SlideShare a Scribd company logo

Learn how an app-centric approach will improve security & operational efficiency

Adi Gazit Blecher
Adi Gazit Blecher

This document discusses increasing security maturity through an application-centric approach. It presents a security policy management maturity model with four levels related to network visibility, application mapping, security posture, change management, auditing, decommissioning, and team alignment. Higher levels involve more automated, continuous processes. Understanding application architecture and autodiscovering applications is key to advancing through the levels. Risk identification and application migrations can then be managed more securely.

Technology
1 of 42
Download to read offline
INCREASE YOUR SECURITY MATURITY THROUGH AN APPLICATION CENTRIC APPROACH Joe DiPietro
AGENDA • The Security Policy Management Maturity Model • Understanding Application Architecture • Autodiscovery for Applications and their Connectivity • Identifying Risk Within Applications • Migrating Applications to a New Data Center
THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Application to security mapping Security policy posture Security change management Network infrastructure auditing Secure decommissioning of application connectivity Alignment betweensecurity, network and service delivery teams 3 | Confidential Level 1 Level 2 Level 3 Level 4 Understanding the components of the Security Policy Management Maturity Model Increasing maturity
THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Application to security mapping Security policy posture Security change management Network infrastructure auditing Secure decommissioning of application connectivity Alignment between security, network and service delivery teams 4 | Confidential •Live and dynamically updated map •Network and Security view
THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Application to security mapping Security policy posture Security change management Network infrastructure auditing Secure decommissioning of application connectivity Alignment between security, network and service delivery teams 5 | Confidential •Application Documentation •Integrated Risk and Change Mgt View •Business Impact Be prepared for Software Defined Networks (SDN) such as Cisco ACI (Application Centric Infrastructure)
THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Application to security mapping Security policy posture Security change management Network infrastructure auditing Secure decommissioning of application connectivity Alignment between security, network and service delivery teams 6 | Confidential •Continuous compliance procedures •Compliance score •Security policy risks •Application risk
THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Application to security mapping Security policy posture Security change management Network infrastructure auditing Secure decommissioning of application connectivity Alignment between security, network and service delivery teams 7 | Confidential •Automated process •Segregation of duties •Embedded risk checks Plan Approve ImplementValidate Close Request 1 2 3 4 6 5 2 Notify Requester Each Firewall Policy is automatically analyzed to see if request is already allowed 3 4 •Add a new rule? •Modify an existing rule? •Create new objects? •Automatically document the rule change 5 6 Automatic “Push” to reduce misconfigurations
THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Application to security mapping Security policy posture Security change management Network infrastructure auditing Secure decommissioning of application connectivity Alignment between security, network and service delivery teams 8 | Confidential •Understand what changed, and who did it •Don’t forget about changes in risk •Look at the big picture •Have granular audit details
THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Application to security mapping Security policy posture Security change management Network infrastructure auditing Secure decommissioning of application connectivity Alignment between security, network and service delivery teams 9 | Confidential •Reduce complexity •Map applications and automate the process •Security policy bloat over time •Have a process to decommission Start the decommission process when you first make the request with “rule re-certification”! Please decommission this application! Legacy WebAccess Application #6757 Firewall Change Request to remove WebAccess application
THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Application to security mapping Security policy posture Security change management Network infrastructure auditing Secure decommissioning of application connectivity Alignment betweensecurity, network and service delivery teams 10 | Confidential •Common goals for the business •Application alignment between groups •More agile •Reduce risk The back and forth exchange to clarify information can add days into a single security policy change request! Collaboration can occur when each party sees the information in their native language Service delivery Networking Security Different views of the same application
11 | Confidential THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Static map (E.G. Visio) Map updated periodically Live map Live map across on premise, SDN and cloud Application to security mapping None Application architecture documented Application Risk identified within all app components App connectivity changes seamless integrated with Security Processes Security policy posture Poor Fair Good Excellent Security change management Manual. Error-prone Mostly manual. Some errors. Mostly automated. Few errors Automated policy push Virtually error-free Network infrastructure auditing Manual. Costly. Some automation. Costly. Automated and continuous Automated and continuous Secure decommissioning of application connectivity Never Rare Occasional Always Alignment betweensecurity, network and service delivery teams Poor Fair Good DevSecOps Level 1 Level 2 Level 3 Level 4
12 | Confidential THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Static map (E.G. Visio) Map updated periodically Live map Live map across on premise, SDN and cloud Application to security mapping None Application architecture documented Application Risk identified within all app components App connectivity changes seamless integrated with Security Processes Security policy posture Poor Fair Good Excellent Security change management Manual. Error-prone Mostly manual. Some errors. Mostly automated. Few errors Automated policy push Virtually error-free Network infrastructure auditing Manual. Costly. Some automation. Costly. Automated and continuous Automated and continuous Secure decommissioning of application connectivity Never Rare Occasional Always Alignment betweensecurity, network and service delivery teams Poor Fair Good DevSecOps Level 1 Level 2 Level 3 Level 4 If we understand the application architecture and how it traverses the network, we can dramatically increase our maturity in these areas and be prepared for Software Defined Networks (SDN) such as Cisco ACI (Application Centric Infrastructure)
