Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Intelligent Firewall Management: The Key Ingredient for Network Consolidation Success

1,612 views

Published on

Many organizations are now embarking on large network consolidation projects to enable faster connectivity, consolidate devices, and lower overhead costs. While the business benefits are obvious, the security risks and potential for error is greater than ever.

This presentation will illustrate how one enterprise leveraged advanced security management analytics during a network consolidation project to:

• Optimize large rule-sets across different vendor languages
• Negate network availability and latency issues
• Gain visibility into firewalls throughout the network…and ultimately cut that number in half

You will learn:

• Best practices for sustainable firewall analysis
• The management must-haves for effective firewall management – during network consolidation and beyond
• How to evaluate a change request across multi-vendor devices

Published in: Technology
  • Be the first to comment

Intelligent Firewall Management: The Key Ingredient for Network Consolidation Success

  1. 1. Intelligent Firewall ManagementA Key Ingredient for NetworkConsolidation SuccessMichelle Johnson CobbVP MarketingSANS WebcastMay 23, 2012
  2. 2. Skybox Security Overview© 2012 Skybox Security• Proven deployments in complex networks• Financial Services, Government, Defense, Energy &Utilities, Retail, Service Providers, Manufacturing, TechGlobal 2000 Customers• 85% growth in 2011• 300 customers in 32 countriesAccelerating Rapidly2• Automated Firewall Management• Continuous Network Compliance and Modeling• Risk and Vulnerability ManagementLeader in Security Risk Management Solutions
  3. 3. High Performing OrganizationsChoose Skybox Security© 2012 Skybox SecurityFinancialServicesServiceProvidersEnergy &UtilitiesGov &DefenseOthers3
  4. 4. Webcast Agenda• Complexity Drives Consolidation• Firewall Consolidation Challenges• Case Study: Global Manufacturer• Simplifying Firewall Consolidation• Best Practice Firewall Management• Data Normalization• Configuration Compliance• Change Control• Optimization• Open API• Choosing the Right FirewallManagement Tool
  5. 5. Network Complexity and Scale isa Huge ChallengeEnterprise network• 55,000 nodes• 300 firewalls• 25,000 rules• 65 networkchanges/day• 10,000 daily reportedvulnerabilities© 2012 Skybox Security 5
  6. 6. Heterogeneous NetworksMean Multiple Device Languages© 2012 Skybox Security 6
  7. 7. Hard to Manage and Troubleshoot• Time consuming to identifyroot cause of security oraccess issues• Unchecked rulesets impactperformance• Firewall and network policyoverlaps and unused rules• Redundant devicefunctionality – but where?7
  8. 8. Security ChallengesOutpace Ability to Execute• Fast growth andchanges• BYOD, cloud,virtualization challenges• Continuous threats• Network and securityanalysis complicated• Security team can’tkeep up!• Can you achieve a 16Ximprovement in 4years?© 2012 Skybox Security 80204060801001201402009 2010 2011 2012 2013 2014SecuritychallengesAbility to execute
  9. 9. Case Study: Network SecurityConsolidation ProjectThe SituationThe MissionGlobalBrewery• Improve visibility of the interaction between networkinfrastructure, security controls and policies•Use this knowledge to optimize and consolidate the networksecurity infrastructure•Reduce latency, improve security, reduce management costs• Numerous daily network changes• Large rulesets affecting performance• 70+ locations• 60 firewalls• Numerous acquisitions increased network complexity• Business services to some locations were disrupted bylatency issues• Excessive time to traverse multiple firewalls
  10. 10. Case Study: ResultsThe SolutionVerified ResultsGlobalBrewery• Eliminated 20% of firewalls• Reduced rulesets by 80%• Cut roundtrip latency by 50%• Easier to manage, reduced risk level• Skybox Security for• Firewall policy analysis• Ruleset optimization• Network visibility• Network and risk modeling and simulation• Access path analysis
