Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Taking the fire drill out of making firewall changes


Published on

Renowned security expert Bruce Schneier said “Complexity is the enemy of security.” But, complexity is common in today’s network security environment with thousands of security access rules, highly connected business critical applications, and lots of firewall changes that must be processed. This presentation examines:

- Why making security changes is so tough
- Critical steps for the an ideal security change workflow
- How to automate the entire firewall change management process

Published in: Technology
  • Be the first to comment

Taking the fire drill out of making firewall changes

  1. 1. How to Take the Fire Drill out of Making Firewall Changes
  2. 2. “Complexity is the worst enemy of security” - Bruce Schneier
  3. 3. • Application Connectivity • Data Center Migration/Consolidation • Decommissioned Applications • M&A • Next-Generation Policies • (External) Applications • Users • Devices • New Threats
  4. 4. This is Not a Formal Policy
  5. 5. Source: The State of Network Security 2013 20.2% 22.1% 54.5% 43.6% 25.8% 16.6% 23.0% 25.2% 32.5% 0% 10% 20% 30% 40% 50% 60% 70% 80% In your organization, an out-of-process change has resulted in... 2012 2013 Application Outage Network Outage Data Breach System Outage Failing an Audit None of the above
  6. 6. 2013Source: The State of Network Security
  7. 7. 30% of Changes Made are Unneeded
  8. 8. “The best way to manage network security operations is to link security and operations through change management and change control, and to supplement and accelerate automation.”
  9. 9. Dissecting the Security Change Workflow
  10. 10. The Security Change Workflow Request Analysis Approval Implementation Design Execution/ Verification Audit the Change Process Recertify Rules Measure SLAsSecurity Operations Compliance Executive Operations 11
  11. 11. Request Analysis • Who can make a request? • Avoiding miscommunication • What can be requested? • Add access • Remove access • Recertify access • Change/Remove objects • Prioritization • Eliminating “already works” • Discovering relevant devices 12
  12. 12. Approval • Risk analysis • Compliance analysis • Legal analysis • Serial vs. Parallel • Escalation • Documentation! 13
  13. 13. Implementation/Design • Create new vs. edit existing • Reusing objects • Testing the new rule • Pushing the new rule 14
  14. 14. Execution/Verification • Verify correct execution • Notify requestor • Request/Change reconciliation 15
  15. 15. Tips to Take the Fire Drill out of Firewall Changes!
  16. 16. “It is especially critical for people to document the rules they add or change so that other administrators know the purpose of each rule and who to contact about them. Good documentation can make troubleshooting easy and reduces the risk of service disruptions that can be caused when an administrator deletes or changes a rule they do not understand.” - Todd, InfoSec Architect, United States 17 Tip 1: Document, Document, Document
  17. 17. “Perform reconciliation between change requests and actual performed changes – looking at the unaccounted changes will always surprise you. Ensuring every change is accounted for will greatly simplify your next audit and help in day-to-day troubleshooting.” - Ron, Manager, Australia 18 Tip 2: Ensure Accountability
  18. 18. 19 Tip 3: Ensure an Application-Centric View • Provide centralized visibility of application connectivity needs • Understand the impact of application changes on the network and vice-versa • Understand firewall rule and application interdependency to safely decommission applications
  19. 19. Your Security Change Management Solution Must: 1. Be firewall-aware 2. Support all firewalls and routers in your network 3. Be topology-aware 4. Integrate with your existing CMS 5. Provide application-level visibility and change impact analysis 6. Easily customize to your business processes 20 Look for these Key Capabilities
  20. 20. Security Change Automation with the AlgoSec Security Management Suite
  21. 21. Security Infrastructure Business Applications Managing Security at the Speed of Business 22 Application Owners SecurityNetwork Operations Faster Security Provisioning for Business Applications Align Teams for Improved Agility and Accountability ROI in less than 1 Year! Gain Total Visibility and Control of your Security Policy AlgoSec Security Management Suite
  22. 22. Security Infrastructure Business Applications The AlgoSec Suite - BusinessFlow 23 Application Owners SecurityNetwork Operations AlgoSec Security Management Suite BusinessFlow Application-Centric Policy Management • Easily provision connectivity for business applications • Improve visibility and application availability • Securely decommission applications • Translate business requirements to underlying policy
  23. 23. Business Applications Security Infrastructure The AlgoSec Suite – Firewall Analyzer 24 Application Owners SecurityNetwork Operations AlgoSec Security Management Suite BusinessFlow Firewall Analyzer Security Policy Analysis • Automate and streamline firewall operations • Ensure a secure and optimized policy • Conduct audits in hours instead of weeks
  24. 24. Business Applications Security Infrastructure The AlgoSec Suite – FireFlow 25 Application Owners AlgoSec Security Management Suite BusinessFlow FireFlow Firewall Analyzer Security Policy Change Automation • Process changes 2x-4x faster • Improve accuracy and accountability • Ensure continuous compliance and security SecurityNetwork Operations
  25. 25. Business Impact 26 Annual Savings Reduction in Auditing Expenses $192,000 Reduction in Change Request Processing Time $180,000 Reduction in Troubleshooting Resolution Time $90,000 Extended Lifespan of Hardware $47,500 Total Annual Savings $509,500 3 Year Savings $1,528,500 Sample Organization • 50 Network Firewalls • Loaded IT cost - $60/hour • 2 changes per firewall per month Generate your own ROI report at
  26. 26. A Real Life, Automated, Firewall Change Workflow
  27. 27. Q&A and Next Steps Download the Security Change Management ebook @ Calculate your potential ROI @ Evaluate the AlgoSec Security Management Suite @ 28
  28. 28. Connect with AlgoSec on: Managing Security at the Speed of Business