SlideShare a Scribd company logo

Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management

Download as PPTX, PDF
AlgoSec
AlgoSec

Yonatan Klein, Director of Product Management (AlgoSec) While your network extended beyond the confines of the physical data center and you started using Software Defined Networks (SDN) such as Cisco ACI, managing security policies within your hybrid estate is complex. Each part of your network estate is managed in its own independent silo instead of being holistically managed. Learn how to unify, consolidate and automate your entire network security policy management including both the Cisco ACI SDN fabric and elements outside the SDN fabric. In this webinar, Yonatan Klein, Director of Product Management at AlgoSec, explains how to centralize your security policy management throughout your network and the unique challenges required to manage an SDN fabric, such as Cisco ACI, in order get the most out of your entire network. He covers how to: - Proactively assess risk throughout your network, including Cisco ACI contracts, and recommend the necessary changes to eliminate misconfigurations and compliance violations - Gain full visibility and unify security policy management of your entire hybrid network estate, simulate traffic routes and security policy for ACI and other network devices - Manage traffic change requests in a holistic manner, including automatically pushing security policy changes to Cisco ACI by creating contracts and filters to enforce data center whitelist policy; as well as identifying and provisioning changes to firewalls both within the ACI fabric as well as other network security controls that are on-premises and in the cloud

