation
to ensure continuous compliance
finally baseline compliance performs os
level configuration compliance auditing
which can be tailored to your
organization's specific platform
security standards
baseline compliance also provides a pass
fail report card view
for each defined compliance check
scrolling further down through the
report
we can drill into a specific technical
criteria
for each test and rationale for any
compliance failure
this demo highlighted just a few of
algosec's core capabilities which enable
you to address a multitude of business
challenges
to summarize algoset gives you unified
visibility and management of network
security
across the entire enterprise network on
premise and in the cloud
algosec also enables you to automate
security change management
reduce risk and ensure continuous
compliance if you want to expand more in
one of the topics we discussed today
or learn about other algosec
capabilities and use cases
visit algosec.com and schedule a live
personal demo
today thank you so much for tuning in
Voir Plus de Vidéos Connexes
SDN, SD-WAN, & SD-Access Simplified... Seriously!
How AI is Revolutionizing Finance and Accounting
AI Revolutionizing Governance, Risk, and Compliance (GRC) in the Modern World | Cyber Security
Tackling the legacy application challenge
CompTIA Security+ SY0-701 Course - 5.3 Explain the Processes Associated with Third-Prty Risk.
Modul III Compliance & Control
5.0 / 5 (0 votes)