The document discusses Cisco's next-generation firewall (NGFW) and its integration with AlgoSec's security policy automation. It outlines Cisco's integrated security portfolio including the Firepower NGFW. It then discusses how AlgoSec provides automation for balancing security and business agility through responsible automation of risk analysis, compliance, policy optimization, and change management. Key capabilities covered include automating the migration of policies from Cisco ASA to Firepower NGFWs.

1. ALGOSEC OVERVIEW
AND INTEGRATION
WITH CISCO
Doug Hurd
Security Technical
Alliances Cisco
Yonatan Klein
Director of Product Management
AlgoSec

2. WELCOME
Have a question? Submit it via the chat tab or email us:
This webinar is being recorded!
The recording will be emailed to you after the webinar
And the slides will be available in the Attachments tab
Follow us online !
2
marketing@algosec.com

3. AGENDA
3
Cisco Firepower benefits
Cisco security operation automation
Cisco’s integrated security portfolio
The balancing act: security and agility
Responsible Automation:
• Risk analysis and auditing
• Regulatory compliance
• Policy optimization
Automated Change management
Migration to Firepower
01
02
03
04
05
06
07

4. © 2018 Cisco and/or its affiliates. All rights reserved.© 2018 Cisco and/or its affiliates. All rights reserved.
Prevent breaches
automatically to keep
the business moving

5. © 2018 Cisco and/or its affiliates. All rights reserved.
Save time and work smarter with Cisco NGFW automation
Policy
Automated policy application and enforcement frees up time so you can focus on high priority items
IPSTuning
Automatic IPS tuning blocks more threats and reduces the volume of alerts
PrioritizedThreats
Prioritized threat alerts show you where to focus on what matters most
IntegratedTools
Cisco’s integrated security tools share and correlate data automatically to see and stop threats

6. C96-7396971-00 © 2018 Cisco and/or its affiliates. All rights reserved.
OpenAppID
Application Visibility & Control
Provide next-generation visibility into app usage
See and understand risks Enforce granular access control Prioritize traffic and limit rates Create detectors for custom apps
Cisco database
• 4,000+ pre-defined
apps
Network & users







1
2
Prioritize traffic

7. C96-7396971-00 © 2018 Cisco and/or its affiliates. All rights reserved.
Cisco NGFW overview
You can complement and strengthen your security portfolio with a Cisco® NGFW. The Cisco NGFW helps you
prevent breaches, get deep visibility to detect and stop threats fast, and automate your network and security
operations to save time and work smart.
Leader in the 2018 Gartner MQ
Time to detection of a
successful breach
Savings from
security automation
Cisco
~4.6 hours
Industry
~100 Days
Source: 2018 Cisco CyberSecurity Report
First year
$184K
Read the Report

8. © 2018 Cisco and/or its affiliates. All rights reserved.
Better protection
Automation Save time See more
Detect faster
AMP for
Endpoints
Stealthwatch
Meraki
Tetration
Web
Security
Email
Security
Secure
SD-WAN/Router
Identity
Services
Engine
Umbrella
Catalyst / Nexus /
Meraki MS/MR
Firepower NGFW
CloudLock

9. C96-7396971-00 © 2018 Cisco and/or its affiliates. All rights reserved.
Cisco Threat Intelligence Director
Integrate third-party security intelligence
Firepower Management
Center
Ingest Security
Intelligence
Generate Rich Incident
Reports
Correlate Observations Refine Security Posture
Ingest Observables
Cisco Security Sensors
•Firepower NGFW
•FirePOWER NGIPS
•AMP
Threat Intelligence
Director
CSV
Events

10. 10
POLL #1
Which type of Cisco NGFW do you currently have?
 Cisco ASA
 Cisco Firepower
 Mix/in transition
Please vote using the “Votes“ tab

11. AGENDA
11
Cisco Firepower benefits
Cisco security operation automation
Cisco’s integrated security portfolio
The balancing act: security and agility
Responsible Automation:
• Risk analysis and auditing
• Regulatory compliance
• Policy optimization
Automated Change management
Migration to Firepower
01
02
03
04
05
06
07