Technology
1 of 54
Cisco ACI and your entire hybrid network Breaking down the Silos with Holistic Central Policy Management Yonatan Klein Director, Product Management
POLL #1: HOW MANY CISCO TECHNOLOGIES DO YOU RUN IN YOUR DATA CENTERS? (FIREWALLS, ROUTERS, ACI SDN, TETRATION, ISE ETC.) Please vote using the “Votes from Audience” tab in your BrightTALK panel 2 • None • 1 • 2-4 • More than 5
WELCOME Have a question? Submit it via the chat tab or email us: This webinar is being recorded! The recording will be emailed to you after the webinar And the slides will be available in the attachments tab Follow AlgoSec online ! 3 marketing@algosec.com
Risky & Compliance Policy visibility AlgoSec and Cisco ACI AGENDA AlgoSec Background Case Study Network-wide change automation Consider also service graphs AlgoSec and Tetration
Founded 2004 1800+ Enterprise Customers Serving 20 of the Fortune 50 24/7 Support via 3 Global Centers Passionate about Customer Satisfaction 5 CORPORATE OVERVIEW 2 | Confidential
6 | Confidential AlgoSec enables companies to align security with their business processes Business-driven Agility Business-driven Visibility Business-driven Security BUSINESS DRIVEN SECURITY MANAGEMENT
Business-Driven Security Business-Driven Agility Business-Driven Network Security Policy Management Unified Visibility Across Cloud, SDN & On-Premise Enterprise Networks BUSINESS-DRIVEN SECURITY MANAGEMENT USE CASES 7 Auditing & Compliance Risk Management Business Continuity Cloud Security Change Management Incident Response DevOpsMicro- Segmentation Digital Transformation
Integrate Business Process For a complete list of supported devices visit www.algosec.com Manage ACI
Risky & Compliance Policy visibility AlgoSec and Cisco AGENDA AlgoSec Background Case Study Network-wide change automation Consider also service graphs AlgoSec and Tetration
SUPERIOR SUPPORT FOR CISCO DEVICES • Existing • Security: ASA, FirePOWER • Networking: IOS, Nexus • Private Cloud: ACI • SD-Access: ISE • Discovery: Tetration 10 | Confidential STRONG PARTNERSHIP • Synergetic use-cases • ACI adoption • Tetration value proposition • Technical cooperation • Business cooperation FOCUS ALGOSEC CISCO FOCUS
11 | Confidential CHALLENGES CUSTOMERS ARE FACING WHY ALGOSEC FOR CISCO ACI Cisco Application Centric Infrastructure (ACI) facilitates application agility and data center automation. This SDN architecture integrates physical and virtual environments, both on-premises and on multiple public clouds, under one policy model for networks, servers, storage, services, and security. “ “
BUT CISCO ACI IS ALREADY SDN, WHY DO WE NEED ALGOSEC? 12 | Confidential
ALGOSEC MANAGES THE HYBRID NETWORK 13 Confidential ACI Data Center Data Center FWs (L4-L7 services) • Visibility & Compliance • Automatic Provisioning • Business Applications Perimeter & Upstream FWs
POLL #2: WHAT IS YOUR MOST CRITICAL CHALLENGE WITH MANAGING NETWORK SECURITY? Please vote using the “Votes from Audience” tab in your BrightTALK panel 14 • Lack of overall visibility • Missing qualified personnel (too many platform to manage) • Hard to keep up with SLA to stake holder requests • Maintenance and cleanup of policy
ALGOSEC OFFERING – APPLIED TO Significantly simplify and reduce audit preparation efforts and costs - supports all the industry regulatory standards Security policy visibility across the entire network, including Cisco ACI Automated security policy change management for multi-vendor devices across the entire estate, including policy push Risk and compliance analysis for Cisco ACI contracts alongside firewall security policies
Risky & Compliance Policy visibility AlgoSec and Cisco AGENDA AlgoSec Background Case Study Network-wide change automation Consider also service graphs AlgoSec and Tetration
POLICY VISIBILITY: DEPLOYMENT MODE 17 |
POLICY VISIBILITY – ACROSS THE DATA CENTER 18 |
TRACK AND IDENTIFY CHANGES (INCL. OUT OF BAND) 19 |
Risky & Compliance Policy visibility AlgoSec and Cisco AGENDA AlgoSec Background Case Study Network-wide change automation Consider also service graphs AlgoSec and Tetration
• Continuous visibility to the network risk posture of your ACI fabric • Group reporting for the security posture of the entire network • Based on the organization’s Risk Profile • Regulatory Compliance (e.g., PCI, GDPR) • C-Level charts and dashboards • What-if risk analysis to avoid new risks during change management RISK AND COMPLIANCE ASSESSMENT 21
REPORT PER TENANT OR GROUP REPORT 22 |
OVERALL RISK VIEW 23 |
RISK DRILL DOWN 24 |
IDENTIFY THE RISKY RULES 25 |
AUTOMATED REGULATORY COMPLIANCE REPORTS 26 |
