A voyage of (application) discovery

Discovering and mapping the network flows that support business applications is critical to securing and managing them.  Here’s how to automate this traditionally complex, time-consuming process

Discovery & mapping of network flows

“We were now about to penetrate a country at least 2,000 miles in width, on which the foot of civilized man had never trod,” wrote Meriwether Lewis and William Clark in their journal at the start of their journey across America in 1803.  It’s a sentiment that many IT and security teams will recognize when they’re asked to make changes to key business applications on their hybrid enterprise networks.

Before embarking on any voyage of application change – such as provisioning new connectivity or migrating resources to cloud environments – teams first need to visualize and understand the network flows that those applications rely on, so that they know how to reconnect everything and ensure the application works after the change has been made.  This sounds easy, but it’s extremely hard to do in today’s complex hybrid environments. 

Just as Lewis and Clark found when crossing America, in many enterprise networks there is often no map showing exactly what’s in the overall landscape, and where everything is.  This lack of up-to-date documentation about network devices and policies makes any change process extremely time-consuming and error-prone, as teams attempt to understand the required changes, and then painstakingly modify every firewall rule, router ACL and cloud security group manually to support that change. 

Just how time-consuming is this process?  In our experience, a knowledgeable IT analyst can manually map around one business application per day, or five per week, depending on the number of network flows in the application, and the complexity.  However, just one single mistake in the mapping process or when implementing the changes can cause outages, compliance violations and create holes in the company’s security defenses.

Our recent survey conducted with the Cloud Security Association highlighted this problem, as IT security teams stated their biggest challenges were an inability to proactively detect misconfigurations and security risks, closely followed by a lack of visibility into the entire cloud estate.  Further, the two leading causes of network or application outages were operational or human errors in managing devices, and device configuration changes.

Automation matters for discovery

The most effective way to combat these challenges, accelerate change processes and eliminate errors is with an automated network security management solution. AlgoSec automatically discovers, identifies and maps all business applications, and gives in-depth visibility of the network connectivity flows that support each application. This then provides all the information you need on the devices and associated rules supporting each connectivity flow.

Without any prior data entry or manual configuration, AlgoSec’s solution provides full visibility of your network security environment, including firewalls and the firewall rules that control and secure network traffic. This information gives your security, networking and application experts a deep understanding of the implications of any planned changes to application connectivity, and how to configure the firewalls and cloud security controls appropriately.

Then, you can use AlgoSec to navigate through change processes, automatically generating the hundreds of security policy change requests that are needed across both on-premise firewalls and cloud security controls. This dramatically simplifies a process that is extremely complex, drawn-out and risky if attempted manually.

After the changes have been made, the automation solution should be used to provide unified security policy management for the entire enterprise environment. It can reveal whether an application outage is due to issues with the network. If, for example, an employee opens a support ticket when it’s not possible to connect to the CRM application, the ticket will usually go to the network team first to determine if the problem is network related. AlgoSec’s automated solution can immediately reveal whether this is the case:  if so, it can be dealt with easily, and if not, it can be escalated to the right department first time round, saving time and resources.

Put simply, automation makes the process of application discovery and network mapping both fast and pain-free, by eliminating arduous, time-sapping, error-prone manual processes.  What’s more, we will soon be announcing key new features in the AlgoSec solution that will further accelerate and extend both application and network visualization capabilities, delivering even more benefits to organizations – stay tuned for more details.