What's New in ASMS A32.60

Release date: September 2023

We are excited to present AlgoSec ASMS A32.60, packed with new features and improvements to empower your network security management. We're dedicated to delivering a robust and user-friendly security management solution, and these enhancements provide you with greater control, visibility, and efficiency.

Here are the outstanding highlights of this latest release:

Azure Firewall visibility & automation in ASMS: Now you can benefit from combined visibility for Azure estate & Azure FW in CloudFlow with TSQ and Map support in ASMS. Automation includes Azure firewalls in path and validation.
SD-WAN Support | Versa Networks Visibility: Seamlessly integrate Versa Networks SD-WAN into your network ecosystem with routing and topology including VPN, providing increased coverage for the network map integration.
Palo Alto Prisma Access | Extend your security management to mobile users: Extend your security management to mobile users accessing your network via Palo Alto Prisma Access.

Cisco ACI Enhancements | ESG support: Now ASMS brings enhanced capabilities to efficiently manage and secure Endpoint Security Groups (ESGs) from within the Cisco ACI framework.
Enhancements to Next Generation Firewalls: Benefit from automation support for FQDN objects, enabling streamlined policy management.
New and Updated Compliance Reports: Stay compliant with ease through new and updated compliance reports. The ISO/IEC 27001 compliance report has been updated to the new 2022 standard and we’ve added the ECB (European Central Bank) report for the security of internet payments.
Additional APIs, UX, and Performance Improvements: We've enhanced ASMS with intuitive interfaces and streamlined workflows. You'll also benefit from additional APIs for expanded integrations, along with overall performance improvements to ensure a smooth management experience.

Security Estate Visibility

AFA Interface enhancements

Improved Traffic Simulation Query entry form to run new or saved queries. See Run traffic simulation queries.

Improved look of the Changes Summary Report and Policy Optimization Summary of all Firewalls.
Enhanced scalability for Covered Rules Report:
- We now provide more customized viewing and search capabilities.
- New pagination further enhances the manageability of large data sets. Improves the loading times and responsiveness of the report.
- Also, you can now both disable and remove covered rules (opening a change request in FireFlow directly from the report).

New and updated Regulatory Compliance reports

Added new ECB (European Central Bank) Compliance report for the security of internet payments.
We've updated ISO/IEC 27001 compliance report to the new 2022 standard.
Now PCI-DSS 4.0 is activated by default.

See REGULATORY COMPLIANCE page.

Enterprise Grade

New APIs in A32.60

Firewall Analyzer	FireFlow	AppViz (SaaS-based)
Get network objects by device Export covered rules to CSV Retrieve a mapping between FQDNs and network objects Retrieve Network Objects Containing All FQDNs Get a list of Network Objects Tighten permissive rules APIs EA to GA: Get routing information Get NAT rules	Search firewall changes Mark firewall changes as "No Match" Match Firewall Change with Change Request	Async APIs: Update flows of an application Retrieve flow connectivity status List application flows by revision ID Create change request for blocked connectivity Create flows in an application Trigger connectivity check List network services List vulnerabilities of a network object EA List vulnerabilities of an application EA Create a change request for draft EA Request network objects with vulnerabilities EA

Firewall Analyzer

FireFlow

AppViz (SaaS-based)

APIs EA to GA:

Async APIs:

ASMS deployment over Azure | support for Remote Agents and Load Units

ASMS Central Managers deployed in Azure now support load units and connectivity to remote agents deployed on-prem. We've added support for Remote Agents and Load Units in deployments of ASMS over Azure.

Devices & Orchestration

FireFlow support for FQDN objects

We now support use & creation of FQDNs in FireFlow.

When creating a sub-change request for a specific device (in Work Order and Validation phases) we support FQDNs in the source or destination for: Panorama, Checkpoint R-80 and above, and FortiManager. For other brands, FQDN address will be translated to IP addresses.

Azure Firewall | hybrid solution

TSQ and Map: Now you can benefit from combined visibility for Azure estate & Azure FW in CloudFlow with TSQ and Map support in ASMS. We've also added links from ASMS right to your Azure subscription in CloudFlow.
Automation in FireFlow: Automation includes Azure firewalls in path and validation.

PAN Prisma Access | Extend your security management to mobile users

ASMS Early Availability support for Palo Alto Networks Prisma Access devices now includes support for Mobile users.

PAN Panorama | EDLs (External Dynamic Lists) in policy destinations

ASMS Early Availability support for Palo Alto Networks Panorama now includes EDLs (External Dynamic Lists) in policy destinations. See PAN Panorama | EDLs (External Dynamic Lists) in policy destinations .

FortiGate FortiManager | Support for users and user groups

AlgoSec now offers visibility for the users /user groups section for FortiManager devices including support for TSQ, policy optimization, and automation.

Cisco ACI | ESG support

Now ASMS brings enhanced capabilities to efficiently manage and secure Endpoint Security Groups (ESGs) from within the Cisco ACI framework. Support includes TSQ, risk analysis, policy optimization and automation for ESG contracts. See Cisco Application Centric Infrastructure (ACI) devices in AFA.

SD-WAN Support | Versa Networks Visibility

ASMS now supports Versa Networks SD-WAN devices routing and topology (including VPN tunnels), providing increased coverage for the network map integration. See Add Versa Networks devices.

Check Point data collection is refactored

We've updated our data collection capabilities from Check Point devices. We are now transitioning to a more REST-based approach for data collection, offering improved efficiency and the ability to select ActiveChange using SSH + REST as well as from OPSEC + REST.

Application Connectivity

AppViz enhancements

Navigate between SaaS-based AppViz and FireFlow: Benefit from a more integrated experience, allowing you to seamlessly navigate between SaaS-based AppViz and FireFlow. You now can quickly move between FireFlow change requests and AppViz changed flows without the need for manual searches or complicated navigation.
- Simply click from AppViz Change Requests tab to instantly navigate to FireFlow and view the relevant ticket associated with the change request.
- Clicking Application Information (AppViz) button in FireFlow will take you to AppViz so you can drill down into the selected change request.

Improved stability & performance
Intelligent flow detection: ASMS now detects when flows are utilized in other applications. If you attempt to remove a flow from the current application, AppViz will promptly notify you if the flow is being used elsewhere. This prevents accidental removal of critical components and ensures the integrity of your workflows. Additionally, flows identified as being used in other applications will be excluded from the change request, providing better visibility and control.

See View individual change requests and Network object change requests.