27 | Confidential Validate the change Map devices in path Check for risk involved Plan the Rules Implement the change on the devices CHANGE AUTOMATION Request a network change
IT ALL STARTS WITH A BUSINESS APPLICATION 28 |
BUSINESSFLOW PRESENTS APP FLOWS 29 |
WE DEFINE A NEW FLOW WITH A NEW NETWORK OBJECT 30 |
STEP 1: A NEW CHANGE REQUEST TO ALLOW THIS FLOW 31 |
STEP 2: IDENTIFY DEVICES IN THE PATH 32 |
STEP 2: IDENTIFY DEVICES IN THE PATH 33 |
STEP 3: RISK CHECK Risk check • Best practice (out of the box risks) • Customer defined network sermentations CHANGE
STEP 4: DESIGN THE RULE POLICY 35 |
STEP 5: IMPLEMENT ON DEVICE 36 |
LET’S REVIEW THIS WITHIN ACI GUI 37 |
LET’S REVIEW THIS WITHIN ACI GUI 38 |
Risky & Compliance Policy visibility AlgoSec and Cisco AGENDA AlgoSec Background Case Study Network-wide change automation Consider also service graphs AlgoSec and Tetration
POLL #3: DO YOU EMPLOY A MICROSEGMENTATION STRATEGY? Please vote using the “Votes from Audience” tab in your BrightTALK panel 40 • Yes, our datacenters are already designed with microsegmentation filtering • We have plans to introduce a microsegmentation design • This is not planned, we keep perimeter firewalls only
SERVICE GRAPH – DEVICES IN PATH 41 |
SERVICE GRAPHS IN ACI Challenge: provision ALL relevant security controls 42 | “Cisco designed the service graph technology to automate the deployment of an L4-L7service in the network. Cisco ACI doesn’t provision the L4-L7 device itself, but it can configure it as part of the same configuration that creates tenants, bridge domains, and Endpoint Groups (EPGs).”
SGR SUPPORT- IDENTIFYING RELEVANT DEVICES 1. An ACI tenant found relevant for the requested traffic 2. Two firewalls automatically added by customizable logic as they are part of an SGR defined on the ACI tenant found below
44 | Confidential CHALLENGES CUSTOMERS ARE FACING ALGOSEC & CISCO TETRATION Cisco Tetration offers holistic workload protection for multicloud data centers by enabling a zero-trust model using segmentation. This approach allows you to identify security incidents faster, contain lateral movement, and reduce your attack surface. Tetration's infrastructure-agnostic approach supports both on- premises and public cloud workloads. “ “
ALGOSEC & TETRATION – JOINT SOLUTION Green field (Micro-segmentation) • Discover application connectivity and dependencies • Risk and compliance analysis • Generate optimized micro- segmentation security policies • Push policies to various security devices (firewalls, SDN, end-point) • Extend Tetration’s enforcement to network security devices • Automatically map business applications to underlying network security infrastructure • Business-driven risk, vulnerability and compliance analysis as well as policy management and rule cleanup Unique! Ongoing + Brown field
SOLUTION FLOW Business Flow FireFlow Single pane of glass End-to-end automation Continuous compliance Business context Push to Devices
Risky & Compliance Policy visibility AlgoSec and Cisco AGENDA AlgoSec Background Case Study Network-wide change automation Consider also service graphs AlgoSec and Tetration
Data Center ACI SOLUTION OVERVIEW – LARGE EUROPEAN BANK  Visibility  Automatic Provisioning  Business Context Perimeter & Upstream FWs Data center firewalls (East-West filtering) • Tetration performs application dependency mapping • AlgoSec automatically updated and generates security policy • AlgoSec automatically creates Cisco ACI contracts and updates relevant Fortinet firewall policies in data center • AlgoSec automatically updates perimeter & upstream firewalls as needed
49 | TAKEAWAYS AlgoSec focus on Cisco technology This means AlgoSec maintains market leadership in Cisco support Micro-Segmentation is key to tight network security Tetration and AlgoSec help with micro-segmentation design and provisioning SDN does not mean all your problems are gone AlgoSec considers connectivity of your SDN to rest of the network; assures security AlgoSec’s Cisco support isn’t just about Firewalls Also Cisco ACI, Routers, identity and more
50 | Confidential https://www.algosec.com/resources Collateral Videos Designated Webpage
Connect with AlgoSec Where You Are Q&A 51 Send us your questions Request a Free Evaluation: marketing@algosec.com youtube.com/user/AlgoSec linkedin.com/company/AlgoSec facebook.com/AlgoSec twitter.com/AlgoSec www.AlgoSec.com/blog
UPCOMING WEBINARS • Aug 6 Putting the “NetSec” into DevOps with Network Security Automation • Aug 13 What to ask before choosing a Network Security Management Solution • Sept 26 Microsegmentation
THE PREMIER EVENT FOR ALGOSEC CUSTOMERS & CHANNEL PARTNERS 53 Australia – September Dallas, TX – October 21-24 2019 www.algosec.com/algosummit
THANK YOU! Contact us: marketing@algosec.com