13 | Confidential THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Static map (E.G. Visio) Map updated periodically Live map Live map across on premise, SDN and cloud Application to security mapping None Application architecture documented Application Risk identified within all app components App connectivity changes seamless integrated with Security Processes Security policy posture Poor Fair Good Excellent Security change management Manual. Error-prone Mostly manual. Some errors. Mostly automated. Few errors Automated policy push Virtually error-free Network infrastructure auditing Manual. Costly. Some automation. Costly. Automated and continuous Automated and continuous Secure decommissioning of application connectivity Never Rare Occasional Always Alignment betweensecurity, network and service delivery teams Poor Fair Good DevSecOps Level 1 Level 2 Level 3 Level 4 If we understand the application architecture and how it traverses the network, we can dramatically increase our maturity in these areas and be prepared for Software Defined Networks (SDN) such as Cisco ACI (Application Centric Infrastructure) As well as increase our business agility!
BUSINESS APPLICATION ARCHITECTURE • One of the biggest challenges in IT is to understand application architectures • Just like security, networking, and other IT components, they can be complex • There are many different components, and here’s a simplified view • Browsers (IE, Chrome, FireFox, etc) • Fat or thick clients (SAP, etc) • Web Servers (Apache, MicroSoft IIS, etc) • Middleware (Oracle WebLogic, Fusion, IBM WebSphere, etc) • Database Servers (Oracle, SQL Server, DB2, MongoDB, Hadoop, etc) • If we understand the application architecture then we understand how to secure the environment and create business agility when a change is needed Client Tier Web Tier Business Logic Tier Database Tier
IDENTIFYING BUSINESS APPLICATIONS • How do you get a picture of the application and its components? • Ask the application developer…they will know a few pieces • Ask the sysadmin…he know what software was loaded, but… • Ask the DBA…he just left… • Ask the middleware engineer…They deal with a lot of applications, which one? • Look in the CMDB…this has stale information from 5 years ago… • It’s really hard!! Client Tier Web Tier Business Logic Database Tier
DEFINING THE APPLICATION ARCHITECTURE Obtaining application architecture information • Import DB tables through CSV files • Sensors, Probes or Packet Brokers which get data from: • port mirroring • promiscuous mode on an ESX server • host-based (local) sensor on an application server • data captures in PCAP, TCPDUMP and NetFlow format • Capturing syslog traffic • Existing security policy Let’s look at this one first…
FIREWALL POLICY Identify your application…Like Lotus Notes
FIREWALL POLICY You’ve documented your application!! Information can be pulled from Section Headers, Comment Fields, Object Names, Services, etc
AUTO DISCOVERY OF BUSINESS APPLICATIONS • Another method to consider is “Autodiscovery” • Why? • Because it happens dynamically • You don’t need to rely on tribal knowledge that left the company • The application is comprised of many different components that are difficult for one individual to describe for you • Because your applications run your business and if it breaks, you need to figure out where to fix it • It can help you automatically identify changes to the application behavior over time
• Autodiscovery can happen in a variety of forms • The goal is to capture the relevant information in order to build an application diagram DISCOVERING EXISTING APPLICATIONS Easily discover existing application connectivity flows Packet Broker ESX Server Host base sensor On Application Server Now that we have the application described, how can we identify the risks involved with the application?
• How risky is the application? • Overall application • Components of the application • Access to the application • Identifying the application components helps you gain visibility into the risk of the entire application • Measure the risk, just like any other corporate process RISK AND THE APPLICATION
• Applications can have labels and priorities • Application vulnerability scores can be summarized IDENTIFY RISK WITHIN CRITICAL BUSINESS APPLICATIONS
• Application component risk • Applications have many components • Web server • Database server • Middleware • NTP server • DNS • etc • Unscanned servers • You don’t know what kind of risk you have here, or if there is malware on these systems already WHAT OTHER RISKS DO WE HAVE?
• Measuring Risk helps application developers understand security’s view point to help prevent a data breach • Integrate the vulnerability assessment scanning data into the application architecture • Qualys, Rapid 7 and Nessus scanners + more • Helps requestors know what parts of their application are vulnerable to breaches “RISK” CAN BE ADDED WHEN PERFORMING FIREWALL CHANGE REQUEST • The red highlight critical risk • The yellow highlighted medium risk • The gray identified serves that were not scanned
CONSTANTLY TRY TO IMPROVE YOUR SCORE • By measuring your application risk you can maintain a process to reduce it over time • Certain components of the application will be more critical than others • Prioritize your remediation strategies to accomplish your goals for risk reduction • How risky is it to migrate your application?
MIGRATE APPLICATIONS TO NEW DATA CENTER • Identify Applications • Extract relevant components • Map new IP information • Automatically prepare firewall changes for new connectivity • Implement changes • Decommission old rules
HELP DESK APPLICATION 1. This is the application to migrate 2. Identify the flows 3. Identify the relevant servers 4. Prepare change requests Help Desk Application1 2
MIGRATING THE HELP DESK APPLICATION Extract required servers and prepare them for the planning stage Help Desk Application 3
LETS MIGRATE A SERVER FROM THE APPLICATION
SMS SERVER DC1 HAS A NEW DEFINITION • Understanding the architecture helps you identify what components need to talk to each other • If this server moves to a new location, these flows will be affected
WE We have the server definitions defined, but now we need to update the application
OPEN REQUEST CREATED Updated kicks off an open request to modify application connectivity 4
CHANGE REQUEST IS AUTOMATICALLY PLANNED
RISK CHECKS FOR NEW SERVER MOVE (TO BE APPROVED) This is where we can understand how much risk is introduced by the application move
SECURITY POLICY DETAILS FOR EACH DEVICE (TO BE IMPLEMENTED)
ANOTHER DEVICE IN THE PATH
PROGRESSING ALONG THE PATH
MIGRATION COMPLETE
SUMMARY • Increase your security policy management maturity by mapping your application architecture • This will give you better security visibility and also business agility • Try to progress your maturity in a consistent manner • Include risk analysis for your application visibility • Mapping applications can accelerate your data center and cloud migration goals!! 40 | Confidential
MORE RESOURCES
THANK YOU

Recommended

How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...Adi Gazit Blecher
 
Software-Defined Networking Layers presentation
Software-Defined Networking Layers presentationSoftware-Defined Networking Layers presentation
Software-Defined Networking Layers presentationAbdullah Salama
 
How Network Instruments can help you!
How Network Instruments can help you!How Network Instruments can help you!
How Network Instruments can help you!Tonya Williams
 
CyberReef Offerings
CyberReef OfferingsCyberReef Offerings
CyberReef OfferingsMike Mount
 
World's Largest Space Research Organization Implements OpManager Plus
World's Largest Space Research Organization Implements OpManager PlusWorld's Largest Space Research Organization Implements OpManager Plus
World's Largest Space Research Organization Implements OpManager PlusManageEngine, Zoho Corporation
 
What's new in NetFlow Analyzer 12.2
What's new in NetFlow Analyzer 12.2What's new in NetFlow Analyzer 12.2
What's new in NetFlow Analyzer 12.2ManageEngine, Zoho Corporation
 
IT Operations Management with OpManager
IT Operations Management with OpManagerIT Operations Management with OpManager
IT Operations Management with OpManagerManageEngine, Zoho Corporation
 
5 Ways NCM Can Save You From A Disaster
5 Ways NCM Can Save You From A Disaster5 Ways NCM Can Save You From A Disaster
5 Ways NCM Can Save You From A DisasterManageEngine, Zoho Corporation
 

Recommended

How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...Adi Gazit Blecher
 
Software-Defined Networking Layers presentation
Software-Defined Networking Layers presentationSoftware-Defined Networking Layers presentation
Software-Defined Networking Layers presentationAbdullah Salama
 
How Network Instruments can help you!
How Network Instruments can help you!How Network Instruments can help you!
How Network Instruments can help you!Tonya Williams
 
CyberReef Offerings
CyberReef OfferingsCyberReef Offerings
CyberReef OfferingsMike Mount
 
World's Largest Space Research Organization Implements OpManager Plus
World's Largest Space Research Organization Implements OpManager PlusWorld's Largest Space Research Organization Implements OpManager Plus
World's Largest Space Research Organization Implements OpManager PlusManageEngine, Zoho Corporation
 
What's new in NetFlow Analyzer 12.2
What's new in NetFlow Analyzer 12.2What's new in NetFlow Analyzer 12.2
What's new in NetFlow Analyzer 12.2ManageEngine, Zoho Corporation
 
IT Operations Management with OpManager
IT Operations Management with OpManagerIT Operations Management with OpManager
IT Operations Management with OpManagerManageEngine, Zoho Corporation
 
5 Ways NCM Can Save You From A Disaster
5 Ways NCM Can Save You From A Disaster5 Ways NCM Can Save You From A Disaster
5 Ways NCM Can Save You From A DisasterManageEngine, Zoho Corporation
 
Network Traffic Analysis at a financial institution with 788 branches for 350...
Network Traffic Analysis at a financial institution with 788 branches for 350...Network Traffic Analysis at a financial institution with 788 branches for 350...
Network Traffic Analysis at a financial institution with 788 branches for 350...ManageEngine, Zoho Corporation
 
IT Security: Eliminating threats with effective network & log analysis
IT Security: Eliminating threats with effective network & log analysisIT Security: Eliminating threats with effective network & log analysis
IT Security: Eliminating threats with effective network & log analysisManageEngine, Zoho Corporation
 
When Your App Hits The Highway - NetFlow Analyzer V10 Overview
When Your App Hits The Highway - NetFlow Analyzer V10 OverviewWhen Your App Hits The Highway - NetFlow Analyzer V10 Overview
When Your App Hits The Highway - NetFlow Analyzer V10 OverviewManageEngine, Zoho Corporation
 
OpManager training - Device discovery and classification.
OpManager training - Device discovery and classification.OpManager training - Device discovery and classification.
OpManager training - Device discovery and classification.ManageEngine, Zoho Corporation
 
US based Educational Institution manages 1500 devices using opmanager
US based Educational Institution manages 1500 devices using opmanagerUS based Educational Institution manages 1500 devices using opmanager
US based Educational Institution manages 1500 devices using opmanagerManageEngine, Zoho Corporation
 
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...Stefan Bergstein
 
Case study: Leading legal services firm deploys Applications Manager across m...
Case study: Leading legal services firm deploys Applications Manager across m...Case study: Leading legal services firm deploys Applications Manager across m...
Case study: Leading legal services firm deploys Applications Manager across m...ManageEngine, Zoho Corporation
 
Application-aware Network Performance Management with OpManager
Application-aware Network Performance Management with OpManagerApplication-aware Network Performance Management with OpManager
Application-aware Network Performance Management with OpManagerManageEngine, Zoho Corporation
 
Agent-less system and application monitoring with HP OpenView
Agent-less system and application monitoring with HP OpenViewAgent-less system and application monitoring with HP OpenView
Agent-less system and application monitoring with HP OpenViewStefan Bergstein
 
5 ways you can benefit from OpManager Plus
5 ways you can benefit from OpManager Plus5 ways you can benefit from OpManager Plus
5 ways you can benefit from OpManager PlusManageEngine, Zoho Corporation
 
NETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNetFlow Analyzer
 
F5 GOV Round Table - Securing Application Access
F5 GOV Round Table - Securing Application AccessF5 GOV Round Table - Securing Application Access
F5 GOV Round Table - Securing Application AccessTzoori Tamam
 
Dashboards, widgets, business views & 3D-data centre
Dashboards, widgets, business views & 3D-data centreDashboards, widgets, business views & 3D-data centre
Dashboards, widgets, business views & 3D-data centreManageEngine, Zoho Corporation
 
UniCredit Leasing uses Applications Manager to deliver seamless services worl...
UniCredit Leasing uses Applications Manager to deliver seamless services worl...UniCredit Leasing uses Applications Manager to deliver seamless services worl...
UniCredit Leasing uses Applications Manager to deliver seamless services worl...ManageEngine, Zoho Corporation
 
Chapter14
Chapter14Chapter14
Chapter14Muhammad Ahad
 
Telecom provider germany ncm casestudy
Telecom provider germany ncm casestudyTelecom provider germany ncm casestudy
Telecom provider germany ncm casestudyManageEngine, Zoho Corporation
 
Manage the Data Center Network as We Do the Servers
Manage the Data Center Network as We Do the ServersManage the Data Center Network as We Do the Servers
Manage the Data Center Network as We Do the ServersOpen Networking Summits
 
Keon willabus Best Advice
Keon willabus Best Advice Keon willabus Best Advice
Keon willabus Best Advice Keon Willabus
 
How ManageEngine NetFlow Analyzer helped Boston Properties Save Bandwidth Costs
How ManageEngine NetFlow Analyzer helped Boston Properties Save Bandwidth CostsHow ManageEngine NetFlow Analyzer helped Boston Properties Save Bandwidth Costs
How ManageEngine NetFlow Analyzer helped Boston Properties Save Bandwidth CostsNetFlow Analyzer
 
ManageEngine OpUtils Technical Overview
ManageEngine OpUtils Technical OverviewManageEngine OpUtils Technical Overview
ManageEngine OpUtils Technical OverviewManageEngine, Zoho Corporation
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextAlgoSec
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAlgoSec
 

More Related Content

What's hot

Network Traffic Analysis at a financial institution with 788 branches for 350...
Network Traffic Analysis at a financial institution with 788 branches for 350...Network Traffic Analysis at a financial institution with 788 branches for 350...
Network Traffic Analysis at a financial institution with 788 branches for 350...ManageEngine, Zoho Corporation
 
IT Security: Eliminating threats with effective network & log analysis
IT Security: Eliminating threats with effective network & log analysisIT Security: Eliminating threats with effective network & log analysis
IT Security: Eliminating threats with effective network & log analysisManageEngine, Zoho Corporation
 
When Your App Hits The Highway - NetFlow Analyzer V10 Overview
When Your App Hits The Highway - NetFlow Analyzer V10 OverviewWhen Your App Hits The Highway - NetFlow Analyzer V10 Overview
When Your App Hits The Highway - NetFlow Analyzer V10 OverviewManageEngine, Zoho Corporation
 
OpManager training - Device discovery and classification.
OpManager training - Device discovery and classification.OpManager training - Device discovery and classification.
OpManager training - Device discovery and classification.ManageEngine, Zoho Corporation
 
US based Educational Institution manages 1500 devices using opmanager
US based Educational Institution manages 1500 devices using opmanagerUS based Educational Institution manages 1500 devices using opmanager
US based Educational Institution manages 1500 devices using opmanagerManageEngine, Zoho Corporation
 
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...Stefan Bergstein
 
Case study: Leading legal services firm deploys Applications Manager across m...
Case study: Leading legal services firm deploys Applications Manager across m...Case study: Leading legal services firm deploys Applications Manager across m...
Case study: Leading legal services firm deploys Applications Manager across m...ManageEngine, Zoho Corporation
 
Application-aware Network Performance Management with OpManager
Application-aware Network Performance Management with OpManagerApplication-aware Network Performance Management with OpManager
Application-aware Network Performance Management with OpManagerManageEngine, Zoho Corporation
 
Agent-less system and application monitoring with HP OpenView
Agent-less system and application monitoring with HP OpenViewAgent-less system and application monitoring with HP OpenView
Agent-less system and application monitoring with HP OpenViewStefan Bergstein
 
NETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNetFlow Analyzer
 
F5 GOV Round Table - Securing Application Access
F5 GOV Round Table - Securing Application AccessF5 GOV Round Table - Securing Application Access
F5 GOV Round Table - Securing Application AccessTzoori Tamam
 
Dashboards, widgets, business views & 3D-data centre
Dashboards, widgets, business views & 3D-data centreDashboards, widgets, business views & 3D-data centre
Dashboards, widgets, business views & 3D-data centreManageEngine, Zoho Corporation
 
UniCredit Leasing uses Applications Manager to deliver seamless services worl...
UniCredit Leasing uses Applications Manager to deliver seamless services worl...UniCredit Leasing uses Applications Manager to deliver seamless services worl...
UniCredit Leasing uses Applications Manager to deliver seamless services worl...ManageEngine, Zoho Corporation
 
Manage the Data Center Network as We Do the Servers
Manage the Data Center Network as We Do the ServersManage the Data Center Network as We Do the Servers
Manage the Data Center Network as We Do the ServersOpen Networking Summits
 
Keon willabus Best Advice
Keon willabus Best Advice Keon willabus Best Advice
Keon willabus Best Advice Keon Willabus
 
How ManageEngine NetFlow Analyzer helped Boston Properties Save Bandwidth Costs
How ManageEngine NetFlow Analyzer helped Boston Properties Save Bandwidth CostsHow ManageEngine NetFlow Analyzer helped Boston Properties Save Bandwidth Costs
How ManageEngine NetFlow Analyzer helped Boston Properties Save Bandwidth CostsNetFlow Analyzer
 

What's hot (20)

Network Traffic Analysis at a financial institution with 788 branches for 350...
Network Traffic Analysis at a financial institution with 788 branches for 350...Network Traffic Analysis at a financial institution with 788 branches for 350...
Network Traffic Analysis at a financial institution with 788 branches for 350...
 
IT Security: Eliminating threats with effective network & log analysis
IT Security: Eliminating threats with effective network & log analysisIT Security: Eliminating threats with effective network & log analysis
IT Security: Eliminating threats with effective network & log analysis
 
When Your App Hits The Highway - NetFlow Analyzer V10 Overview
When Your App Hits The Highway - NetFlow Analyzer V10 OverviewWhen Your App Hits The Highway - NetFlow Analyzer V10 Overview
When Your App Hits The Highway - NetFlow Analyzer V10 Overview
 
OpManager training - Device discovery and classification.
OpManager training - Device discovery and classification.OpManager training - Device discovery and classification.
OpManager training - Device discovery and classification.
 
US based Educational Institution manages 1500 devices using opmanager
US based Educational Institution manages 1500 devices using opmanagerUS based Educational Institution manages 1500 devices using opmanager
US based Educational Institution manages 1500 devices using opmanager
 
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
 
Case study: Leading legal services firm deploys Applications Manager across m...
Case study: Leading legal services firm deploys Applications Manager across m...Case study: Leading legal services firm deploys Applications Manager across m...
Case study: Leading legal services firm deploys Applications Manager across m...
 
Application-aware Network Performance Management with OpManager
Application-aware Network Performance Management with OpManagerApplication-aware Network Performance Management with OpManager
Application-aware Network Performance Management with OpManager
 
Agent-less system and application monitoring with HP OpenView
Agent-less system and application monitoring with HP OpenViewAgent-less system and application monitoring with HP OpenView
Agent-less system and application monitoring with HP OpenView
 
5 ways you can benefit from OpManager Plus
5 ways you can benefit from OpManager Plus5 ways you can benefit from OpManager Plus
5 ways you can benefit from OpManager Plus
 
NETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEW
 
F5 GOV Round Table - Securing Application Access
F5 GOV Round Table - Securing Application AccessF5 GOV Round Table - Securing Application Access
F5 GOV Round Table - Securing Application Access
 
Dashboards, widgets, business views & 3D-data centre
Dashboards, widgets, business views & 3D-data centreDashboards, widgets, business views & 3D-data centre
Dashboards, widgets, business views & 3D-data centre
 
UniCredit Leasing uses Applications Manager to deliver seamless services worl...
UniCredit Leasing uses Applications Manager to deliver seamless services worl...UniCredit Leasing uses Applications Manager to deliver seamless services worl...
UniCredit Leasing uses Applications Manager to deliver seamless services worl...
 
Chapter14
Chapter14Chapter14
Chapter14
 
Telecom provider germany ncm casestudy
Telecom provider germany ncm casestudyTelecom provider germany ncm casestudy
Telecom provider germany ncm casestudy
 
Manage the Data Center Network as We Do the Servers
Manage the Data Center Network as We Do the ServersManage the Data Center Network as We Do the Servers
Manage the Data Center Network as We Do the Servers
 
Keon willabus Best Advice
Keon willabus Best Advice Keon willabus Best Advice
Keon willabus Best Advice
 
How ManageEngine NetFlow Analyzer helped Boston Properties Save Bandwidth Costs
How ManageEngine NetFlow Analyzer helped Boston Properties Save Bandwidth CostsHow ManageEngine NetFlow Analyzer helped Boston Properties Save Bandwidth Costs
How ManageEngine NetFlow Analyzer helped Boston Properties Save Bandwidth Costs
 
ManageEngine OpUtils Technical Overview
ManageEngine OpUtils Technical OverviewManageEngine OpUtils Technical Overview
ManageEngine OpUtils Technical Overview
 

Viewers also liked

Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextAlgoSec
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAlgoSec
 
Shift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesShift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesAlgoSec
 
AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAlgoSec
 
Dos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkDos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkAlgoSec
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Maytal Levi
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarCisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarMaytal Levi
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentAlgoSec
 
Taking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changesTaking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changesAlgoSec
 
Segmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the UglySegmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the UglyAlgoSec
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
A business driven approach to security policy management a technical perspec...
A business driven approach to security policy management a technical perspec...A business driven approach to security policy management a technical perspec...
A business driven approach to security policy management a technical perspec...AlgoSec
 
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveTop PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveAlgoSec
 
Best Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change ProcessesBest Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change ProcessesAdi Gazit Blecher
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceAlgoSec
 

Viewers also liked (16)

Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slides
 
Shift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesShift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy Changes
 
AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’ts
 
Dos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkDos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your Network
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarCisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
 
Taking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changesTaking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changes
 
Segmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the UglySegmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the Ugly
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the Curve
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
 
A business driven approach to security policy management a technical perspec...
A business driven approach to security policy management a technical perspec...A business driven approach to security policy management a technical perspec...
A business driven approach to security policy management a technical perspec...
 
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveTop PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
 
Best Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change ProcessesBest Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change Processes
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
 

Similar to Learn how an app-centric approach will improve security & operational efficiency

Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Securityshira koper
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...AlgoSec
 
Cisco ACI for the Microsoft Cloud Platform
Cisco ACI for the Microsoft Cloud PlatformCisco ACI for the Microsoft Cloud Platform
Cisco ACI for the Microsoft Cloud PlatformShashi Kiran
 
Migration into a Cloud
Migration into a CloudMigration into a Cloud
Migration into a CloudDivya S
 
Connect Ops and Security with Flexible Web App and API Protection
Connect Ops and Security with Flexible Web App and API ProtectionConnect Ops and Security with Flexible Web App and API Protection
Connect Ops and Security with Flexible Web App and API ProtectionDevOps.com
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation finalAlgoSec
 
Cloud workload migration guidelines
Cloud workload migration guidelinesCloud workload migration guidelines
Cloud workload migration guidelinesJen Wei Lee
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudAlert Logic
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudAlert Logic
 
Dev seccon london 2016 intelliment security
Dev seccon london 2016 intelliment securityDev seccon london 2016 intelliment security
Dev seccon london 2016 intelliment securityDevSecCon
 
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Standards Customer Council
 
Federal Webinar: Application monitoring for on-premises, hybrid, and multi-cl...
Federal Webinar: Application monitoring for on-premises, hybrid, and multi-cl...Federal Webinar: Application monitoring for on-premises, hybrid, and multi-cl...
Federal Webinar: Application monitoring for on-premises, hybrid, and multi-cl...SolarWinds
 
Web Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesWeb Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesAvi Networks
 
End to-End Monitoring for ITSM and DevOps
End to-End Monitoring for ITSM and DevOpsEnd to-End Monitoring for ITSM and DevOps
End to-End Monitoring for ITSM and DevOpseG Innovations
 
The Changing Data Center Landscape
The Changing Data Center LandscapeThe Changing Data Center Landscape
The Changing Data Center LandscapeCisco Canada
 
Migração - EBC on the road Brazil Edition [Portuguese]
Migração - EBC on the road Brazil Edition [Portuguese]Migração - EBC on the road Brazil Edition [Portuguese]
Migração - EBC on the road Brazil Edition [Portuguese]Amazon Web Services
 
Addressing Cloud Security with OPA
Addressing Cloud Security with OPAAddressing Cloud Security with OPA
Addressing Cloud Security with OPADiemShin
 
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdf
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdfImprove_Application_Availability_and_Performance_Sales_Crib_Sheet.pdf
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdfمنیزہ ہاشمی
 
SAP Concur’s Cloud Journey
SAP Concur’s Cloud JourneySAP Concur’s Cloud Journey
SAP Concur’s Cloud JourneySBWebinars
 

Similar to Learn how an app-centric approach will improve security & operational efficiency (20)

Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Security
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
 
Cisco ACI for the Microsoft Cloud Platform
Cisco ACI for the Microsoft Cloud PlatformCisco ACI for the Microsoft Cloud Platform
Cisco ACI for the Microsoft Cloud Platform
 
Migration into a Cloud
Migration into a CloudMigration into a Cloud
Migration into a Cloud
 
Connect Ops and Security with Flexible Web App and API Protection
Connect Ops and Security with Flexible Web App and API ProtectionConnect Ops and Security with Flexible Web App and API Protection
Connect Ops and Security with Flexible Web App and API Protection
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final
 
Cloud workload migration guidelines
Cloud workload migration guidelinesCloud workload migration guidelines
Cloud workload migration guidelines
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the Cloud
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the Cloud
 
Dev seccon london 2016 intelliment security
Dev seccon london 2016 intelliment securityDev seccon london 2016 intelliment security
Dev seccon london 2016 intelliment security
 
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
 
Federal Webinar: Application monitoring for on-premises, hybrid, and multi-cl...
Federal Webinar: Application monitoring for on-premises, hybrid, and multi-cl...Federal Webinar: Application monitoring for on-premises, hybrid, and multi-cl...
Federal Webinar: Application monitoring for on-premises, hybrid, and multi-cl...
 
Web Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesWeb Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery Pipelines
 
End to-End Monitoring for ITSM and DevOps
End to-End Monitoring for ITSM and DevOpsEnd to-End Monitoring for ITSM and DevOps
End to-End Monitoring for ITSM and DevOps
 
The Changing Data Center Landscape
The Changing Data Center LandscapeThe Changing Data Center Landscape
The Changing Data Center Landscape
 
Migração - EBC on the road Brazil Edition [Portuguese]
Migração - EBC on the road Brazil Edition [Portuguese]Migração - EBC on the road Brazil Edition [Portuguese]
Migração - EBC on the road Brazil Edition [Portuguese]
 
Addressing Cloud Security with OPA
Addressing Cloud Security with OPAAddressing Cloud Security with OPA
Addressing Cloud Security with OPA
 
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdf
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdfImprove_Application_Availability_and_Performance_Sales_Crib_Sheet.pdf
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdf
 
SAP Concur’s Cloud Journey
SAP Concur’s Cloud JourneySAP Concur’s Cloud Journey
SAP Concur’s Cloud Journey
 

Recently uploaded

In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...Product School
 
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»QADay
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...Elena Simperl
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...Product School
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...Sri Ambati
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsVlad Stirbu
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...Product School
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Product School
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 

Recently uploaded (20)