12. STAKE HOLDERS REQUIRE: RUN FASTER
• Constant demand for higher business agility
• Technology enablers (DevOps, cloud, SDN)
• Deliver in minutes/hours, not weeks/months
DEV
OPS
PROTECT YOUR NETWORK BETTER!
• Attacks and breaches are constantly on
the rise, more sophisticated
• Security must be stronger and tighter
12
BUT ALSO …

13. THE BALANCING ACT
Security
Business Agility
• Security is left behind,
less strict, less control,
processes not followed
• Audits may fail
• Boardroom unhappy
• Your name on the news
• Full automation
• DevOps and App
developers are happy
13

14. THE BALANCING ACT
Security
Business Agility
• Security processes are
fully retained (clear
policy, approvals, full
documentation)
• Control
• DevOps is “90% automatic”
• Business cannot run fast
• Security is a painful
bottleneck
14

15. THE BALANCING ACT - REALITY
Trying to find the perfect balance:
• Both agility and security are affected
• Constant tension between Security and Apps teams
Security Business Agility
15

16. BUT WHAT IF YOU COULD…
HAVE YOUR
CAKE AND
EAT IT?
16

17. AGENDA
17
Cisco Firepower benefits
Cisco security operation automation
Cisco’s integrated security portfolio
The balancing act: security and agility
Responsible Automation:
• Risk analysis and auditing
• Regulatory compliance
• Policy optimization
Automated Change management
Migration to Firepower
01
02
03
04
05
06
07

18. RESPONSIBLE AUTOMATION
• Risk analysis and auditing automation
• Regulatory compliance automation
• Policy optimization automation
• Most importantly: automated change
management
18

19. 19
POLL #2
How many Cisco network solutions do you currently have (ACI,
Firepower, ASA, Nexus routers, etc.)?
None
1-2
3-4
5 or more
Please vote using the “Votes“ tab

20. AUTOMATION: IN A COMPLEX, HYBRID, HETEROGENOUS ENV.
Data Center
Perimeter & Upstream FWs
Data Center Data Center Data Center
Visibility & Compliance
Automatic Provisioning
Business Applications
20

21. 21
Auditing &
Compliance
Risk
Management
Cloud
Migration
Change
Management
DevOpsMicro-
Segmentation
Digital
Transformation
USE CASES
Firewall Policy
Migration
Policy
Optimization
Business-Driven Security Business-Driven Agility
Business-Driven Network Security Policy Management
Unified Visibility Across Cloud, SDN & On-Premise Enterprise Networks

22. AUTOMATE RISK ANALYSIS
22

23. AUTOMATE REGULATORY COMPLIANCE
23

24. AUTOMATE POLICY OPTIMIZATION
• Based on policy analysis
(e.g. covered rules)
• Based on log analysis
(e.g. unused rules,
unused objects)
24

25. AGENDA
25
Cisco Firepower benefits
Cisco security operation automation
Cisco’s integrated security portfolio
The balancing act: security and agility
Responsible Automation:
• Risk analysis and auditing
• Regulatory compliance
• Policy optimization
Automated Change management
Migration to Firepower
01
02
03
04
05
06
07

26. CHANGE MANAGEMENT AUTOMATION
Automate every step along the change process
Enables zero-touch changes within minutes – business agility
Saves time even when human intervention is required
Avoid typos and mistakes
Full and accurate documentation (for audit, undo change)
26

27. 27
Validate the
change
Map
devices in
path
Check for
risk
involved
Plan the
Rules
Implement
the change
on the
devices
Request a
network
change
MAJOR STEPS IN CHANGE MANAGEMENT

28. AUTOMATION – FIND RELEVANT SECURITY DEVICES
Find which security devices are in the path, and are currently blocking
the requested traffic
• Firewall policies, Router ACLs, Cisco ACI contracts, cloud security groups
28

29. AUTOMATION – RISK CHECK
Define allowed connectivity between zones
• Whatever is not pre-approved – should raise a risk
CHANGE
29

30. AUTOMATION – PLAN CHANGE
• Vendor-specific decisions – choose policy, zones, ACLs, objects
• Implement in an optimal way (avoid rule/object duplications)
• Enforce naming conventions and best practices
30

31. AUTOMATION – PUSH CHANGE TO DEVICE
• Push change to device management (via APIs) or directly to the device
(CLI), as available
REST API
31

32. ADDITIONAL ADVANTAGES OF CHANGE AUTOMATION
32
Hybrid environment
• Virtual / Physical
• Multiple Vendors
• On-prem, Cloud, SDN
Full audit trail –
all changes are fully
documented
Avoid
inconsistent/
contradicting
configurations
All changes go
through a single
process
• Risk checks and
exception
handling
Important:
monitor for out-
of-band changes!