Recommended

Cloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsCloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrations
AlgoSec
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
AlgoSec
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network final
AlgoSec
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud
AlgoSec
 
More Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management SuiteMore Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management Suite
AlgoSec
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
AlgoSec
 
2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution
AlgoSec
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final
AlgoSec
 

Recommended

Cloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsCloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrations
AlgoSec
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
AlgoSec
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network final
AlgoSec
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud
AlgoSec
 
More Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management SuiteMore Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management Suite
AlgoSec
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
AlgoSec
 
2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution
AlgoSec
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final
AlgoSec
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to execution
AlgoSec
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarBuild and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinar
AlgoSec
 
compliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarcompliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinar
AlgoSec
 
Migrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best PracticesMigrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best Practices
shira koper
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
AlgoSec
 
Best Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change ProcessesBest Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change Processes
Adi Gazit Blecher
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation
Maytal Levi
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
AlgoSec
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware
AlgoSec
 
2018 10-11 automating network security policy management allows financial ins...
2018 10-11 automating network security policy management allows financial ins...2018 10-11 automating network security policy management allows financial ins...
2018 10-11 automating network security policy management allows financial ins...
AlgoSec
 
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application ConnectivityMovin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
shira koper
 
DevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOpsDevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOps
shira koper
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best Practices
AlgoSec
 
AlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarAlgoSec Application Migration Webinar
AlgoSec Application Migration Webinar
Maytal Levi
 
2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...
AlgoSec
 
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentManaging Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
AlgoSec
 
Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Security
shira koper
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
AlgoSec
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinar
AlgoSec
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)
AlgoSec
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
Maytal Levi
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarCisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
Maytal Levi
 

More Related Content

What's hot

Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to execution
AlgoSec
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarBuild and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinar
AlgoSec
 
Migrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best PracticesMigrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best Practices
shira koper
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
AlgoSec
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation
Maytal Levi
 
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application ConnectivityMovin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
shira koper
 
DevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOpsDevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOps
shira koper
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best Practices
AlgoSec
 
AlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarAlgoSec Application Migration Webinar
AlgoSec Application Migration Webinar
Maytal Levi
 
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentManaging Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
AlgoSec
 
Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Security
shira koper
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
AlgoSec
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinar
AlgoSec
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)
AlgoSec
 

What's hot (20)

Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to execution
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarBuild and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinar
 
compliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarcompliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinar
 
Migrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best PracticesMigrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best Practices
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
 
Best Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change ProcessesBest Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change Processes
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware
 
2018 10-11 automating network security policy management allows financial ins...
2018 10-11 automating network security policy management allows financial ins...2018 10-11 automating network security policy management allows financial ins...
2018 10-11 automating network security policy management allows financial ins...
 
