The case for network security policy management (NSPM) is being adopted by tens of thousands of enterprises. There is a clear trend of investment in this technology.
But is there more that enterprises can do to protect their networks and datacenters against security threats? Can increased visibility into business-application usage help to identify additional security holes that threaten the security, agility or compliance posture?
Executive summary
The case for network security policy management is understood and accepted, and there is a clear trend of enterprises investing in this technology. However, is there more that enterprises can do to protect their networks and datacenters against security threats? Can increased visibility into business application usage help to identify additional security holes that can threaten the organization’s security, agility or compliance posture?
This whitepaper examines the case for taking an application-centric approach to security policy management, to achieve and maintain a more secure network environment.
The current situation
The current setup in most organizations is an IT department comprised of different teams including networking, security, operations and others, each of whom are focused on their specific roles in addition to ensuring that all systems run smoothly.
On any given day, new business applications are added, changed or removed, requiring the implementation of complex, time-consuming network security changes. Furthermore, the current trend towards migrating business applications to the cloud brings its own trials and tribulations, including understanding the network connectivity of the said applications prior to deployment, provisioning the relevant firewalls and routers in the cloud, and then migrating and adjusting existing network connectivity to support them.
Moreover, for each business application to run smoothly, all teams within IT need to collaborate, align and communicate their needs in a common language, and one way to achieve this is to take the application-centric approach to security policy management.
An application-centric approach manages security policies from the perspective of the business applications that they support, in addition to the networking attributes used to enforce them.
The AlgoSec security policy management solution
The AlgoSec Security Policy Management Solution is the leading provider of business-driven security management solutions, helping the world’s enterprise organizations to become more agile, secure and compliant. Comprised of a suite of three fully integrated products; AlgoSec Firewall Analyzer, AlgoSec FireFlow and AlgoSec Cloud, the AlgoSec Security Policy Management Solution provides holistic, business-level visibility through a single pane of glass, across the entire network infrastructure.
With AlgoSec, users can automatically discover and migrate application connectivity flows, proactively analyze risk, tie cyberattacks and vulnerabilities to business processes and intelligently automate time- consuming security changes through easy-to-use workflows— all with zero-touch, and seamlessly orchestrated across the enterprise’s cloud, SDN and on-premise network.
AlgoSec Firewall Analyzer delivers visibility and analysis of complex network security policies across on-premise and cloud networks, enabling optimization in configuring firewall routers web proxies and related network infrastructure, and ensuring security and compliance.
AlgoSec AppViz is an add-on for AlgoSec Firewall Analyzer, providing visibility into network applications and connecting security policy rules to their associated applications.
AlgoSec FireFlow facilitates automated security policy changes, saving time, avoiding manual errors and reducing risk. With FireFlow users can process firewall changes with zero-touch, assess the impact of network changes to ensure security and continuous compliance, automate rule recertification processes, and automatically document the entire change management lifecycle.
AlgoSec AppChange is an add-on for AlgoSec FireFlow, providing application-centric change management, so changes can be made at the application level.
AlgoSec Cloud proves a single platform to manage your public cloud, SDN, and on-premises network. It offers complete hybrid network security policy management with a single, unified platform.
The AlgoSec Security Policy Management Solution
The case for deploying AlgoSec AppViz and AppChange with AlgoSec Firewall Analyzer
When getting started with a network security policy management solution such as AlgoSec, customers are often faced with the dilemma of deciding how and when to deploy the different functionality. Their decision will be based on several factors including their perceived need, budget and work methodology.
Many customers prefer to take a cautious approach, and start with AlgoSec Firewall Analyzer to gain insight into their complex network security policies. As a result, they may not realize the benefits derived from deploying AlgoSec AppViz and AppChange at the same time.
The case for deploying AlgoSec AppViz and AppChange together with AlgoSec Firewall Analyzer is great. Through this deployment approach, all business applications are discovered, identified and mapped, providing visibility of the network connectivity flows associated with each business application, which in turn provides critical security information regarding the firewalls and firewall rules supporting each connectivity flow.