33. 33
POLL #3
Which is your main challenge with security policy management?
Policy optimization maintenance
Meeting SLAs for change requests
Design and provisioning of network segmentation
Risk analysis and Auditing
Please vote using the “Votes“ tab

34. 34
Start lean- keep only practical
rules and objects
Migration is secure and
audited
Migrate from any firewall
policy to FTD
MIGRATION TO FIREPOWER OVERVIEW

35. CISCO ASA TO FIREPOWER MIGRATION
35
Onboard source
firewall (ASA or
others) and
FMC as
destination
Remove risky
Rules: tighten
security
Automatic reports flagging
out risky rules: based on
security best practices as
well as corporate policies

36. RISKY RULES REPORT
36

37. CISCO ASA TO FIREPOWER MIGRATION
37
Onboard source
firewall (ASA or
others) and
FMC as
destination
Remove risky
Rules: tighten
security
Clear policy set:
optimize
Skip Rules that are
“Unused” / “Covered” / Rules
with “Unused objects

38. • Skip Rules that are “Unused” / “Covered” / “Special Case”
• Rules with “Unused objects” (intelligent Policy Tuner)
• Only used objects will be migrated
DON’T MIGRATE USELESS RULES
38

39. DON’T MIGRATE USELESS OBJECTS
39

40. CISCO ASA TO FIREPOWER MIGRATION
40 |
Onboard source
firewall (ASA or
others) and
FMC as
destination
Remove risky
Rules: tighten
security
Clear policy set:
optimize
Import policy
into new device
Export policy
from source
device
Verify policies
and risk status

41. AGENDA
41
Cisco Firepower benefits
Cisco security operation automation
Cisco’s integrated security portfolio
The balancing act: security and agility
Responsible Automation:
• Risk analysis and auditing
• Regulatory compliance
• Policy optimization
Automated Change management
Migration to Firepower
01
02
03
04
05
06
07

42. SUMMARY
42
• Many enterprises upgrade to Cisco Firepower
NGFW which includes Next Gen IPS powered
by Snort and Advanced Malware Protection
(AMP)
• As stakeholders requires faster response
balancing security and agility requires
automation
• AlgoSec provides smart automation for
change management and policy maintenance
• Tighten security and remove unused rules and
objects during policy migration

43. https://www.algosec.com/resources
Whitepaper, Solution Datasheets
Videos and Demos
43

44. Q & A
Submit your questions via the chat
Request a Demo: marketing@algosec.com

45. 45
JOIN OUR COMMUNITY
Follow us for the latest on security policy management trends, tips & tricks,
best practices, thought leadership, fun stuff, prizes and much more!
Subscribe to our YouTube channel for a
wide range of educational videos
presented by Professor Wool
youtube.com/user/AlgoSeclinkedin.com/company/AlgoSec
facebook.com/AlgoSec
twitter.com/AlgoSec
www.AlgoSec.com/blog

46. 46
ALGOSUMMIT
THE PREMIER EVENT FOR
ALGOSEC CUSTOMERS & CHANNEL PARTNERS
Dallas | October 21-24
2019
www.algosec.com/algosummit
UPCOMING WEBINARS
June 12th
Best practices:
Securely managing
application connectivity
June 26th
Joint webinar:
AlgoSec and Fortinet

47. THANK YOU!
Questions
marketing@algosec.com

48. CISCO ASA TO FIREPOWER MIGRATION
48
Onboard source
firewall (ASA or
others) and
FMC as
destination
Remove risky
Rules: tighten
security
Clear policy set:
optimize
Import policy
into new device
Export policy
from source
device
Policy rules are
automatically
created and
pushed to the
device via
ActiveChange
Automatic reports flagging
out risky rules: based on
security best practices as
well as corporate policies