Public clouds such as Amazon Web Services (AWS) are a critical part of your hybrid network. It is important to keep out the bad guys (including untrusted insiders) and proactively secure your entire hybrid network.

1. OVERCOMING THE
CHALLENGES OF MANAGING
A HYBRID ENVIRONMENT
Omer Ganot, Product Manager, AlgoSec
Stuti Deshpande, Solution Architect, AWS

2. WELCOME
Havea question? Submit it via the Questions tab or email us:
Thiswebinarwill be available on-demand immediately
Additional resources willbe sharedfollowing the webinar
Joinour onlinecommunity!
2
marketing@algosec.com
https://www.algosec.com/resources

3. AGENDA
3 | Confidential
3
1
2
4
5
6
Challenges in hybrid network security
AWS- Responsibility and security services in AWS
AlgoSec- Visibility
AlgoSec- Change Management
AlgoSec- Risk and Compliance
Summary

4. MANAGINGSECURITYIN A HYBRIDENVIRONMENTIS COMPLEX
Multiple Security
Vendors andControls
3rd party on-prem
Security Vendor Products
Cloud Infra Security Controls
Security Products by Cloud
Providers and 3rd party
Multiple
Stakeholders
CISO
IT / Network Security
Cloud Teams
Security Operations
Application Developers /
DevOps
Multiple
Environments
Public Clouds
Private Clouds
4
On-Premises

5. © 2020, Amazon Web Services, Inc. orits Affiliates. All rights reserved.
Stuti Deshpande
Partner Solution Architect
Migration to AWS Cloud
Secureand Protectyour data with AWS Services

6. © 2020, Amazon Web Services, Inc. orits Affiliates. All rights reserved.
Top migration challenges we hear from customers
“We see challenges with existing software
contracts, license portability, and vendor
willingness to price reasonably during
the move of dozens/hundreds of vendors”
“We want to bring on-premises
governance controls to cloud apps”
“We want to evaluate and onboard new software
vendors during migration”
“We need to drive culture change
beyond IT as we transform our businesses
to digital and from on-premises to cloud”

7. © 2020, Amazon Web Services, Inc. orits Affiliates. All rights reserved.
Software
Compute Storage Database Networking
Client-side data
encryption
Server-side data
encryption
Network traffic
protection
Platform, applications, identity & access management
Operating system, network & firewall configuration
Customer content
AWS/customer shared responsibility
Customer’s
responsibility
AWS takes over
responsibility
from customers AWS Global
Infrastructure
AvailabilityZones Regions Edge Locations

8. © 2020, Amazon Web Services, Inc. orits Affiliates. All rights reserved.
Layered Security Services
Protect Detect Respond
Automate
Investigate
RecoverIdentify
AWS Systems
Manager
AWS Config
AWS
Lambda
Amazon
CloudWatch
Amazon
Inspector
Amazon
Macie
Amazon
GuardDuty
AWS Security
Hub
AWS IoT
Device
Defender
AWS Key
Management
Service
AWS Identity
and Access
Management
(IAM)
AWS
Single
Sign-On
Snapshot Archive
AWS
CloudTrail
Amazon
CloudWatch
Amazon VPC
AWS WAF
AWS ShieldAWS
Secrets
Manager
AWS Firewall
Manager
Detect
Protect

9. © 2020, Amazon Web Services, Inc. orits Affiliates. All rights reserved.
Monitor Network Flow and Traffic in/out VPC
• Capture logs going to and from network
interfaces in your VPC
• Published to Amazon CloudWatch Logs
or Amazon S3
• To create flow logs- use Amazon EC2
Console or Amazon EC2 API

10. © 2020, Amazon Web Services, Inc. orits Affiliates. All rights reserved.
How - to?
AWS
Shield
DDoS protection
AWS
WAF
Filter malicious web traffic
Amazon
GuardDuty
Managed threat detectionservice

11. © 2020, Amazon Web Services, Inc. orits Affiliates. All rights reserved.
Q & A

12. ACI
Other cloud vendors
THE ALGOSEC
ECOSYSTEM
Integrate
Business Process
For a completelist of supported devices visit www.algosec.com
Manage

13. ALGOSEC SIMPLIFIES SECURITY MANAGEMENT
13 | Confidential
AcrossMultipleVendors
and Security Controls
Multiple
Stakeholders
AcrossMultiple
Environments
Instant Visibility ChangeManagement Risk & Compliance

14. ALGOSEC SIMPLIFIES SECURITY MANAGEMENT
14 | Confidential
• Visibility across the entire
multi-vendor, multi-cloud network
• Correlate risks to the assets they
impact
• Understand the impact of security
controls on application connectivity
Instant Visibility ChangeManagement Risk & Compliance
• Securely migrate workloads from on-
prem to public cloud
• Uniform network model and change-
management framework
• Automation including zero-touch push of
policy changes
• Consistency across multiple clouds and
hybrid environments
• Identify risk across the entire hybrid
network and different security controls
• Full documentation and audit trail of
network security changes
• Automated compliance reports, vast
support for diverse regulations