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application ConnectivityMovin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
 
DevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOpsDevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOps
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best Practices
 
AlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarAlgoSec Application Migration Webinar
AlgoSec Application Migration Webinar
 
2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...
 
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentManaging Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
 
Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Security
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinar
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)
 

Similar to Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management

Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
Maytal Levi
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarCisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
Maytal Levi
 
Adaptive Security and Incident Response - A Business-Driven Approach
Adaptive Security and Incident Response - A Business-Driven ApproachAdaptive Security and Incident Response - A Business-Driven Approach
Adaptive Security and Incident Response - A Business-Driven Approach
AlgoSec
 
DEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIsDEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIs
Cisco DevNet
 
Selecting the right security policy management solution for your organization
Selecting the right security policy management solution for your organizationSelecting the right security policy management solution for your organization
Selecting the right security policy management solution for your organization
AlgoSec
 
How to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud SecureHow to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud Secure
Cprime
 
Cisco application infrastracture controller (apic) billyjones
Cisco application infrastracture controller (apic) billyjonesCisco application infrastracture controller (apic) billyjones
Cisco application infrastracture controller (apic) billyjones
Billy jones Monarquia
 
Cisco at VMworld 2015 - Cisco UCS as the Foundation for Software-Defined Data...
Cisco at VMworld 2015 - Cisco UCS as the Foundation for Software-Defined Data...Cisco at VMworld 2015 - Cisco UCS as the Foundation for Software-Defined Data...
Cisco at VMworld 2015 - Cisco UCS as the Foundation for Software-Defined Data...
ldangelo0772
 

Similar to Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management (20)

Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarCisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
 
Adaptive Security and Incident Response - A Business-Driven Approach
Adaptive Security and Incident Response - A Business-Driven ApproachAdaptive Security and Incident Response - A Business-Driven Approach
Adaptive Security and Incident Response - A Business-Driven Approach
 
CL2015 - Datacenter and Cloud Strategy and Planning
CL2015 - Datacenter and Cloud Strategy and PlanningCL2015 - Datacenter and Cloud Strategy and Planning
CL2015 - Datacenter and Cloud Strategy and Planning
 
Design and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use CasesDesign and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use Cases
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
 
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper dive
 
Partnership to Capture Indonesia ERP Cloud Trend Opportunities
Partnership to Capture Indonesia ERP Cloud Trend OpportunitiesPartnership to Capture Indonesia ERP Cloud Trend Opportunities
Partnership to Capture Indonesia ERP Cloud Trend Opportunities
 
DEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIsDEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIs
 
Cisco at v mworld 2015 ravi_vmworldtheater2015
Cisco at v mworld 2015 ravi_vmworldtheater2015Cisco at v mworld 2015 ravi_vmworldtheater2015
Cisco at v mworld 2015 ravi_vmworldtheater2015
 
Selecting the right security policy management solution for your organization
Selecting the right security policy management solution for your organizationSelecting the right security policy management solution for your organization
Selecting the right security policy management solution for your organization
 
Mass Scale Networking
Mass Scale NetworkingMass Scale Networking
Mass Scale Networking
 
How to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud SecureHow to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud Secure
 
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
 
Cisco application infrastracture controller (apic) billyjones
Cisco application infrastracture controller (apic) billyjonesCisco application infrastracture controller (apic) billyjones
Cisco application infrastracture controller (apic) billyjones
 
Cisco at VMworld 2015 - Cisco UCS as the Foundation for Software-Defined Data...
Cisco at VMworld 2015 - Cisco UCS as the Foundation for Software-Defined Data...Cisco at VMworld 2015 - Cisco UCS as the Foundation for Software-Defined Data...
Cisco at VMworld 2015 - Cisco UCS as the Foundation for Software-Defined Data...
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
 
PSOIOT-1151.pdf
PSOIOT-1151.pdfPSOIOT-1151.pdf
PSOIOT-1151.pdf
 
Cisco Connect 2018 Thailand - Secure, intelligent platform for the digital bu...
Cisco Connect 2018 Thailand - Secure, intelligent platform for the digital bu...Cisco Connect 2018 Thailand - Secure, intelligent platform for the digital bu...
Cisco Connect 2018 Thailand - Secure, intelligent platform for the digital bu...
 