In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 

Learn how an app-centric approach will improve security & operational efficiency

  • 1. INCREASE YOUR SECURITY MATURITY THROUGH AN APPLICATION CENTRIC APPROACH Joe DiPietro
  • 2. AGENDA • The Security Policy Management Maturity Model • Understanding Application Architecture • Autodiscovery for Applications and their Connectivity • Identifying Risk Within Applications • Migrating Applications to a New Data Center
  • 3. THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Application to security mapping Security policy posture Security change management Network infrastructure auditing Secure decommissioning of application connectivity Alignment betweensecurity, network and service delivery teams 3 | Confidential Level 1 Level 2 Level 3 Level 4 Understanding the components of the Security Policy Management Maturity Model Increasing maturity
  • 4. THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Application to security mapping Security policy posture Security change management Network infrastructure auditing Secure decommissioning of application connectivity Alignment between security, network and service delivery teams 4 | Confidential •Live and dynamically updated map •Network and Security view
  • 5. THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Application to security mapping Security policy posture Security change management Network infrastructure auditing Secure decommissioning of application connectivity Alignment between security, network and service delivery teams 5 | Confidential •Application Documentation •Integrated Risk and Change Mgt View •Business Impact Be prepared for Software Defined Networks (SDN) such as Cisco ACI (Application Centric Infrastructure)
  • 6. THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Application to security mapping Security policy posture Security change management Network infrastructure auditing Secure decommissioning of application connectivity Alignment between security, network and service delivery teams 6 | Confidential •Continuous compliance procedures •Compliance score •Security policy risks •Application risk
  • 7. THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Application to security mapping Security policy posture Security change management Network infrastructure auditing Secure decommissioning of application connectivity Alignment between security, network and service delivery teams 7 | Confidential •Automated process •Segregation of duties •Embedded risk checks Plan Approve ImplementValidate Close Request 1 2 3 4 6 5 2 Notify Requester Each Firewall Policy is automatically analyzed to see if request is already allowed 3 4 •Add a new rule? •Modify an existing rule? •Create new objects? •Automatically document the rule change 5 6 Automatic “Push” to reduce misconfigurations
  • 8. THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Application to security mapping Security policy posture Security change management Network infrastructure auditing Secure decommissioning of application connectivity Alignment between security, network and service delivery teams 8 | Confidential •Understand what changed, and who did it •Don’t forget about changes in risk •Look at the big picture •Have granular audit details
  • 9. THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Application to security mapping Security policy posture Security change management Network infrastructure auditing Secure decommissioning of application connectivity Alignment between security, network and service delivery teams 9 | Confidential •Reduce complexity •Map applications and automate the process •Security policy bloat over time •Have a process to decommission Start the decommission process when you first make the request with “rule re-certification”! Please decommission this application! Legacy WebAccess Application #6757 Firewall Change Request to remove WebAccess application
  • 10. THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Application to security mapping Security policy posture Security change management Network infrastructure auditing Secure decommissioning of application connectivity Alignment betweensecurity, network and service delivery teams 10 | Confidential •Common goals for the business •Application alignment between groups •More agile •Reduce risk The back and forth exchange to clarify information can add days into a single security policy change request! Collaboration can occur when each party sees the information in their native language Service delivery Networking Security Different views of the same application
  • 11. 11 | Confidential THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Static map (E.G. Visio) Map updated periodically Live map Live map across on premise, SDN and cloud Application to security mapping None Application architecture documented Application Risk identified within all app components App connectivity changes seamless integrated with Security Processes Security policy posture Poor Fair Good Excellent Security change management Manual. Error-prone Mostly manual. Some errors. Mostly automated. Few errors Automated policy push Virtually error-free Network infrastructure auditing Manual. Costly. Some automation. Costly. Automated and continuous Automated and continuous Secure decommissioning of application connectivity Never Rare Occasional Always Alignment betweensecurity, network and service delivery teams Poor Fair Good DevSecOps Level 1 Level 2 Level 3 Level 4
  • 12. 12 | Confidential THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Static map (E.G. Visio) Map updated periodically Live map Live map across on premise, SDN and cloud Application to security mapping None Application architecture documented Application Risk identified within all app components App connectivity changes seamless integrated with Security Processes Security policy posture Poor Fair Good Excellent Security change management Manual. Error-prone Mostly manual. Some errors. Mostly automated. Few errors Automated policy push Virtually error-free Network infrastructure auditing Manual. Costly. Some automation. Costly. Automated and continuous Automated and continuous Secure decommissioning of application connectivity Never Rare Occasional Always Alignment betweensecurity, network and service delivery teams Poor Fair Good DevSecOps Level 1 Level 2 Level 3 Level 4 If we understand the application architecture and how it traverses the network, we can dramatically increase our maturity in these areas and be prepared for Software Defined Networks (SDN) such as Cisco ACI (Application Centric Infrastructure)
