Avishai Wool, Ph.D. AlgoSec CTO & Co-Founder. AlgoSec Inc. 1

Transcription

1 Gérer vos pare-feux dans une architecture segmentée, conserver un niveau de conformité et remédier aux risques liés aux évolutions des politiques de sécurité Avishai Wool, Ph.D. AlgoSec CTO & Co-Founder AlgoSec Inc. 1

2 Managing your firewalls in a segmented architecture, maintaining compliance, and remediating risks related to evolving security policies (Translation based on BabelFish ) AlgoSec Inc. 2

3 Agenda Background AlgoSec Firewall Analyzer Firewall operations efficiency Enhance security and compliance through automation Improve firewall performance, stretch device lifespan AlgoSec FireFlow Change Workflow Automation Live demo AlgoSec Inc. 3

4 Background: Firewalls become Overgrown Firewall configurations become overgrown over the years: Constant rate of rule changes (dozens of changes per week!) Multiple administrators, staff turnover, outsourcing Examples we ve seen: Check Point Firewall with 200-1,500 rules and 1,000-20,000 objects PIX configuration with ,000 lines Challenges: Industry statistics: 20-30% of firewall rule changes are not needed! Extend the lifespan of devices in use AlgoSec Inc. 4

5 Complexity Leads to Problems Performance and management problems Firewall slows down may become a bottleneck Hardware size limitations may need bigger hardware Slow and cumbersome management interface Hard to manage and time consuming Security risks: A survey of the firewall policies of 30 US-based large corporations suggest that all complex policies are exposed to serious risk. Rule-base complexity = Rules + Objects + (Interfaces) **2 AlgoSec Inc. 5

6 Requirements for Security Management Cost Saving Governance by Intelligent Automation of AlgoSec Inc. 6

7 About AlgoSec The established leader of Firewall, Router & VPN Policy Lifecycle Management Hi-Tech Over 300 customers; 5 Patents pending Our prosperity is driven by 100% customer satisfaction Telecom Energy Financial Automotives Commercial Big-4 4 Auditing Firms Government Transportation AlgoSec Inc. Confidential 7

8 AlgoSec Products AlgoSec Firewall Analyzer (AFA) Intelligent Analysis for Network Security Challenge: Manual firewall policy analysis is error-prone,expensive and time consuming Unique firewall & topology simulation allows: Operational efficiency Cleanup Performance optimization Audit-ready compliance reports Risk analysis & metrics Change monitoring Challenge: 20-30% rule changes unneeded 2-8% changes done wrong Lack of accountability FireFlow Intelligent Workflow for Network Security Unique firewall & topology aware workflow allows: Auto plan Auto validate Governance Operational efficiency Auto-document activities Integrates with existing systems AlgoSec Inc. Confidential 8

9 AlgoSec Solution Brief The AlgoSec Firewall Analyzer is the established leading solution for: Firewall, router and VPN operations and change management Risk management, security compliance, audit Policy optimization and configuration cleanup It is a comprehensive, scalable, non-intrusive, easy-to-deploy and use, and supports all versions of the major firewall platforms in the enterprise market: PIX FWSM ASA IOS Router ACLs ScreenOS NSM Virtual Router Virtual System Sun Solaris Linux Win-NT Nokia SecurePlatform Alteon NSF Provider-1 SmartCenter Crossbeam OPSEC integration The AlgoSec solution provides unmatched visibility, analysis and intelligence into an organization's firewall policies. AlgoSec Inc. 9

10 AFA How does it work? Real-time Monitoring track changes Data Collection Rule Base, Log and Routing Table Analysis Non intrusive, offline analysis Single Firewall, group of firewalls or hierarchically connected firewalls (matrix) Analyze the traffic, not just the rules text Patented 5-dimentional algorithms calculate how the firewall will respond to every potential packet it may encounter Knowledge Base Compare the policy to built-in industry best practices AlgoSec Inc. 10

11 AFA Solution: Network Operations Efficiency Improve manageability and security: track policy changes - in realtime Track the 5 W s: What (rules, routing, VPNs, ), Who, When, Where, What is the impact Realtime change alerting Save time with routing-aware firewall troubleshooting Pinpoint the exact firewalls and rules that block operational traffic Ease firewall management using policy visualization View firewall policy and connectivity in a format not available on native management consoles - saves time, makes administrative tasks much easier Enable firewall/server consolidation/migration Consolidation assistance: identify required rule changes Firewall migration assistance: policies comparison AlgoSec Inc. 11