More from AlgoSec

Radically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertificationRadically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertification
AlgoSec
 
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
AlgoSec
 
Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time
AlgoSec
 

More from AlgoSec (7)

Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
 
Radically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertificationRadically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertification
 
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
 
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
 
Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
 
2018 07-24 network security at the speed of dev ops - webinar
2018 07-24 network security at the speed of dev ops - webinar2018 07-24 network security at the speed of dev ops - webinar
2018 07-24 network security at the speed of dev ops - webinar
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Recently uploaded (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 

Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management

  • 1. Cisco ACI and your entire hybrid network Breaking down the Silos with Holistic Central Policy Management Yonatan Klein Director, Product Management
  • 2. POLL #1: HOW MANY CISCO TECHNOLOGIES DO YOU RUN IN YOUR DATA CENTERS? (FIREWALLS, ROUTERS, ACI SDN, TETRATION, ISE ETC.) Please vote using the “Votes from Audience” tab in your BrightTALK panel 2 • None • 1 • 2-4 • More than 5
  • 3. WELCOME Have a question? Submit it via the chat tab or email us: This webinar is being recorded! The recording will be emailed to you after the webinar And the slides will be available in the attachments tab Follow AlgoSec online ! 3 marketing@algosec.com
  • 4. Risky & Compliance Policy visibility AlgoSec and Cisco ACI AGENDA AlgoSec Background Case Study Network-wide change automation Consider also service graphs AlgoSec and Tetration
  • 5. Founded 2004 1800+ Enterprise Customers Serving 20 of the Fortune 50 24/7 Support via 3 Global Centers Passionate about Customer Satisfaction 5 CORPORATE OVERVIEW 2 | Confidential
  • 6. 6 | Confidential AlgoSec enables companies to align security with their business processes Business-driven Agility Business-driven Visibility Business-driven Security BUSINESS DRIVEN SECURITY MANAGEMENT
  • 7. Business-Driven Security Business-Driven Agility Business-Driven Network Security Policy Management Unified Visibility Across Cloud, SDN & On-Premise Enterprise Networks BUSINESS-DRIVEN SECURITY MANAGEMENT USE CASES 7 Auditing & Compliance Risk Management Business Continuity Cloud Security Change Management Incident Response DevOpsMicro- Segmentation Digital Transformation
  • 8. Integrate Business Process For a complete list of supported devices visit www.algosec.com Manage ACI
  • 9. Risky & Compliance Policy visibility AlgoSec and Cisco AGENDA AlgoSec Background Case Study Network-wide change automation Consider also service graphs AlgoSec and Tetration
  • 10. SUPERIOR SUPPORT FOR CISCO DEVICES • Existing • Security: ASA, FirePOWER • Networking: IOS, Nexus • Private Cloud: ACI • SD-Access: ISE • Discovery: Tetration 10 | Confidential STRONG PARTNERSHIP • Synergetic use-cases • ACI adoption • Tetration value proposition • Technical cooperation • Business cooperation FOCUS ALGOSEC CISCO FOCUS
  • 11. 11 | Confidential CHALLENGES CUSTOMERS ARE FACING WHY ALGOSEC FOR CISCO ACI Cisco Application Centric Infrastructure (ACI) facilitates application agility and data center automation. This SDN architecture integrates physical and virtual environments, both on-premises and on multiple public clouds, under one policy model for networks, servers, storage, services, and security. “ “
  • 12. BUT CISCO ACI IS ALREADY SDN, WHY DO WE NEED ALGOSEC? 12 | Confidential
  • 13. ALGOSEC MANAGES THE HYBRID NETWORK 13 Confidential ACI Data Center Data Center FWs (L4-L7 services) • Visibility & Compliance • Automatic Provisioning • Business Applications Perimeter & Upstream FWs
  • 14. POLL #2: WHAT IS YOUR MOST CRITICAL CHALLENGE WITH MANAGING NETWORK SECURITY? Please vote using the “Votes from Audience” tab in your BrightTALK panel 14 • Lack of overall visibility • Missing qualified personnel (too many platform to manage) • Hard to keep up with SLA to stake holder requests • Maintenance and cleanup of policy
  • 15. ALGOSEC OFFERING – APPLIED TO Significantly simplify and reduce audit preparation efforts and costs - supports all the industry regulatory standards Security policy visibility across the entire network, including Cisco ACI Automated security policy change management for multi-vendor devices across the entire estate, including policy push Risk and compliance analysis for Cisco ACI contracts alongside firewall security policies
  • 16. Risky & Compliance Policy visibility AlgoSec and Cisco AGENDA AlgoSec Background Case Study Network-wide change automation Consider also service graphs AlgoSec and Tetration
  • 18. POLICY VISIBILITY – ACROSS THE DATA CENTER 18 |
  • 19. TRACK AND IDENTIFY CHANGES (INCL. OUT OF BAND) 19 |
  • 20. Risky & Compliance Policy visibility AlgoSec and Cisco AGENDA AlgoSec Background Case Study Network-wide change automation Consider also service graphs AlgoSec and Tetration
