SlideShare a Scribd company logo

Migrating and Managing Security Policies in a Segmented Data Center

AlgoSec
AlgoSec

Network segmentation is an effective strategy for protecting access to key data assets, and impeding the lateral movement of threats and cyber criminals inside your data center. With network virtualization, such as VMware NSX and Cisco ACI now a reality it's far simpler to set up granular security policies for east-west traffic within the data center. Yet the added granularity of securities policies creates significant complexity. Presented by renowned industry expert Professor Avishai Wool, this technical webinar will provide strategies and best practices to help organizations migrate and manage security policies efficiently within a micro-segmented data center. In this webinar, Prof. Wool will discuss how to: •Identify and securely migrate legacy applications to a micro-segmented data center •Effectively define and enforce security policies for East-West traffic •Manage the micro-segmented data center alongside traditional on-premise security devices •Identify risk and manage compliance in a micro-segmented data center •Use network segmentation to reduce the scope of regulatory audits •Identify and avoid common network segmentation mistakes

Technology
1 of 53
Download to read offline
MIGRATING & MANAGING SECURITY POLICIES IN A SEGMENTED DATA CENTER AVISHAI WOOL, CTO
TOPICS COVERED Defining and enforce security policies for East-West traffic Managing micro-segmented data center alongside traditional devices 01 02 03 Migrating applications to a micro-segmented data center Identify risk and manage compliance04 Q&A and Summary05 2
THE BASICS 3
LEGACY DATA CENTER ARCHITECTURE Users Servers Outside World, Business partners, Perimeter Firewall East-West traffic North-South traffic 4
WHY THIS IS RISKY • No filtering capabilities controlling east-west traffic • Allows unrestricted traffic: • Between internal users’ desktops/laptops and servers • Between servers in different segments • Once attackers gain a foothold – free lateral movement 5
SEGMENTED DATA CENTER ARCHITECTURE Users Zone Server Zone 2 Outside World, Business partners, Perimeter FirewallServer Zone 1 6
SEGMENTED = MORE SECURE • Introduce filtering choke-points between zones • Allows control of east-west traffic • Lets organizations restrict lateral movement between zones • How can we make this a reality? 7
Which Platform Do You Use To Manage Your Private Cloud / Virtualized Data Center? • Vmware NSX • Cisco ACI • Microsoft Hyper-V • Other • We Don't Have A Virtualized Data Center POLL Please vote using the “votes from audience” tab in your BrightTALK panel 8
SEGMENTATION CHALLENGES 9
CHALLENGE #1: INTRODUCING CHOKE POINTS • In the traditional data center: a major effort • Hardware, cabling, reconfigure switching and routing • In a virtualized, software-defined, data center: • Built-in firewalls as part of the infrastructure • No extra hardware needed • Software-Defined Networking ✓ 10
CHALLENGE #2: ZONING • How many zones to define? • Which subnets should reside in each zone? 11
A ZONING TRADE-OFF • Traffic inside each zone remains unrestricted • For better security, define many small zones • “Micro-segmentation” • But: need policy (rules) between every pair of zones • “Allow service X from zone 1 to zone 2” • N zones ==> N*N traffic directions • For better manageability, define a few large zones 12
CHALLENGE #3: FILTERING POLICY BETWEEN ZONES • Traffic inside each zone is unfiltered: allowed • … traffic between zones must be explicitly allowed by policy • Goal: write policy to allow legitimate zone-crossing traffic • Challenge: discover and characterize this traffic • Did you know: VMware NSX’s default policy is “allow all” • Works around the challenge • … But is completely insecure ✓ 13
APPLICATION-AWARE SEGMENTATION 14
THE BUSINESS-APPLICATION PERSPECTIVE • East-West traffic is generated by business applications • Each business application has: • Servers supporting it • Clients accessing it • Business application connectivity requirements: • Server-to-server traffic flows • Client-to-server traffic flows 15
SEGMENTATION FOR BUSINESS APPLICATIONS • Human-accessible systems: in a separate zone from servers: • Desktops / Laptops / Smartphones • Servers belonging to an application, that communicate with each other: • in same zone • Infrastructure servers, that support multiple applications: • in a dedicated zone 16
PLANNING NETWORK SEGMENTATION: BLUEPRINT • Discover business applications’ connectivity requirements • Select number of zones, and their characterization • Based on applications’ flows, assign subnets to zones • Write filtering policy (rules) allowing zone-crossing flows • Avoid breaking business applications’ connectivity 17
DISCOVERY 18
IS YOUR ORGANIZATION WELL-DISCIPLINED? If: • All applications are documented • Applications’ connectivity requirements are documented • Documentation is machine readable Then “discovery” is easy! • What if documentation is missing / outdated ? ✓ ✓ ✓ 19
DISCOVERY FROM TRAFFIC 20
DISCOVERY RESULTS: ANALYTICS ON SNIFFED TRAFFIC 21 21
ZONE-CROSSING TRAFFIC: HIGH LEVEL POLICY 22
DOCUMENT: THE CONNECTIVITY MATRIX Allowed traffic between every pair of zones 23 23
ZOOM IN: FROM/TO THE PEER DMZ 24
DEMONSTRATION OF MICRO-SEGMENTATION WITH ALGOSEC 25
IMPORT INTO BUSINESSFLOW 26 26
27 27
28 28
29
30
31
VISIBILITY 32
33
34
Enforcing Micro Segmentation 35
36
37 37
MAINTENANCE OF THE SEGMENTATION 38
MAINTENANCE OF THE SEGMENTATION • Zoning remains stable over time • … but application connectivity requirements evolve • … so filtering policies need to change over time • Need application-aware and segmentation-aware change management processes • Need visibility that filtering policies comply with zoning 39
40
CONNECTIVITY SPREADSHEET 41
42 42
SEGMENTATION-AWARE CHANGE PROCESS 43
NORTH-SOUTH TRAFFIC • Hybrid network: • Software-defined data center • traditional networking outside data center • Application connectivity is also north-south • Goal: Single change workflow for all filtering technologies 44
• Identical for North-South and East-West • Indifferent to network technology • Abstracts away filtering device details 45
• Outside data center (traditional) 46
• Inside data center (virtualized) 47
48
• AlgoSec Standard risks + • User-defined risks + • Connectivity spreadsheet violations • What-if risk check, before changes are implemented 49
What are your plans for filtering east-west traffic? • Already implemented • Planning to implement over the next 6 months • Planning to implement over the next 6-12 months • No plans POLL Please vote using the “votes from audience” tab in your BrightTALK panel 50
SUMMARY Plan • Discover business applications’ connectivity requirements • Design zoning, write policy for zone-crossing flows • Document in connectivity matrix Maintain • Visibility, automated comparison to connectivity matrix • Segmentation-aware change process 51
MORE RESOURCES www.algosec.com/resources WHITEPAPERS Prof Wool CoursesDATASHEET 52
THANK YOU! Questions can be emailed to marketing@algosec.Com

Recommended

Adaptive Security and Incident Response - A Business-Driven Approach
Adaptive Security and Incident Response - A Business-Driven ApproachAdaptive Security and Incident Response - A Business-Driven Approach
Adaptive Security and Incident Response - A Business-Driven ApproachAlgoSec
 
Webinar: How automation can transform the way you manage your network securit...
Webinar: How automation can transform the way you manage your network securit...Webinar: How automation can transform the way you manage your network securit...
Webinar: How automation can transform the way you manage your network securit...AlgoSec
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesAlgoSec
 
Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...AlgoSec
 
Ransomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondRansomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondAlgoSec
 
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance FiresLiraz Goldstein
 
5 things you didn't know you could do with security policy management
5 things you didn't know you could do with security policy management5 things you didn't know you could do with security policy management
5 things you didn't know you could do with security policy managementAlgoSec
 
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application ConnectivityMovin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application Connectivityshira koper
 

Recommended

Adaptive Security and Incident Response - A Business-Driven Approach
Adaptive Security and Incident Response - A Business-Driven ApproachAdaptive Security and Incident Response - A Business-Driven Approach
Adaptive Security and Incident Response - A Business-Driven ApproachAlgoSec
 
Webinar: How automation can transform the way you manage your network securit...
Webinar: How automation can transform the way you manage your network securit...Webinar: How automation can transform the way you manage your network securit...
Webinar: How automation can transform the way you manage your network securit...AlgoSec
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesAlgoSec
 
Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...AlgoSec
 
Ransomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondRansomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondAlgoSec
 
