Intelligent Firewall Management A Key Ingredient for Network

Consolidation Success

Michelle Johnson Cobb

VP Marketing

SANS Webcast

May 23, 2012

Skybox Security Overview

© 2012 Skybox Security

• Proven deployments in complex networks

• Financial Services, Government, Defense, Energy &

Utilities, Retail, Service Providers, Manufacturing, Tech

Global 2000 Customers

• 85% growth in 2011

• 300 customers in 32 countries

Accelerating Rapidly

2

• Automated Firewall Management

• Continuous Network Compliance and Modeling

• Risk and Vulnerability Management

Leader in Security Risk Management Solutions

High Performing Organizations

Choose Skybox Security

© 2012 Skybox Security

Financial

Services

Service

Providers

Energy &

Utilities

Gov &

Defense Others

3

Webcast Agenda

• Complexity Drives Consolidation

• Firewall Consolidation Challenges

• Case Study: Global Manufacturer

• Simplifying Firewall Consolidation

• Best Practice Firewall Management • Data Normalization

• Configuration Compliance

• Change Control

• Optimization

• Open API

• Choosing the Right Firewall

Management Tool

Network Complexity and Scale is

a Huge Challenge

Enterprise network

• 55,000 nodes

• 300 firewalls

• 25,000 rules

• 65 network changes/day

• 10,000 daily reported vulnerabilities

© 2012 Skybox Security 5

Heterogeneous Networks

Mean Multiple Device Languages

© 2012 Skybox Security 6

Hard to Manage and Troubleshoot

• Time consuming to identify

root cause of security or

access issues

• Unchecked rulesets impact

performance

• Firewall and network policy

overlaps and unused rules

• Redundant device

functionality – but where?

7

Security Challenges

Outpace Ability to Execute

• Fast growth and changes

• BYOD, cloud, virtualization challenges

• Continuous threats

• Network and security analysis complicated

• Security team can’t keep up!

• Can you achieve a 16X improvement in 4 years?

© 2012 Skybox Security 8

0

20

40

60

80

100

120

140

2009 2010 2011 2012 2013 2014

Security

challenges

Ability to execute

Case Study: Network Security

Consolidation Project

The Situation

The Mission

Global

Brewery

• Improve visibility of the interaction between network

infrastructure, security controls and policies

•Use this knowledge to optimize and consolidate the network

security infrastructure

•Reduce latency, improve security, reduce management costs

• Numerous daily network changes

• Large rulesets affecting performance

• 70+ locations

• 60 firewalls

• Numerous acquisitions increased network complexity

• Business services to some locations were disrupted by

latency issues

• Excessive time to traverse multiple firewalls

Case Study: Results

The Solution

Verified Results

Global

Brewery

• Eliminated 20% of firewalls

• Reduced rulesets by 80%

• Cut roundtrip latency by 50%

• Easier to manage, reduced risk level

• Skybox Security for

• Firewall policy analysis

• Ruleset optimization

• Network visibility

• Network and risk modeling and simulation

• Access path analysis

Simplifying Firewall Consolidation

Help us visualize and

analyze the situation Identify options to optimize

firewalls and rule sets

Will changes break services

or cause security holes?

Network Device Visualization and

Analysis

Help us visualize and

analyze the situation

Network modeling

Firewall policy analysis

Configuration analysis

Access compliance

Create a Network Model

13

• Import topology data

• Device configs

• Routing tables

• Automatically create a

hierarchical model tree,

grouping hosts by

TCP/IP network

• Add function,

location, type

• Analyze model to detect

missing info – hosts, ACLs,

routing rules for gateways

Network

Assurance

Network context

is important!

Automating Firewall Analysis

Best

Practice

Policy

Configuration

Repository Firewalls

Security

Team

Network

Operations

Basic

Firewall

Checks

Access

Compliance

Analysis

Normalized Firewall Configuration Repository

Firewall Analysis Workflow

Corporate

Policies

Reports

1

2

3 4 5

Automated Data Collection

Normalize the Firewall Data

• Remove vendor-specific

language

• Consolidated view to

compare results

• Use same features across

all types of firewalls

• More efficient analysis

Firewall Policy Compliance

Analysis

• Security best practices

• Platform configuration

checks

• Basic rule analysis

• Syntax

• Audit each rule by itself

• Not topology aware

Chang

e

Severi

ty

Modify

Paramet

ers

Find all Access Paths

• Complete End-to-

End path analysis

• Highlighting

ACL’s and routing

rules

• Supports NAT,

VPN, Dynamic

Routing and

Authenticated

rules

17

Determine Rules Allowing Access

• Find blocking

or allowing

devices

• Show rules

involved

• View routes

18

Firewall Optimization and Cleanup

Firewall performance can

degrade over time Too many rules

Redundant rules

Shadowed rules

Automated analysis can help

you speed up your firewalls--

regardless of vendor language

What are best options to

optimize firewalls?

Find Shadowed and Redundant

Rules

• Analysis runs against imported, normalized view of

firewall configurations

Rule Usage Analysis

• Automatically examine rulebase from firewall logs

(LEA, syslog) for:

• Unused rules and objects

• Partially used rules and objects

• Rule and object hit count

Planning Firewall Changes

Preventive - Assess impact of changes

before deployment

Ensure access to critical services

Track changes

Process improvements - change workflow

Will changes cause service

access issues or security holes?

Assess Planned Changes in

Advance • “What if” analysis - side by side comparison

Ensure Access to Critical Services

Access required: Remote access to business service

Identify Relevant Firewalls

Access requested: Remote access to business service

Firewall blocks the desired

action – change required

Firewall allows the action – no change needed

Troubleshoot Potential Access

Issues

Analyze inaccessible routes

- Quickly determine which

firewalls are blocking

access

- Shows which rules are

involved on each device

Network

Assurance

Access Analyzer

Verify Access Compliance

• Topology intelligence

• Use knowledge of what the

firewall is protecting

• Allows holistic review of

the firewall ruleset –

including NAT, VPN,

routing rules

• Better compliance

analysis

• PCI DSS

• NIST

• Custom policies

Track Changes

• Maintain history of changes to rules and objects in a normalized view

Requirements for a Firewall

Management Tool

• Normalize data

• Automate all tasks – data collection, analysis, reporting

• Policy compliance analysis

• Access analysis and troubleshooting

• Find unused rules • Eliminates potential attack scenarios

• Optimize the rulebase • Improves firewall performance

• Produce reports • Demonstrate compliance on-demand

• Documenting changes

Skybox Product Portfolio

© 2012 Skybox Security 30

Firewall Assurance

Automated firewall

analysis and audits

Change Manager

Complete firewall

change workflow

Network Assurance

Network compliance and

access path analysis

Risk Control

Identify exposed

vulnerabilities

Threat Manager

Workflow to address

new threats

Questions? Submit a question via chat

Remember to select ‘send to Moderators’

Or www.skyboxsecurity.com/contact-us

Thank you!

© 2012 Skybox Security 31