This deployment combination takes up to 4 weeks1, and customers can begin to enjoy the benefits almost immediately, including:
Application-centric visibility: Full visibility of network security including application network connectivity flows, firewalls and the firewall rules that determine network traffic. This facilitates a deep understanding of the implications of any planned changes to application connectivity and how to configure the firewalls in line with these changes.
Another benefit of application-centric visibility is that it enables organizations to identify unknown or unused applications on their network. Statistics show that on average, 25% of business applications running in any organization are either unknown or shelfware. This lack of visibility can lead to security holes because network connectivity paths are left unmonitored.
Enhance compliance: Having full knowledge of all business applications aids the company in their adherence to different compliance requirements. For example, PCI-DSS requires customers to audit all the applications that fall within the scope of the regulation. This information is easy to determine through application network connectivity mapping.
Accurate planning: When planning a migration to the cloud or another data center, it is critical to understand the application’s existing connectivity flows prior to migration, so that they can then be accurately adjusted to the new network architecture. This is especially critical if the migration is to a cloud platform.
Accelerate troubleshooting: Application network connectivity mapping can reveal whether an application outage is due to issues with the network. For example, an employee opens a support ticket when he’s not able to connect to the CRM application. Typically, the ticket will first go to the network team to determine if the problem is network related. Using the application-centric approach with its associated mapping, it is immediately clear whether the issue is network-related. If it is, it can be easily dealt with. If not, it can be sent to the appropriate department, without wasting time and resources.
Impact analysis: Application network connectivity mapping provides a clear picture of the impact on business applications, of any planned changes to the network. This can include firewall changes, or other changes that may cause network downtime. Mapping will enable the implications of the changes to be fully understood and consequently, downtime, for example, can be scheduled for when it will have minimum impact on customers, partners, or employees, i.e. not during office hours.
Assess and prioritize vulnerabilities: Viewing network vulnerabilities from a business application perspective enables organizations to immediately assess their impact on the business and prioritize remediation efforts based on business and security priorities.
Collaborative teamwork: Speaking in “business application terms” will help to bridge the gaps between the IT teams and the application delivery teams, and enable application, security, networking, risk and cloud experts to collaborate using the same language.
Summary
The three products that make up the AlgoSec network security policy management suite; AlgoSec Firewall Analyzer, AlgoSec FireFlow and AlgoSec Cloud are integral and critical components of a comprehensive network security policy management solution. While the greatest benefit is derived from deploying all three products from the outset, some customers may prefer to take a staggered approach to deploying them, based on their immediate needs, budget and work methodology.
Many companies choose to focus initially on firewall policy analysis (using AlgoSec Firewall Analyzer) and then proceed to automating changes to their network policy (using AlgoSec FireFlow) and lastly, add the business application perspective (using AppViz and AppChange). This approach, while legitimate, does not allow customers to gain full visibility into their business applications and network connectivity flows, and this lack of network information leaves the network vulnerable and open to security holes.
An alternative approach, would be to deploy AlgoSec Firewall Analyzer and AlgoSec AppViz and AppChange together from the outset, to achieve maximum visibility of the network and its associated business applications. This approach enables the customer to seamlessly identify network security holes and vulnerabilities, plan and enable a seamless migration to the cloud, accelerate troubleshooting while simultaneously adhering to the highest compliance standards.
Click here to request a demo.
About AlgoSec
AlgoSec, a global cybersecurity leader, empowers organizations to securely accelerate application delivery by automating application connectivity and security policy, anywhere.
The AlgoSec platform enables the world’s most complex organizations to gain visibility, reduce risk and process changes at zero-touch across the hybrid network.
AlgoSec’s patented application-centric view of the hybrid network enables business owners, application owners, and information security professionals to talk the same language, so organizations can deliver business applications faster while achieving a heightened security posture.
Over 1,800 of the world’s leading organizations trust AlgoSec to help secure their most critical workloads across public cloud, private cloud, containers, and on-premises networks, while taking advantage of almost two decades of leadership in Network Security Policy Management.
See what securely accelerating your digital transformation, move-to-cloud, infrastructure modernization, or micro-segmentation initiatives looks like at www.algosec.com.