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance FiresLiraz Goldstein
 
5 things you didn't know you could do with security policy management
5 things you didn't know you could do with security policy management5 things you didn't know you could do with security policy management
5 things you didn't know you could do with security policy managementAlgoSec
 
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application ConnectivityMovin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application Connectivityshira koper
 
AlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarAlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarMaytal Levi
 
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solutionAlgosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solutionMaytal Levi
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...AlgoSec
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)AlgoSec
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAlgoSec
 
Algosec security policy management for financial institutions
Algosec security policy management for financial institutionsAlgosec security policy management for financial institutions
Algosec security policy management for financial institutionsMaytal Levi
 
Radically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertificationRadically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertificationAlgoSec
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Maytal Levi
 
Firewall Rule Recertification - An Application-Centric Approach
Firewall Rule Recertification - An Application-Centric ApproachFirewall Rule Recertification - An Application-Centric Approach
Firewall Rule Recertification - An Application-Centric ApproachAlgoSec
 
2018 10-11 automating network security policy management allows financial ins...
2018 10-11 automating network security policy management allows financial ins...2018 10-11 automating network security policy management allows financial ins...
2018 10-11 automating network security policy management allows financial ins...AlgoSec
 
AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAlgoSec
 
5 things you didnt know you could do with security policy management
5 things you didnt know you could do with security policy management5 things you didnt know you could do with security policy management
5 things you didnt know you could do with security policy managementAlgoSec
 
A business driven approach to security policy management a technical perspec...
A business driven approach to security policy management a technical perspec...A business driven approach to security policy management a technical perspec...
A business driven approach to security policy management a technical perspec...AlgoSec
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network finalAlgoSec
 
Security Change Management: Agility vs. Control
Security Change Management: Agility vs. ControlSecurity Change Management: Agility vs. Control
Security Change Management: Agility vs. ControlAlgoSec
 
Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time AlgoSec
 
Taking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changesTaking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changesAlgoSec
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementAlgoSec
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloudAlgoSec
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Maytal Levi
 
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...Adi Gazit Blecher
 
ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes
 

More Related Content

What's hot

AlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarAlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarMaytal Levi
 
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solutionAlgosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solutionMaytal Levi
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...AlgoSec
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)AlgoSec
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAlgoSec
 
Algosec security policy management for financial institutions
Algosec security policy management for financial institutionsAlgosec security policy management for financial institutions
Algosec security policy management for financial institutionsMaytal Levi
 
Radically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertificationRadically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertificationAlgoSec
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Maytal Levi
 
Firewall Rule Recertification - An Application-Centric Approach
Firewall Rule Recertification - An Application-Centric ApproachFirewall Rule Recertification - An Application-Centric Approach
Firewall Rule Recertification - An Application-Centric ApproachAlgoSec
 
2018 10-11 automating network security policy management allows financial ins...
2018 10-11 automating network security policy management allows financial ins...2018 10-11 automating network security policy management allows financial ins...
2018 10-11 automating network security policy management allows financial ins...AlgoSec
 
AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAlgoSec
 
5 things you didnt know you could do with security policy management
5 things you didnt know you could do with security policy management5 things you didnt know you could do with security policy management
5 things you didnt know you could do with security policy managementAlgoSec
 
A business driven approach to security policy management a technical perspec...
A business driven approach to security policy management a technical perspec...A business driven approach to security policy management a technical perspec...
A business driven approach to security policy management a technical perspec...AlgoSec
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network finalAlgoSec
 
Security Change Management: Agility vs. Control
Security Change Management: Agility vs. ControlSecurity Change Management: Agility vs. Control
Security Change Management: Agility vs. ControlAlgoSec
 
Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time AlgoSec
 
Taking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changesTaking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changesAlgoSec
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementAlgoSec
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloudAlgoSec
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Maytal Levi
 

What's hot (20)

AlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarAlgoSec Application Migration Webinar
AlgoSec Application Migration Webinar
 
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solutionAlgosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slides
 
Algosec security policy management for financial institutions
Algosec security policy management for financial institutionsAlgosec security policy management for financial institutions
Algosec security policy management for financial institutions
 
Radically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertificationRadically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertification
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation
 
Firewall Rule Recertification - An Application-Centric Approach
Firewall Rule Recertification - An Application-Centric ApproachFirewall Rule Recertification - An Application-Centric Approach
Firewall Rule Recertification - An Application-Centric Approach
 
2018 10-11 automating network security policy management allows financial ins...
2018 10-11 automating network security policy management allows financial ins...2018 10-11 automating network security policy management allows financial ins...
2018 10-11 automating network security policy management allows financial ins...
 
AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’ts
 
5 things you didnt know you could do with security policy management
5 things you didnt know you could do with security policy management5 things you didnt know you could do with security policy management
5 things you didnt know you could do with security policy management
 
A business driven approach to security policy management a technical perspec...
A business driven approach to security policy management a technical perspec...A business driven approach to security policy management a technical perspec...
A business driven approach to security policy management a technical perspec...
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network final
 
Security Change Management: Agility vs. Control
Security Change Management: Agility vs. ControlSecurity Change Management: Agility vs. Control
Security Change Management: Agility vs. Control
 
Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time
 
Taking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changesTaking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changes
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
 

Similar to Migrating and Managing Security Policies in a Segmented Data Center

How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...Adi Gazit Blecher
 
ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes
 
DRCC Application Overview
DRCC Application OverviewDRCC Application Overview
DRCC Application OverviewGreg Selvin
 
Software Defined Networks - Unit -1- class lecture notes.pdf
Software Defined Networks - Unit -1- class lecture notes.pdfSoftware Defined Networks - Unit -1- class lecture notes.pdf
Software Defined Networks - Unit -1- class lecture notes.pdfsoftwaretrainer2elys
 
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptxUNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptxLeahRachael
 
Software_Defined_Networking.pptx
Software_Defined_Networking.pptxSoftware_Defined_Networking.pptx
Software_Defined_Networking.pptxAsfawGedamu
 
Software-Defined Networking Layers presentation
Software-Defined Networking Layers presentationSoftware-Defined Networking Layers presentation
Software-Defined Networking Layers presentationAbdullah Salama
 
#ATAGTR2021 Presentation : "Performance Evaluation Strategy of multi-access e...
#ATAGTR2021 Presentation : "Performance Evaluation Strategy of multi-access e...#ATAGTR2021 Presentation : "Performance Evaluation Strategy of multi-access e...
#ATAGTR2021 Presentation : "Performance Evaluation Strategy of multi-access e...Agile Testing Alliance
 
Net motion mobility_intro_overview
Net motion mobility_intro_overviewNet motion mobility_intro_overview
Net motion mobility_intro_overviewStef Coetzee
 
Unleash the power, intelligence, and analytics of your networks with a flexib...
Unleash the power, intelligence, and analytics of your networks with a flexib...Unleash the power, intelligence, and analytics of your networks with a flexib...
Unleash the power, intelligence, and analytics of your networks with a flexib...Alcatel-Lucent Enterprise
 
Whitepaper: Network Virtualization - Happiest Minds
Whitepaper: Network Virtualization - Happiest MindsWhitepaper: Network Virtualization - Happiest Minds
Whitepaper: Network Virtualization - Happiest MindsHappiest Minds Technologies
 
How Network Instruments can help you!
How Network Instruments can help you!How Network Instruments can help you!
How Network Instruments can help you!Tonya Williams
 
09e4150ead3fa7505a000000
09e4150ead3fa7505a00000009e4150ead3fa7505a000000
09e4150ead3fa7505a000000Fauzil Rizqi
 

Similar to Migrating and Managing Security Policies in a Segmented Data Center (20)

How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
 
ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12
 
Sdn
SdnSdn
Sdn
 
Software defined network
Software defined networkSoftware defined network
Software defined network
 
DRCC Application Overview
DRCC Application OverviewDRCC Application Overview
DRCC Application Overview
 
Software Defined Networks - Unit -1- class lecture notes.pdf
Software Defined Networks - Unit -1- class lecture notes.pdfSoftware Defined Networks - Unit -1- class lecture notes.pdf
Software Defined Networks - Unit -1- class lecture notes.pdf
 
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptxUNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Software_Defined_Networking.pptx
Software_Defined_Networking.pptxSoftware_Defined_Networking.pptx
Software_Defined_Networking.pptx
 
Software-Defined Networking Layers presentation
Software-Defined Networking Layers presentationSoftware-Defined Networking Layers presentation
Software-Defined Networking Layers presentation
 
#ATAGTR2021 Presentation : "Performance Evaluation Strategy of multi-access e...
#ATAGTR2021 Presentation : "Performance Evaluation Strategy of multi-access e...#ATAGTR2021 Presentation : "Performance Evaluation Strategy of multi-access e...
#ATAGTR2021 Presentation : "Performance Evaluation Strategy of multi-access e...
 
Net motion mobility_intro_overview
Net motion mobility_intro_overviewNet motion mobility_intro_overview
Net motion mobility_intro_overview
 
SDN-ppt-new
SDN-ppt-newSDN-ppt-new
SDN-ppt-new
 
Unleash the power, intelligence, and analytics of your networks with a flexib...
Unleash the power, intelligence, and analytics of your networks with a flexib...Unleash the power, intelligence, and analytics of your networks with a flexib...
Unleash the power, intelligence, and analytics of your networks with a flexib...
 
12458003.ppt
12458003.ppt12458003.ppt
12458003.ppt
 
Whitepaper: Network Virtualization - Happiest Minds
Whitepaper: Network Virtualization - Happiest MindsWhitepaper: Network Virtualization - Happiest Minds
Whitepaper: Network Virtualization - Happiest Minds
 
How Network Instruments can help you!
How Network Instruments can help you!How Network Instruments can help you!
How Network Instruments can help you!
 
09e4150ead3fa7505a000000
09e4150ead3fa7505a00000009e4150ead3fa7505a000000
09e4150ead3fa7505a000000
 
Sdn whitepaper
Sdn whitepaperSdn whitepaper
Sdn whitepaper
 
Cloud security
Cloud securityCloud security
Cloud security
 

More from AlgoSec

compliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarcompliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarAlgoSec
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinarAlgoSec
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...AlgoSec
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinarAlgoSec
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.AlgoSec
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomwareAlgoSec
 
Cloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsCloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsAlgoSec
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to executionAlgoSec
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarBuild and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarAlgoSec
 
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...AlgoSec
 
2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...AlgoSec
 
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...AlgoSec
 
2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solutionAlgoSec
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar finalAlgoSec
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarAlgoSec
 
More Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management SuiteMore Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management SuiteAlgoSec
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation finalAlgoSec
 
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentManaging Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentAlgoSec
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
Selecting the right security policy management solution for your organization
Selecting the right security policy management solution for your organizationSelecting the right security policy management solution for your organization
Selecting the right security policy management solution for your organizationAlgoSec
 

More from AlgoSec (20)

compliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarcompliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinar
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinar
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware
 
Cloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsCloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrations
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to execution
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarBuild and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinar
 
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
 
2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...
 
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
 
2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
 
More Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management SuiteMore Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management Suite
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final
 
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentManaging Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
 
Selecting the right security policy management solution for your organization
Selecting the right security policy management solution for your organizationSelecting the right security policy management solution for your organization
Selecting the right security policy management solution for your organization
 