15. 15 | Confidential
VISIBILITY

16. CHALLENGE: LACK OF VISIBILITY
Multiple clouds vendors
and security controls
within the cloud
Security team does not
own the cloud
Difficult to understand
the network structures
and flow paths
Hard to track the
operations, assets and
security controls
16 | Confidential

17. END-TO-END NETWORK VISIBILITY
Across the hybrid estate
NativeCloudSecurityModels
(SecurityGroups/NACL/NSG)
Virtualappliance
in thecloud
TraditionalFW
Virtualappliancein theSDN fabric
PrivatecloudSDN– distributed FW
17

18. END-TO-END NETWORK QUERY
18 | Confidential
• Ingress traffic filtered by a 3rd party firewall inside the Amazon estate

19. VISIBILITY INTO YOUR CLOUD ESTATE
19
Easy navigation
Know what youneed
to protect
Security controls in
each VPC/VNET
01
02
03

20. 42 | Confidential
Affected assets
Network Risk
breakdown, triggers
Across multi
cloud/account/
region/VPC/VNET
01
02
03
VISIBILITY INTO RISKS

21. VISIBILITY INTO APPLICATIONS
21

22. VISIBILITY INTO APPLICATION NETWORK FLOWS
22

23. 23 | Confidential
CHANGE MANAGEMENT

24. CHALLENGE: MANAGING SECURITY
Handling multiple vendors and technologies via various platforms
Lack of skilled personnel with cloud security expertise
Enforcing security policy consistency across multiple business units, accounts, regions
Identifying risk before the change and not after the fact
Lengthy and complex migration that may result in risky, bloated and inconsistent security policies

25. CHANGE MANAGEMENT
AND AUTOMATION
25
Zero-Touch
DevOps friendly
Automatic designand
push of changes
• End-to-end: multi-vendor,
multi-platform
• Optimized changes,
eliminate human error
Full documentation and
audit trail
Secure migrationof
workloads from on-prem
to public cloud
What-if riskcheck

26. SIMPLIFY APPLICATION MIGRATIONACROSSTHE HYBRIDNETWORK
26 | Confidential
ANALYZE
connectivity rules in
“controllable” chunks
PUSH
One chunk every
weekend
VALIDATE
Test old and new
connectivity
REMOVE
old connectivity rules
Time to market measuredinMONTHS
Existing Processes are
Manual, Painfuland ErrorProne
Application Migration
Use Cases
Projects
• Moving to the Cloud
• Data Center Consolidation
Ongoing
• Disaster Recovery
• DevOps (Dev/Test/Prod)
With AlgoSec
Analyze, pushand
validate hundredsof
rulesin hours!

27. CHANGE AUTOMATION FLOW
Request a
network
change
Map
devicesin
path
Plan the
Rules
Implement
the change
on the
devices
Validatethe
change
What-if
risk analysis
for all devices
involved

28. CHANGE REQUEST – DEVICES IN PATH

29. CHANGE REQUEST – RISK CHECK
29 | Confidential

30. CHANGE REQUEST - IMPLEMENTATION
- Smart recommendations to add/modify rules
- Automatically push the change to the target
cloud account

31. CENTRAL POLICY MANAGEMENT

32. 32 | Confidential
RISK & COMPLIANCE

33. CHALLENGE: RISK AND COMPLIANCE
Identifying risk across
the entire hybrid
network different
security controls
Risk remediation
across the different
controls
Keeping up with
internal and regulatory
standards
Obtaining compliance
status of the entire
network
Maintaining ongoing
documentation and
audit trail
Audit preparation time

34. MANAGESECURITYRISKSOF CLOUDASSETS
Filter risks by account
(Roadmap)
Network Risk
breakdown
Risk triggers
01
02
03

35. 42 | Confidential
Flow logs usage
indication
Risk triggers,
affected assets
Actionable risk
remediation
04
05
06
RISK BREAKDOWN

36. 42 | Confidential
Observe the
risky rule
context
Remediate the risk
directly from
CloudFlow
07
08
RISK REMEDIATION

37. 42 | Confidential
POLICY CLEANUP
Easily identify
unused rules,
bloating the policy
and exposing risk
01
02.
Efficiently remove
the unused rules
across multiple
security controls
02

38. REGULATORY COMPLIANCE

39. REGULATORY COMPLIANCE

40. • Managing security in a hybrid environment is complex
• Easy to achieve agility, harder to keep it secure
• AlgoSec and AWS are your partners for:
• Multi-layered security
• Extended visibility across hybrid and multi-cloud environments
• Hybrid-cloud capable Change Management
• Proactive risk analysis and remediation with compliance
assurance and audit-readiness
40
SUMMARY

41. Q & A
To request and evaluation
marketing@algosec.com

42. THANK YOU