The Security Policy Management Maturity Model: How to Move Up the Curve
 

The Security Policy Management Maturity Model: How to Move Up the Curve

on

  • 366 views

Rising network complexity and increased demands on business agility are rapidly hindering the traditional approach to managing security policies. The Security policy management maturity model can help ...

Rising network complexity and increased demands on business agility are rapidly hindering the traditional approach to managing security policies. The Security policy management maturity model can help you better understand your current network environment and provide you with a roadmap for improving both your security AND agility. Learn:
- The four stages of the maturity model
- How to compare your environment to the different stages
- Tips for orchestrating security policy management
- Real-life examples of benefits achieved by "moving up the curve"

Statistics

Views

Total Views
366
Views on SlideShare
326
Embed Views
40

Actions

Likes
0
Downloads
12
Comments
0

2 Embeds 40

http://www.algosec.com 28
http://root-networks.com 12

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    The Security Policy Management Maturity Model: How to Move Up the Curve The Security Policy Management Maturity Model: How to Move Up the Curve Presentation Transcript

    • The Security Policy Management Maturity Model
    • Our Speakers Eric Ogren Principal Analyst The Ogren Group Nimmy Reichenberg VP Strategy AlgoSec 2
    • We Need to Evolve!
    • Complexity 4
    • Modern Threats
    • Speed of Business
    • The Security Management Maturity Model Level 4 - Visionary Level 3 - Advanced Level 2 - Emerging Level 1 - Initial 7
    • Using the Maturity Model Assess Evaluate Implement 8
    • Poll 9
    • Level 1 - Initial • Limited understanding of why each rule is in place • Change management is manual; many changes must be redone • Limited visibility of impact to network traffic • Time-consuming audits • Rules are rarely deleted for fear of breaking something • Manual risk analysis of the firewall policy 10
    • Recommendations for Level 1 1. Review (or create) documentation for firewall rules 2. Get an accurate picture of your network traffic so you understand what your policy is actually doing 3. Define your ideal change management process 4. Establish regular projects to clean up firewall and router rules and ACLs 5. Review risk analysis and compliance processes 6. Assess benefits of automation 11
    • Level 2 - Emerging • Automated monitoring and alerting of policy changes • Real-time, up-to-date topology visibility • Automated compliance reporting • Automated policy optimization and risk analysis • No overly permissive rules (E.g. ANY) • Change management still manual and error-prone with teams working in silos 12
    • Recommendations for Level 2 1. Make sure security and network teams are aligned and agree on change management processes 2. Measure the time required for each step of a change request to identify bottlenecks 3. Conduct reconciliation between requests and changes made to identify out-of-process changes 4. Assess the value of automation as part of a firewall- and network-aware change process 13
    • Level 3 - Advanced • Automated change process improves business agility • Continuous compliance • Out-of-process changes are discovered and “already works” change requests are automatically closed • Basic documentation and limited visibility of application connectivity needs (E.g. spreadsheets) • Poor communications with business stakeholders and application owners 14
    • Recommendations for Level 3 1. Review processes for documenting application connectivity needs 2. Assess gaps between application and network teams relating to the security and network infrastructure 3. Review processes for decommissioning applications and related unused firewall rules 4. Examine options for making business owners “own the risk” and vulnerabilities in their applications 5. Assess tools which provide application-centric approaches to managing the network security policy 15
    • Level 4 - Visionary • Fast and efficient security provisioning of business applications • Application, security and operations teams are aligned • Secure decommissioning of applications; removing rules no longer in use • No application outages due to firewall misconfigurations • View of risk from the application perspective 16
    • If you have made this far you should enjoy… 1. Improved application availability – even during a data center migration 2. Faster service delivery 3. Alignment across IT, security and the business 4. Tighter security policies to improve defense against cyber-attacks 5. More time, resources and budget to focus on strategic initiatives 17
    • Poll 18
    • The AlgoSec Security Management Suite Confidentia 19 l
    • Managing Security at the Speed of Business Application Owners Network Operations Security AlgoSec Security Management Suite Faster Security Provisioning for Business Applications Business Applications Align Teams for Improved Agility and Accountability Gain Total Visibility and Control of your Security Policy Security Infrastructure 20
    • The AlgoSec Suite Application Owners Network Operations Security AlgoSec Security Management Suite BusinessFlow Firewall Analyzer Business Application Connectivity Mgmt Business Applications FireFlow Security Policy Change Automation Security Policy Analysis & Audit Security Infrastructure 21
    • Q&A and Next Steps Download the Security Policy Management Maturity Model @ www.algosec.com/maturitymodel Download the Security Change Management ebook @ www.algosec.com/securitychanges_ebook Evaluate the AlgoSec Security Management Suite @ www.algosec.com/eval 22
    • Managing Security at the Speed of Business www.AlgoSec.com Connect with AlgoSec on: