How to Take the Fire Drill out of Making Firewall Changes

“Complexity is the worst enemy of security” - Bruce Schneier

• Application Connectivity

• Data Center Migration/Consolidation

• Decommissioned Applications

• M&A

• Next-Generation Policies • (External) Applications

• Users

• Devices

• New Threats

This is Not a Formal Policy

Source: The State of Network Security 2013

20.2% 22.1%

54.5%

43.6%

25.8%

16.6%

23.0% 25.2%

32.5%

0%

10%

20%

30%

40%

50%

60%

70%

80%

In your organization, an out-of-process change has resulted in...

2012

2013

Application Outage

Network Outage

Data Breach System Outage Failing an Audit None of the above

2013Source: The State of Network Security

30%

of Changes

Made are Unneeded

“The best way to manage network

security operations is to

link security and operations

through change management and

change control, and to supplement

and accelerate automation.”

Dissecting the Security

Change Workflow

The Security Change Workflow

Request Analysis

Approval Implementation

Design Execution/ Verification

Audit the Change Process

Recertify Rules

Measure SLAs Security Operations

Compliance Executive

Operations

11

Request Analysis

• Who can make a request?

• Avoiding miscommunication

• What can be requested? • Add access

• Remove access

• Recertify access

• Change/Remove objects

• Prioritization

• Eliminating “already works”

• Discovering relevant devices

12

Approval

• Risk analysis

• Compliance analysis

• Legal analysis

• Serial vs. Parallel

• Escalation

• Documentation!

13

Implementation/Design

• Create new vs. edit existing

• Reusing objects

• Testing the new rule

• Pushing the new rule

14

Execution/Verification

• Verify correct execution

• Notify requestor

• Request/Change reconciliation

15

Tips to Take

the Fire Drill out of

Firewall Changes!

“It is especially critical for people to

document the rules they add or change

so that other administrators know the

purpose of each rule and who to contact

about them. Good documentation can

make troubleshooting easy and reduces

the risk of service disruptions that can be

caused when an administrator deletes or

changes a rule they do not understand.”

- Todd, InfoSec Architect, United States

17

Tip 1: Document, Document, Document

“Perform reconciliation between change requests and actual performed changes – looking at the unaccounted changes will always surprise you. Ensuring every change is accounted for will greatly simplify your next audit and help in day-to-day troubleshooting.”

- Ron, Manager, Australia

18

Tip 2: Ensure Accountability

19

Tip 3: Ensure an Application-Centric View

• Provide centralized visibility of

application connectivity needs

• Understand the impact of application

changes on the network and vice-versa

• Understand firewall rule and

application interdependency to safely

decommission applications

Your Security Change Management Solution Must:

1. Be firewall-aware

2. Support all firewalls and routers in your network

3. Be topology-aware

4. Integrate with your existing CMS

5. Provide application-level visibility and change impact analysis

6. Easily customize to your business processes

20

Look for these Key Capabilities

Security Change Automation

with the

AlgoSec Security

Management Suite

Security Infrastructure

Business Applications

Managing Security at the Speed of Business

22

Application Owners Security Network Operations

Faster Security Provisioning for Business Applications

Align Teams for Improved Agility and Accountability

ROI in less than 1 Year!

Gain Total Visibility and Control of your Security Policy

AlgoSec Security Management Suite

Security Infrastructure

Business Applications

The AlgoSec Suite - BusinessFlow

23

Application Owners Security Network Operations

AlgoSec Security Management Suite

BusinessFlow

Application-Centric Policy Management

• Easily provision connectivity for business applications

• Improve visibility and application availability

• Securely decommission applications

• Translate business requirements to underlying policy

Business Applications

Security Infrastructure

The AlgoSec Suite – Firewall Analyzer

24

Application Owners Security Network Operations

AlgoSec Security Management Suite

BusinessFlow Firewall Analyzer

Security Policy Analysis

• Automate and streamline firewall operations

• Ensure a secure and optimized policy

• Conduct audits in hours instead of weeks

Business Applications

Security Infrastructure

The AlgoSec Suite – FireFlow

25

Application Owners

AlgoSec Security Management Suite

BusinessFlow FireFlow Firewall Analyzer

Security Policy Change Automation

• Process changes 2x-4x faster

• Improve accuracy and accountability

• Ensure continuous compliance and security

Security Network Operations

Business Impact

26

Annual Savings

Reduction in Auditing Expenses $192,000

Reduction in Change Request Processing Time $180,000

Reduction in Troubleshooting Resolution Time $90,000

Extended Lifespan of Hardware $47,500

Total Annual Savings $509,500

3 Year Savings $1,528,500

Sample Organization

• 50 Network Firewalls

• Loaded IT cost - $60/hour

• 2 changes per firewall per month

Generate your own ROI report at AlgoSec.com/ROI

A Real Life,

Automated, Firewall

Change Workflow

Q&A and Next Steps

Download the Security Change Management ebook @ www.algosec.com/securitychanges_ebook

Calculate your potential ROI @ www.algosec.com/ROI

Evaluate the AlgoSec Security Management Suite @ www.algosec.com/eval

28

Connect with AlgoSec on:

www.AlgoSec.com

Managing Security at the Speed of Business