Public clouds such as Amazon Web Services (AWS) are a critical part of your hybrid network. It is important to keep out the bad guys (including untrusted insiders) and proactively secure your entire hybrid network.
Why Teams call analytics are critical to your entire business
2020 09-30 overcoming the challenges of managing a hybrid environment - aws algo sec joint webinar - final2
1. OVERCOMING THE
CHALLENGES OF MANAGING
A HYBRID ENVIRONMENT
Omer Ganot, Product Manager, AlgoSec
Stuti Deshpande, Solution Architect, AWS
2. WELCOME
Havea question? Submit it via the Questions tab or email us:
Thiswebinarwill be available on-demand immediately
Additional resources willbe sharedfollowing the webinar
Joinour onlinecommunity!
2
marketing@algosec.com
https://www.algosec.com/resources
3. AGENDA
3 | Confidential
3
1
2
4
5
6
Challenges in hybrid network security
AWS- Responsibility and security services in AWS
AlgoSec- Visibility
AlgoSec- Change Management
AlgoSec- Risk and Compliance
Summary
4. MANAGINGSECURITYIN A HYBRIDENVIRONMENTIS COMPLEX
Multiple Security
Vendors andControls
3rd party on-prem
Security Vendor Products
Cloud Infra Security Controls
Security Products by Cloud
Providers and 3rd party
Multiple
Stakeholders
CISO
IT / Network Security
Cloud Teams
Security Operations
Application Developers /
DevOps
Multiple
Environments
Public Clouds
Private Clouds
4
On-Premises
14. ALGOSEC SIMPLIFIES SECURITY MANAGEMENT
14 | Confidential
• Visibility across the entire
multi-vendor, multi-cloud network
• Correlate risks to the assets they
impact
• Understand the impact of security
controls on application connectivity
Instant Visibility ChangeManagement Risk & Compliance
• Securely migrate workloads from on-
prem to public cloud
• Uniform network model and change-
management framework
• Automation including zero-touch push of
policy changes
• Consistency across multiple clouds and
hybrid environments
• Identify risk across the entire hybrid
network and different security controls
• Full documentation and audit trail of
network security changes
• Automated compliance reports, vast
support for diverse regulations
16. CHALLENGE: LACK OF VISIBILITY
Multiple clouds vendors
and security controls
within the cloud
Security team does not
own the cloud
Difficult to understand
the network structures
and flow paths
Hard to track the
operations, assets and
security controls
16 | Confidential
17. END-TO-END NETWORK VISIBILITY
Across the hybrid estate
NativeCloudSecurityModels
(SecurityGroups/NACL/NSG)
Virtualappliance
in thecloud
TraditionalFW
Virtualappliancein theSDN fabric
PrivatecloudSDN– distributed FW
17
18. END-TO-END NETWORK QUERY
18 | Confidential
• Ingress traffic filtered by a 3rd party firewall inside the Amazon estate
19. VISIBILITY INTO YOUR CLOUD ESTATE
19
Easy navigation
Know what youneed
to protect
Security controls in
each VPC/VNET
01
02
03
20. 42 | Confidential
Affected assets
Network Risk
breakdown, triggers
Across multi
cloud/account/
region/VPC/VNET
01
02
03
VISIBILITY INTO RISKS
24. CHALLENGE: MANAGING SECURITY
Handling multiple vendors and technologies via various platforms
Lack of skilled personnel with cloud security expertise
Enforcing security policy consistency across multiple business units, accounts, regions
Identifying risk before the change and not after the fact
Lengthy and complex migration that may result in risky, bloated and inconsistent security policies
25. CHANGE MANAGEMENT
AND AUTOMATION
25
Zero-Touch
DevOps friendly
Automatic designand
push of changes
• End-to-end: multi-vendor,
multi-platform
• Optimized changes,
eliminate human error
Full documentation and
audit trail
Secure migrationof
workloads from on-prem
to public cloud
What-if riskcheck
26. SIMPLIFY APPLICATION MIGRATIONACROSSTHE HYBRIDNETWORK
26 | Confidential
ANALYZE
connectivity rules in
“controllable” chunks
PUSH
One chunk every
weekend
VALIDATE
Test old and new
connectivity
REMOVE
old connectivity rules
Time to market measuredinMONTHS
Existing Processes are
Manual, Painfuland ErrorProne
Application Migration
Use Cases
Projects
• Moving to the Cloud
• Data Center Consolidation
Ongoing
• Disaster Recovery
• DevOps (Dev/Test/Prod)
With AlgoSec
Analyze, pushand
validate hundredsof
rulesin hours!
27. CHANGE AUTOMATION FLOW
Request a
network
change
Map
devicesin
path
Plan the
Rules
Implement
the change
on the
devices
Validatethe
change
What-if
risk analysis
for all devices
involved
33. CHALLENGE: RISK AND COMPLIANCE
Identifying risk across
the entire hybrid
network different
security controls
Risk remediation
across the different
controls
Keeping up with
internal and regulatory
standards
Obtaining compliance
status of the entire
network
Maintaining ongoing
documentation and
audit trail
Audit preparation time
40. • Managing security in a hybrid environment is complex
• Easy to achieve agility, harder to keep it secure
• AlgoSec and AWS are your partners for:
• Multi-layered security
• Extended visibility across hybrid and multi-cloud environments
• Hybrid-cloud capable Change Management
• Proactive risk analysis and remediation with compliance
assurance and audit-readiness
40
SUMMARY
41. Q & A
To request and evaluation
marketing@algosec.com