Recently uploaded

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

Migrating and Managing Security Policies in a Segmented Data Center

  • 1. MIGRATING & MANAGING SECURITY POLICIES IN A SEGMENTED DATA CENTER AVISHAI WOOL, CTO
  • 2. TOPICS COVERED Defining and enforce security policies for East-West traffic Managing micro-segmented data center alongside traditional devices 01 02 03 Migrating applications to a micro-segmented data center Identify risk and manage compliance04 Q&A and Summary05 2
  • 4. LEGACY DATA CENTER ARCHITECTURE Users Servers Outside World, Business partners, Perimeter Firewall East-West traffic North-South traffic 4
  • 5. WHY THIS IS RISKY • No filtering capabilities controlling east-west traffic • Allows unrestricted traffic: • Between internal users’ desktops/laptops and servers • Between servers in different segments • Once attackers gain a foothold – free lateral movement 5
  • 6. SEGMENTED DATA CENTER ARCHITECTURE Users Zone Server Zone 2 Outside World, Business partners, Perimeter FirewallServer Zone 1 6
  • 7. SEGMENTED = MORE SECURE • Introduce filtering choke-points between zones • Allows control of east-west traffic • Lets organizations restrict lateral movement between zones • How can we make this a reality? 7
  • 8. Which Platform Do You Use To Manage Your Private Cloud / Virtualized Data Center? • Vmware NSX • Cisco ACI • Microsoft Hyper-V • Other • We Don't Have A Virtualized Data Center POLL Please vote using the “votes from audience” tab in your BrightTALK panel 8
  • 10. CHALLENGE #1: INTRODUCING CHOKE POINTS • In the traditional data center: a major effort • Hardware, cabling, reconfigure switching and routing • In a virtualized, software-defined, data center: • Built-in firewalls as part of the infrastructure • No extra hardware needed • Software-Defined Networking ✓ 10
  • 11. CHALLENGE #2: ZONING • How many zones to define? • Which subnets should reside in each zone? 11
  • 12. A ZONING TRADE-OFF • Traffic inside each zone remains unrestricted • For better security, define many small zones • “Micro-segmentation” • But: need policy (rules) between every pair of zones • “Allow service X from zone 1 to zone 2” • N zones ==> N*N traffic directions • For better manageability, define a few large zones 12
  • 13. CHALLENGE #3: FILTERING POLICY BETWEEN ZONES • Traffic inside each zone is unfiltered: allowed • … traffic between zones must be explicitly allowed by policy • Goal: write policy to allow legitimate zone-crossing traffic • Challenge: discover and characterize this traffic • Did you know: VMware NSX’s default policy is “allow all” • Works around the challenge • … But is completely insecure ✓ 13
  • 15. THE BUSINESS-APPLICATION PERSPECTIVE • East-West traffic is generated by business applications • Each business application has: • Servers supporting it • Clients accessing it • Business application connectivity requirements: • Server-to-server traffic flows • Client-to-server traffic flows 15
  • 16. SEGMENTATION FOR BUSINESS APPLICATIONS • Human-accessible systems: in a separate zone from servers: • Desktops / Laptops / Smartphones • Servers belonging to an application, that communicate with each other: • in same zone • Infrastructure servers, that support multiple applications: • in a dedicated zone 16
  • 17. PLANNING NETWORK SEGMENTATION: BLUEPRINT • Discover business applications’ connectivity requirements • Select number of zones, and their characterization • Based on applications’ flows, assign subnets to zones • Write filtering policy (rules) allowing zone-crossing flows • Avoid breaking business applications’ connectivity 17
  • 19. IS YOUR ORGANIZATION WELL-DISCIPLINED? If: • All applications are documented • Applications’ connectivity requirements are documented • Documentation is machine readable Then “discovery” is easy! • What if documentation is missing / outdated ? ✓ ✓ ✓ 19
  • 21. DISCOVERY RESULTS: ANALYTICS ON SNIFFED TRAFFIC 21 21
  • 22. ZONE-CROSSING TRAFFIC: HIGH LEVEL POLICY 22
  • 23. DOCUMENT: THE CONNECTIVITY MATRIX Allowed traffic between every pair of zones 23 23
  • 24. ZOOM IN: FROM/TO THE PEER DMZ 24
  • 27. 27 27
  • 28. 28 28
  • 29. 29
  • 30. 30
  • 31. 31
  • 33. 33
  • 34. 34
  • 36. 36
  • 37. 37 37
  • 38. MAINTENANCE OF THE SEGMENTATION 38
  • 39. MAINTENANCE OF THE SEGMENTATION • Zoning remains stable over time • … but application connectivity requirements evolve • … so filtering policies need to change over time • Need application-aware and segmentation-aware change management processes • Need visibility that filtering policies comply with zoning 39
  • 40. 40
  • 42. 42 42
  • 44. NORTH-SOUTH TRAFFIC • Hybrid network: • Software-defined data center • traditional networking outside data center • Application connectivity is also north-south • Goal: Single change workflow for all filtering technologies 44
  • 45. • Identical for North-South and East-West • Indifferent to network technology • Abstracts away filtering device details 45
  • 46. • Outside data center (traditional) 46
  • 47. • Inside data center (virtualized) 47
  • 48. 48
  • 49. • AlgoSec Standard risks + • User-defined risks + • Connectivity spreadsheet violations • What-if risk check, before changes are implemented 49
  • 50. What are your plans for filtering east-west traffic? • Already implemented • Planning to implement over the next 6 months • Planning to implement over the next 6-12 months • No plans POLL Please vote using the “votes from audience” tab in your BrightTALK panel 50
  • 51. SUMMARY Plan • Discover business applications’ connectivity requirements • Design zoning, write policy for zone-crossing flows • Document in connectivity matrix Maintain • Visibility, automated comparison to connectivity matrix • Segmentation-aware change process 51
  • 53. THANK YOU! Questions can be emailed to marketing@algosec.Com