AlgoBuzz Blog

Everything you ever wanted to know about security policy management, and much more.
Categories
Search

More results...

Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt
Filter by Custom Post Type
Posts

Risk Check – An Important Step Before Making a Firewall Change

Risk Management and Vulnerabilities Security Policy Management
by Aug 28, 2012

Last week, we posted some change control horror stories witnessed first-hand by AlgoSec guest blogger and infosecurity practitioner Matthew Pascucci in his 10+ years in the industry. While these horror stories are some worst case examples of what can go bad if you have a poor change management process (or if you disregard the process entirely), the point of these stories is that they were all preventable. Sound change management is something IT can control and it can serve two significant purposes: improving how the business can respond to changing requirements and preventing unnecessary misconfiguration risks.

In addition to automation, there are several “steps” that should be part of your change process that can make an effective and efficient firewall change management process a reality. Last week we posted a video highlighting AlgoSec FireFlow’s “Initial Planning” capability which improves operations by automatically identifying all devices impacted by a proposed change and also checking to make sure the needed firewall rules don’t already exist.

In this blog I’d like to briefly examine another important step to the change workflow that focuses on risk. Sometimes, changes are made without analyzing and fully thinking through the consequences. Which applications and connections may break because of the change? What new vulnerabilities will pop up in the security policy due to the change? The challenge is that performing this sort of assessment on every change is hard and can be time-consuming, hence why some have an unwritten policy of “if it ain’t broke, don’t fix it”. The trap here is that a hidden risk gives threats an easier opportunity to strike.

AlgoSec FireFlow can automate the step of analyzing each change for risk BEFORE it is implemented. This is an extremely important step in the change process because otherwise you do not have the necessary visibility to know if a change will create risk. And it’s better to understand the impact BEFORE you make the change and if necessary replan or reject the change.

Enjoy this two minute demo of the risk-check capability.

Subscribe to Blog

Receive notifications of new posts by email.

Our Bloggers

View all
Prof. Avishai Wool
101
Tsippi Dach
44
Asher Benbenisty
20
Kyle Wickert
20
Nitin Rajput
4
Malynnda Littky-Porath
4
Avivi Siman Tov
3
Ava Chawla
3
Adel Osta Dadan
3

Professor Wool Educational Videos

Best Practices for Amazon Web Services (AWS) Security

View all

Resources

The KuppingerCole Analyst Report

Hybrid Cloud Environments: The State of Security

See AlgoSec in Action

Network Security Policy Management Lifecycle

Learn how a lifecycle approach improves business agility, reduces risks, and lowers costs

Download

Latest Tweets

You currently have access to a subset of Twitter API v2 endpoints and limited v1.1 endpoints (e.g. media post, oauth) only. If you need access to this endpoint, you may need a different access level. You can learn more here: https://developer.twitter.com/en/portal/product

Archives

Posts