  11. 11. Simplifying Firewall ConsolidationHelp us visualize andanalyze the situationIdentify options to optimizefirewalls and rule setsWill changes break servicesor cause security holes?
  12. 12. Network Device Visualization andAnalysisHelp us visualize andanalyze the situationNetwork modelingFirewall policy analysisConfiguration analysisAccess compliance
  13. 13. Create a Network Model13• Import topology data• Device configs• Routing tables• Automatically create ahierarchical model tree,grouping hosts byTCP/IP network• Add function,location, type• Analyze model to detectmissing info – hosts, ACLs,routing rules for gatewaysNetworkAssuranceNetwork contextis important!
  14. 14. Automating Firewall AnalysisBestPracticePolicyConfigurationRepositoryFirewallsSecurityTeamNetworkOperationsBasicFirewallChecksAccessComplianceAnalysisNormalized Firewall Configuration RepositoryFirewall Analysis WorkflowCorporatePoliciesReports123 4 5Automated Data Collection
  15. 15. Normalize the Firewall Data• Remove vendor-specificlanguage• Consolidated view tocompare results• Use same features acrossall types of firewalls• More efficient analysis
  16. 16. Firewall Policy ComplianceAnalysis• Security best practices• Platform configurationchecks• Basic rule analysis• Syntax• Audit each rule by itself• Not topology awareChangeSeverityModifyParameters
  17. 17. Find all Access Paths• Complete End-to-End path analysis• HighlightingACL’s and routingrules• Supports NAT,VPN, DynamicRouting andAuthenticatedrules17
  18. 18. Determine Rules Allowing Access• Find blockingor allowingdevices• Show rulesinvolved• View routes18
  19. 19. Firewall Optimization and CleanupFirewall performance candegrade over timeToo many rulesRedundant rulesShadowed rulesAutomated analysis can helpyou speed up your firewalls--regardless of vendor languageWhat are best options tooptimize firewalls?
  20. 20. Find Shadowed and RedundantRules• Analysis runs against imported, normalized view offirewall configurations
  21. 21. Rule Usage Analysis• Automatically examine rulebase from firewall logs(LEA, syslog) for:• Unused rules and objects• Partially used rules and objects• Rule and object hit count
  22. 22. Planning Firewall ChangesPreventive - Assess impact of changesbefore deploymentEnsure access to critical servicesTrack changesProcess improvements - change workflowWill changes cause serviceaccess issues or security holes?
  23. 23. Assess Planned Changes inAdvance• “What if” analysis - side by side comparison
  24. 24. Ensure Access to Critical ServicesAccess required:Remote access tobusiness service
  25. 25. Identify Relevant FirewallsAccess requested:Remote access tobusiness serviceFirewall blocksthe desiredaction – changerequiredFirewall allowsthe action – nochange needed
  26. 26. Troubleshoot Potential AccessIssuesAnalyze inaccessible routes- Quickly determine whichfirewalls are blockingaccess- Shows which rules areinvolved on each deviceNetworkAssuranceAccess Analyzer
  27. 27. Verify Access Compliance• Topology intelligence• Use knowledge of what thefirewall is protecting• Allows holistic review ofthe firewall ruleset –including NAT, VPN,routing rules• Better complianceanalysis• PCI DSS• NIST• Custom policies
  28. 28. Track Changes• Maintain history of changes to rules and objects in a normalized view
  29. 29. Requirements for a FirewallManagement Tool• Normalize data• Automate all tasks – data collection, analysis,reporting• Policy compliance analysis• Access analysis and troubleshooting• Find unused rules• Eliminates potential attack scenarios• Optimize the rulebase• Improves firewall performance• Produce reports• Demonstrate compliance on-demand• Documenting changes
  30. 30. Skybox Product Portfolio© 2012 Skybox Security 30Firewall AssuranceAutomated firewallanalysis and auditsChange ManagerComplete firewallchange workflowNetwork AssuranceNetwork compliance andaccess path analysisRisk ControlIdentify exposedvulnerabilitiesThreat ManagerWorkflow to addressnew threats
  31. 31. Questions?Submit a question via chatRemember to select ‘send to Moderators’Or www.skyboxsecurity.com/contact-usThank you!© 2012 Skybox Security 31

×