Enterprises are continuously evolving their networks to support new applications, enable business transformation initiatives such as cloud and SDN, and to fend off new and more sophisticated cyber-attacks on a daily basis. But security and network staff are struggling to keep up – which not only impacts on business agility, but exposes enterprises to risk and hampers their ability to address the modern threat landscape.
You may believe that you need the latest and greatest new tools to address these challenges. But what if you already have what you need, up and running in your organization: your security policy management solution?
Here are five ways in which an effective security policy management solution can help you to better manage your overall security posture, reduce risk, and respond faster to incidents, while maximizing agility and ensuring compliance across your ever-changing, heterogeneous networks. Let’s take a look at each in turn.
Security policy orchestration, the process of handling a policy change across two or more devices, is already a familiar concept to most IT security teams. The next evolution of this process – which enterprises need to embrace to keep up with today’s dynamic network environments – is end-to-end policy management, whereby the change request is defined and executed as a complete process.
There are four stages involved in end-to-end change management. In the first stage the solution will automatically discover all the devices on the network to which the change request will apply. Crucially, your security policy management solution but be vendor agnostic, so that whether you are working with on-premise or next generation firewalls, cloud environments such as Microsoft Azure, Amazon Web Services, Cisco ACI or VMWare NSX, or a combination of these, the solution can still identify all the devices relevant to the request.
In the second stage, the solution must assess the risk of the change, running ‘what if’ analysis scenarios to help the security team decide on whether the change will introduce any potential vulnerabilities or compliance risks.
The third stage is actually writing and implementing the change request. This means the solution will provide recommendations for security policy changes for every relevant device, such as adding or removing a rule, or editing an existing rule. Each change needs to be written using the appropriate terminology and parameters of each device. Once defined, the change can be automatically implemented on the device with the click of a button.
Finally, there is a validation process, whereby the solution automatically checks that the change request was implemented properly. There are two elements to this – ensuring traffic is now allowed, and ensuring the implementation was accurate. And that’s it – end-to-end change management in minutes, across on premise, public cloud and private cloud environments.
The end-to-end change management process described above allows network security engineers to step in and edit various points in the process and perform risk analysis, should they wish to. What’s even more valuable, from a business process perspective, is being able to automate the entire process without stopping –running the security policy change with zero-touch!
To achieve this, the security policy management solution takes each step in the change workflow – each of which is automated in a zero-touch manner – and wraps them individually with conditionals. So for example, once a change request is defined and the solution identifies all the relevant firewall rules that need to be changed, an automated check is made to ensure they are correct for the change request. If all is correct, the automated process moves onto the next step with no need for intervention. If however, a problem is discovered during the check – perhaps an unusual number of firewalls has been identified, or none at all — then the process is paused and the system raises a flag for an human to intervene. Similarly, the automated process checks for compliance risks, moving to the next step only if no risks are detected; if risks are detected, the process is paused.
The net result is a far more efficient and secure change processes, as well as team – giving organizations the agility and speed of zero-touch, combined with zero loss of control, powered by the security policy management solution.
Not all cybers-ecurity incidents merit immediate mitigation: in some cases, the remedial work involved in resolving the incident (such as shutting down a server) may have a greater negative impact on the business than the attack itself.
Your security policy management solution should be able to connect data regarding a security incident to the actual, real-life, business processes or critical applications that the incident may impact on. This enriches the technical detail of the incident with the context of the business applications it affects, so that information such as ‘this server is affected by this piece of malware’ becomes ‘this server is part of our European ecommerce system, connected to these core payment applications, and if we shut it down we will not be able to process payments from European customers.’
With the extra insight provided by tying incidents to business processes, security teams can quickly assess the security risks versus the operational risks, and make the smartest incident response decisions from the business perspective.
In a similar vein, your security policy management solution can also tie vulnerabilities to their impact on the business. Network vulnerability scanners can generate thousands of results, and security engineers are responsible for prioritizing these and remediating them in order. Usually that prioritization is based on how the scanner solution rates the severity of the vulnerabilities.
However, a far better approach is to assess vulnerabilities based on their business impact – and this means presenting them in the context of business applications. For example, payroll will typically be considered a medium risk application – not essential to day-to-day operations, but certainly not something that can sit unpatched for weeks. Your security policy management solution should be able to present a high-level view of vulnerabilities together with the the business-critical nature of the applications that are associated with them. It’s then far easier for security teams to decide which vulnerabilities should be prioritized for fixing.
Most enterprises have a mix of firewalls deployed on their networks, from traditional to next-generation gateways, to cloud security controls. This makes managing the firewall estate extremely complex.
This is because each evolution of the firewall works and communicates in slightly different languages making it increasingly difficult for IT teams to implement consistent security across all areas of the network and ensure traffic between business critical applications is not affected. There is no standard set of syntax and semantics across all providers. However in order to consistently apply security policies and rules across an entire network, there needs to be a common language so that every firewall within the security arsenal is understands the rules of the organization.
Your security policy management solution can address this, abstracting and homogenizing your mixed firewall estate, enabling automatic translations of rules and syntax across the environment. This enables all firewalls to work together cohesively, allowing network traffic to move securely between your on-premise networks and private or public clouds, and ensuring rules and policies are applied consistently across all devices.
So as you can see, the right security policy management solution can do much more than simply automate the implementation of your security policies: it can make help align security with your business and make your organization more agile, more secure and more compliant.
If you want to hear more, check out my recent webinar.
Receive notifications of new posts by email.