12 AFA Solution: Extend Firewall Lifespan and Performance Improve performance through Intelligent rule reordering Based on log analysis Improve performance by cleanup: Rules: unused, duplicate, covered, disabled, timed out Objects: Unused, unattached, duplicate, empty VPN: Unused, unattached, expired,users and groups Support log analysis for over a year Analyze historical logs AlgoSec Inc. 12

13 AFA Solution: Intelligent Automation of Risk & Compliance Automated Industry Best Practice (IBP) risk analysis Out-of-the-box usability based on AlgoSec IBP Knowledgebase Shows risks ranked by severity and lists all risky rules Provides details on risks found, offers remediation guidance Friendly customizations to conform with internal policies Easy to use risk customization, trusted traffic, user-defined zone types Ensures each firewall conforms to organization-specific security policy Automatically completed compliance reports SOX, PCI-DSS, J-SOX, ISO VPN risk analysis Identify risks associated to VPN rules and objects AlgoSec Inc. 13

14 AlgoSec Delivery Options Two hardware appliance models: AlgoSec 1020 entry level CPU: Dual Core Memory: 4GB (1GB DDR2/667 x 4) AlgoSec 1080 high-performance, enterprise level CPU: 8-Core Memory: 16GB (2GB FB-DIMM x 8) Pre-built VMware soft-appliance Software only AlgoSec Inc. 14

15 Product Demo Feature Overview Security. Visibility. Governance. AlgoSec Inc. 15

16 FireFlow Network Security Policy Change Workflow Automation AlgoSec Inc. 16 Confidential

17 Firewall policy change process overview Business units make firewall change requests Often many requests per week The process of meeting the requests is complex Involves multiple people in different organizations Involves several approvals and checks Subject to audit and regulation Change planning, risk assessment rely on personal expertise Industry statistics: 20-30% of implemented rule changes are not needed! Existing systems are focused on process administration AlgoSec Inc. 17

18 Current Challenges Delays and mistakes create inefficiency and time waste Actual change may differ from original request Actual change may differ from what was approved Variable levels of expertise may introduce mistakes SLA is hard to maintain Poor visibility increases cost: Where are we in the process? Who requested / approved / implemented the change? Why was a change made? What are the impacts of a change? AlgoSec Inc. Confidential 18

19 FireFlow within Your Organization Information Security Network Operations Firewall End-user (Business Unit) Create Change Request ( Existing system, web form, ) AlgoSec Inc. 19

20 FireFlow within Your Organization Information Security Network Administration Firewall End-user (Business Unit) Translate vague request into technical requirement. Check if rule-change needed Cost saving: avoid unneeded changes AlgoSec Inc. 20

21 FireFlow within Your Organization Information Security Network Operations Firewall End-user (Business Unit) Assess risk of suggested change, Approve change AlgoSec Inc. 21

22 FireFlow within Your Organization Information Security Network Operations Firewall End-user (Business Unit) Auto-create work order create checklist of rules and firewalls to be modified AlgoSec Inc. 22

23 FireFlow within Your Organization Information Security Network Operations Apply modified policy ` A matching Policy was request modified! was found. Firewall End-user (Business Unit) Auto-detect policy changes, match to requests AlgoSec Inc. 23

24 FireFlow within Your Organization Information Security Network Operations Firewall End-user (Business Unit) Notify stakeholders of successful completion of change AlgoSec Inc. 24

25 FireFlow within Your Organization Efficiency metrics, SLA reports Information Security Unauthorized Changes Network Operations Delayed requests, Internal billing CIO, Management Audit Trail, Documentation Archive Create Flexible Reports, Visibility, and Measurable Results Audit and compliance AlgoSec Inc. 25

26 Request and Auto planning stages in FireFlow Request Translate vague incoming requests into technical requirements Convert DNS names to IP addresses Convert port firewall service name Auto Plan Identify if a policy change is needed at all Auto identify which devices participates in change process AlgoSec Inc. 26

27 Risk Check and Approval Check and Approve Identify introduction of new risks, alert if non regulation compliant Approve for implementation, or send to re-plan Issue Work Order Auto-build rule change recommendation AlgoSec Inc. 27

28 Reconciliation: Auto-match change and request Validate Ensure that implemented policy meets the request Reconcile Ensure that all requests get implemented Ensure that no unauthorized changes are made Audit View full request history Link modified rules to request history AlgoSec Inc. 28

29 Network Security Change Lifecycle. FireFlow Any questions before live demo? AlgoSec Inc. 29

30 Questions? AlgoSec Inc. 30