  • 13. 13 | Confidential THE SECURITY POLICY MANAGEMENT MATURITY MODEL Network visibility and mapping Static map (E.G. Visio) Map updated periodically Live map Live map across on premise, SDN and cloud Application to security mapping None Application architecture documented Application Risk identified within all app components App connectivity changes seamless integrated with Security Processes Security policy posture Poor Fair Good Excellent Security change management Manual. Error-prone Mostly manual. Some errors. Mostly automated. Few errors Automated policy push Virtually error-free Network infrastructure auditing Manual. Costly. Some automation. Costly. Automated and continuous Automated and continuous Secure decommissioning of application connectivity Never Rare Occasional Always Alignment betweensecurity, network and service delivery teams Poor Fair Good DevSecOps Level 1 Level 2 Level 3 Level 4 If we understand the application architecture and how it traverses the network, we can dramatically increase our maturity in these areas and be prepared for Software Defined Networks (SDN) such as Cisco ACI (Application Centric Infrastructure) As well as increase our business agility!
  • 14. BUSINESS APPLICATION ARCHITECTURE • One of the biggest challenges in IT is to understand application architectures • Just like security, networking, and other IT components, they can be complex • There are many different components, and here’s a simplified view • Browsers (IE, Chrome, FireFox, etc) • Fat or thick clients (SAP, etc) • Web Servers (Apache, MicroSoft IIS, etc) • Middleware (Oracle WebLogic, Fusion, IBM WebSphere, etc) • Database Servers (Oracle, SQL Server, DB2, MongoDB, Hadoop, etc) • If we understand the application architecture then we understand how to secure the environment and create business agility when a change is needed Client Tier Web Tier Business Logic Tier Database Tier
  • 15. IDENTIFYING BUSINESS APPLICATIONS • How do you get a picture of the application and its components? • Ask the application developer…they will know a few pieces • Ask the sysadmin…he know what software was loaded, but… • Ask the DBA…he just left… • Ask the middleware engineer…They deal with a lot of applications, which one? • Look in the CMDB…this has stale information from 5 years ago… • It’s really hard!! Client Tier Web Tier Business Logic Database Tier
  • 16. DEFINING THE APPLICATION ARCHITECTURE Obtaining application architecture information • Import DB tables through CSV files • Sensors, Probes or Packet Brokers which get data from: • port mirroring • promiscuous mode on an ESX server • host-based (local) sensor on an application server • data captures in PCAP, TCPDUMP and NetFlow format • Capturing syslog traffic • Existing security policy Let’s look at this one first…
  • 17. FIREWALL POLICY Identify your application…Like Lotus Notes
  • 18. FIREWALL POLICY You’ve documented your application!! Information can be pulled from Section Headers, Comment Fields, Object Names, Services, etc
  • 19. AUTO DISCOVERY OF BUSINESS APPLICATIONS • Another method to consider is “Autodiscovery” • Why? • Because it happens dynamically • You don’t need to rely on tribal knowledge that left the company • The application is comprised of many different components that are difficult for one individual to describe for you • Because your applications run your business and if it breaks, you need to figure out where to fix it • It can help you automatically identify changes to the application behavior over time
  • 20. • Autodiscovery can happen in a variety of forms • The goal is to capture the relevant information in order to build an application diagram DISCOVERING EXISTING APPLICATIONS Easily discover existing application connectivity flows Packet Broker ESX Server Host base sensor On Application Server Now that we have the application described, how can we identify the risks involved with the application?
  • 21. • How risky is the application? • Overall application • Components of the application • Access to the application • Identifying the application components helps you gain visibility into the risk of the entire application • Measure the risk, just like any other corporate process RISK AND THE APPLICATION
  • 22. • Applications can have labels and priorities • Application vulnerability scores can be summarized IDENTIFY RISK WITHIN CRITICAL BUSINESS APPLICATIONS
  • 23. • Application component risk • Applications have many components • Web server • Database server • Middleware • NTP server • DNS • etc • Unscanned servers • You don’t know what kind of risk you have here, or if there is malware on these systems already WHAT OTHER RISKS DO WE HAVE?
  • 24. • Measuring Risk helps application developers understand security’s view point to help prevent a data breach • Integrate the vulnerability assessment scanning data into the application architecture • Qualys, Rapid 7 and Nessus scanners + more • Helps requestors know what parts of their application are vulnerable to breaches “RISK” CAN BE ADDED WHEN PERFORMING FIREWALL CHANGE REQUEST • The red highlight critical risk • The yellow highlighted medium risk • The gray identified serves that were not scanned
  • 25. CONSTANTLY TRY TO IMPROVE YOUR SCORE • By measuring your application risk you can maintain a process to reduce it over time • Certain components of the application will be more critical than others • Prioritize your remediation strategies to accomplish your goals for risk reduction • How risky is it to migrate your application?
  • 26. MIGRATE APPLICATIONS TO NEW DATA CENTER • Identify Applications • Extract relevant components • Map new IP information • Automatically prepare firewall changes for new connectivity • Implement changes • Decommission old rules
  • 27. HELP DESK APPLICATION 1. This is the application to migrate 2. Identify the flows 3. Identify the relevant servers 4. Prepare change requests Help Desk Application1 2
  • 28. MIGRATING THE HELP DESK APPLICATION Extract required servers and prepare them for the planning stage Help Desk Application 3
  • 29. LETS MIGRATE A SERVER FROM THE APPLICATION
  • 30. SMS SERVER DC1 HAS A NEW DEFINITION • Understanding the architecture helps you identify what components need to talk to each other • If this server moves to a new location, these flows will be affected
  • 31. WE We have the server definitions defined, but now we need to update the application
  • 32. OPEN REQUEST CREATED Updated kicks off an open request to modify application connectivity 4
  • 33.
  • 34. CHANGE REQUEST IS AUTOMATICALLY PLANNED
  • 35. RISK CHECKS FOR NEW SERVER MOVE (TO BE APPROVED) This is where we can understand how much risk is introduced by the application move
  • 36. SECURITY POLICY DETAILS FOR EACH DEVICE (TO BE IMPLEMENTED)
  • 37. ANOTHER DEVICE IN THE PATH
  • 40. SUMMARY • Increase your security policy management maturity by mapping your application architecture • This will give you better security visibility and also business agility • Try to progress your maturity in a consistent manner • Include risk analysis for your application visibility • Mapping applications can accelerate your data center and cloud migration goals!! 40 | Confidential