  • 21. • Continuous visibility to the network risk posture of your ACI fabric • Group reporting for the security posture of the entire network • Based on the organization’s Risk Profile • Regulatory Compliance (e.g., PCI, GDPR) • C-Level charts and dashboards • What-if risk analysis to avoid new risks during change management RISK AND COMPLIANCE ASSESSMENT 21
  • 22. REPORT PER TENANT OR GROUP REPORT 22 |
  • 25. IDENTIFY THE RISKY RULES 25 |
  • 27. 27 | Confidential Validate the change Map devices in path Check for risk involved Plan the Rules Implement the change on the devices CHANGE AUTOMATION Request a network change
  • 28. IT ALL STARTS WITH A BUSINESS APPLICATION 28 |
  • 30. WE DEFINE A NEW FLOW WITH A NEW NETWORK OBJECT 30 |
  • 31. STEP 1: A NEW CHANGE REQUEST TO ALLOW THIS FLOW 31 |
  • 32. STEP 2: IDENTIFY DEVICES IN THE PATH 32 |
  • 33. STEP 2: IDENTIFY DEVICES IN THE PATH 33 |
  • 34. STEP 3: RISK CHECK Risk check • Best practice (out of the box risks) • Customer defined network sermentations CHANGE
  • 35. STEP 4: DESIGN THE RULE POLICY 35 |
  • 36. STEP 5: IMPLEMENT ON DEVICE 36 |
  • 37. LET’S REVIEW THIS WITHIN ACI GUI 37 |
  • 38. LET’S REVIEW THIS WITHIN ACI GUI 38 |
  • 39. Risky & Compliance Policy visibility AlgoSec and Cisco AGENDA AlgoSec Background Case Study Network-wide change automation Consider also service graphs AlgoSec and Tetration
  • 40. POLL #3: DO YOU EMPLOY A MICROSEGMENTATION STRATEGY? Please vote using the “Votes from Audience” tab in your BrightTALK panel 40 • Yes, our datacenters are already designed with microsegmentation filtering • We have plans to introduce a microsegmentation design • This is not planned, we keep perimeter firewalls only
  • 41. SERVICE GRAPH – DEVICES IN PATH 41 |
  • 42. SERVICE GRAPHS IN ACI Challenge: provision ALL relevant security controls 42 | “Cisco designed the service graph technology to automate the deployment of an L4-L7service in the network. Cisco ACI doesn’t provision the L4-L7 device itself, but it can configure it as part of the same configuration that creates tenants, bridge domains, and Endpoint Groups (EPGs).”
  • 43. SGR SUPPORT- IDENTIFYING RELEVANT DEVICES 1. An ACI tenant found relevant for the requested traffic 2. Two firewalls automatically added by customizable logic as they are part of an SGR defined on the ACI tenant found below
  • 44. 44 | Confidential CHALLENGES CUSTOMERS ARE FACING ALGOSEC & CISCO TETRATION Cisco Tetration offers holistic workload protection for multicloud data centers by enabling a zero-trust model using segmentation. This approach allows you to identify security incidents faster, contain lateral movement, and reduce your attack surface. Tetration's infrastructure-agnostic approach supports both on- premises and public cloud workloads. “ “
  • 45. ALGOSEC & TETRATION – JOINT SOLUTION Green field (Micro-segmentation) • Discover application connectivity and dependencies • Risk and compliance analysis • Generate optimized micro- segmentation security policies • Push policies to various security devices (firewalls, SDN, end-point) • Extend Tetration’s enforcement to network security devices • Automatically map business applications to underlying network security infrastructure • Business-driven risk, vulnerability and compliance analysis as well as policy management and rule cleanup Unique! Ongoing + Brown field
  • 46. SOLUTION FLOW Business Flow FireFlow Single pane of glass End-to-end automation Continuous compliance Business context Push to Devices
  • 47. Risky & Compliance Policy visibility AlgoSec and Cisco AGENDA AlgoSec Background Case Study Network-wide change automation Consider also service graphs AlgoSec and Tetration
  • 48. Data Center ACI SOLUTION OVERVIEW – LARGE EUROPEAN BANK  Visibility  Automatic Provisioning  Business Context Perimeter & Upstream FWs Data center firewalls (East-West filtering) • Tetration performs application dependency mapping • AlgoSec automatically updated and generates security policy • AlgoSec automatically creates Cisco ACI contracts and updates relevant Fortinet firewall policies in data center • AlgoSec automatically updates perimeter & upstream firewalls as needed
  • 49. 49 | TAKEAWAYS AlgoSec focus on Cisco technology This means AlgoSec maintains market leadership in Cisco support Micro-Segmentation is key to tight network security Tetration and AlgoSec help with micro-segmentation design and provisioning SDN does not mean all your problems are gone AlgoSec considers connectivity of your SDN to rest of the network; assures security AlgoSec’s Cisco support isn’t just about Firewalls Also Cisco ACI, Routers, identity and more
  • 51. Connect with AlgoSec Where You Are Q&A 51 Send us your questions Request a Free Evaluation: marketing@algosec.com youtube.com/user/AlgoSec linkedin.com/company/AlgoSec facebook.com/AlgoSec twitter.com/AlgoSec www.AlgoSec.com/blog
  • 52. UPCOMING WEBINARS • Aug 6 Putting the “NetSec” into DevOps with Network Security Automation • Aug 13 What to ask before choosing a Network Security Management Solution • Sept 26 Microsegmentation
  • 53. THE PREMIER EVENT FOR ALGOSEC CUSTOMERS & CHANNEL PARTNERS 53 Australia – September Dallas, TX – October 21-24 2019 www.algosec.com/algosummit
  • 54. THANK YOU! Contact us: marketing@algosec.com

Editor's Notes

  1. In the previous slide it seemed like cisco was yet another device. We are going to speak about why it’s more than that.
  2. Here’s a bit about our organization, we’ve been around since 2004, since then we’ve created a worldwide name for ourselves as leaders in both technology and in customer satisfaction, its not a coincidence that 20 of the fortune 50 companies are Algosec customers.
  3. So what is this unique Algosec product you’ve been hearing about? Network security is often seen as a burden, being extremely complex and taking up a lot of time, this can hurt a business trying to keep with the speed of the market but also wanting to keep the security at the highest level. Algosec can assist you in enhancing your organizations security, by automatically assessing vulnerabilities, managing compliance and prioritizing rules. By automatically enhancing your security, this will allow you organization the agility and speed it needs to not be held up by security.
  4. I am guessing that you are all familiar with this slide showing the wide support we have of various network devices and technologies. <click> We see here two instances of Cisco, and this is what we areoing to talk about today. <click>
  5. So Cisco is a focus area for AlgoSec. As Cisco is such a dominant vendor for networking in general and inside the data center in specific. There is actually quite a large set of Cisco devices and technology that AlgoSec supports. Details … <click> Another reason for this focus is the fact that we have a very strong partnership with Cisco. We identified mutually synergetic use cases that help with ACI adoption, with increasing the Tetration value proposition. So it’s a two way street. There is a strong technical cooperation that means we can get information ahead of releases and close support in everything we do. And we also cooperate on the business level.
  6. Cisco ACI is based on an acquisition that provides Software Defined Networking solution based on Cisco network elements (leaf switches and others). Neat capabilities: Ability to define contracts (rules) without considering the underlying network Ability to define service graphs – determine that specific network traffic would go through network services such as filtering, DLP, optimization and more.
  7. This is how the ACI GUI looks like. And this is “software defined” so you can define new “contracts” or rules and apply them to the ACI fabric keeping the intent in mind rather than the physical elements and routes. So … one may ask – why do we need AlgoSec? This is automation ready, this is centrally managed, right?
  8. The truth is simply – that the hybrid network is much more complex than that. Data Center firewalls – some managed by the ACI and some aren’t Public Cloud security controls – cloud native security controls (security groups, NACLs etc.) and virtual traditional firewalls Previous comments customers can now process and apply security policy changes quickly, assess and reduce risk, ensure compliance and maintain a strong security posture across their entire environment – thereby rapidly realizing the full potential of their Cisco ACI deployment. Reduces the time and effort through automation – making sure things are in sync Mention inside and outside the data center Single place to see all your stuff – end-to-end Continuous compliance
  9. customers can now process and apply security policy changes quickly, assess and reduce risk, ensure compliance and maintain a strong security posture across their entire environment – thereby rapidly realizing the full potential of their Cisco ACI deployment. Mention inside and outside the data center Single place to see all your stuff end-to-end Continuous compliance
  10. In this example we can see we have a group of devices here we decided to name DC SF. It can include the ACI fabric as well as additional devices. If we want to see all the network security rules associated with a subnet in this data center we can easily search and find matching rules with objects (EPG)s that includes this subnet – both in the ACI fabric as well as in other devices like this Fortinet device we see here.
  11. In the changes tab we can track/audit changes both in the ACI fabric itself as well as in other network devices. This can help us make sure there are no out of band unauthorized changes.
  12. Continuous visibility - Includes both the risk and the underlying contracts that triggered it Risk Profile – allowing the security admin to define the network segmentation and what traffic is allowed between every two segments. Once defined, the AlgoSec simulates the traffic through the security control and flags the violations to these definitions Regulatory Compliance – OOB ready compliance reports for every security control, detailing its compliance to every relevant article of various regulatory standards C-Level charts and dashboards - to track risk and compliance levels over time Data and reports are exportable and available via APIs.
  13. Here we can see the overall security raring of a device as well as changes to risk over time
  14. Drilling in we can see the list of risks,
  15. We can drill into a risk to see – it means we have HTTP connections entering our network, which is not advised
  16. Further drill down allows us to see the specific rule that allows this traffic, so we can optionally make adjustments
  17. We also have automated regulatory compliance reports, in this case a PCI report (payment card industry regulation) , we can see both an overall compliance score as well as specific pass/fail for each compliance item
  18. Devices in path – includes devices defined in a service graph. Implement change on the ACI fabric – including ACI specific provisioning
  19. In this simple applications we can see the network flows that are required by this application. In this case – flows to the payment server.
  20. Now let’s assume we want to allow traffic from a partner’s network – a consultant – to our payment server. We are adding a new flow and call it “consultants to payment server”. The destination object “payment processing” is an already existing EPG and we enable selection from a drop down list. The source is unknown yet, so we want to create a new object/new EPG; we want to create this EPG and allow the flow.
  21. Once the flow was defined in ABF, we automatically open a new change request so this change can be processed in a way that is both secure and documented.
  22. In the initial plan stage AlgoSec will use it’s network map model to find all the relevant devices in the path. In this case we see we have found two relevant devices in the path: a Juniper firewall that already allows the traffic and the target is within the ACI fabric and currently access to it is blocked. So we need to create a new contract to allow this traffic.
  23. In the initial plan stage AlgoSec will use it’s network map model to find all the relevant devices in the path. In this case we see we have found two relevant devices in the path: a Juniper firewall that already allows the traffic and the target is within the ACI fabric and currently access to it is blocked. So we need to create a new contract to allow this traffic.
  24. The next step in the automation process is a risk check. Before implementing the change, AlgoSec will tell us if it includes any risk. So this is an example of how risks are presented. There are two types of risks: - Default out of the box risks- based on best practice as well network segmentation that the network admin or security specialist can define.
  25. So after we have approved the change request we can not go to implementation. Fireflow suggests we do two things: Create a new EPG object Create a new contract that includes this EPG. We can see here the consumer EPG and provider EPG to be used, this is similar to src/dst in other network security controls We also may define a service graph based on logic we pre-configured. We will talk about service graph more in a minute.
  26. Here we can see the successful; completion report.
  27. In ACI we would be able to see that a new EPG is created, it is attached to the most appropriate bridge domain
  28. And a new contract is created that connects the consultant network to the payment processing server
  29. What this long passage means is Cisco Tetration basically has two parts: end-point protection: can act as sensor for traffic analysis and perform filtering. central analytics tool that enables identifying application flows and set central policies.
  30. So here is what the joint solution of Cisco Tetration and AlgoSec can do for you: In a green field:…. In brown field, which may be a case that Tetration was already deployed or growth from a green field situation: we can extend the enforcement to not only Tetration endpoints but other network security devices, including ACI We automate the mapping of business applications to the network security infra And from that point we can leverage AlgoSec to manage network security – with the business driven context. Including of risk analysis, vulnerabilities, compliance and rule cleanup.
  31. Collateral: Tetration: https://www.algosec.com/wp-content/uploads/2019/04/Cisco-Tetration-Analytics-and-AlgoSec.pdf ACI: https://www.algosec.com/wp-content/uploads/2016/11/161101_algosec_solution_overview_c22-738043.pdf Solution brief: https://www.algosec.com/wp-content/uploads/2017/01/170108_algosec_cisco_solution_brief.pdf Videos: AlgoSec and Cisco ACI: https://www.youtube.com/watch?v=km1vh_I4BVc AlgoSec and Tetration: https://www.youtube.com/watch?v=Co5RCmCjYXE Designated Webpage: https://www.algosec.com/cisco-algosec/
  32. Seed Questions - How do you connect to the APIC? Using what API? What if I already have existing EPGs defined in my ACI? Will you always define new ones? Do you support multi site ACI deployments? What do I need to do to integrate ACI with algosec
  33. And, before we part – AlgoSummit and Upcoming webinars
  34. And, before we part – AlgoSummit