Intent- Based Networking: Turning Intentions into Reality with Network Security Policy Management

Edy Almer
Geust

The next big thing in networking, intent-based networking, enables users to define what they want and, like magic, their intentions are automatically translated into the desired network environment, including its policies.

Well, it’s not magic, and this next big thing is already here. In this new technical webinar, Edy Almer, AlgoSec’s VP of products explains how AlgoSec’s network security policy management solution delivers on the promise of Intent-based networking to enable faster application delivery to market – without compromising on security or compliance.

In this webinar, Edy will explain how:

Relevant Resources
2020 vision predictions for the year ahead in network security

2020 vision predictions for the year ahead in network security

Professor Avishai Wool, AlgoSec CTO, forecasts the critical security issues enterprises will face over the next year   It’s that time of year again – time to look forward to 2020 and consider our predictions for what we will see in network security. What do we think the next 12 months are going to look like? What are the challenges, and opportunities, for organizations in the coming year?  Managing misconceptions Let’s begin by discussing the volume of breaches due to misconfigurations that we saw throughout 2019, such as the incident which impacted Capital One. These are usually caused by simple human error, leaving a security gap that is exploited by actors from outside the organization. Humans are not getting more efficient in avoiding mistakes, so I expect breaches due to misconfiguration to be an ongoing challenge in 2020 as well. At the same time, the technology environment that the network security staff is working within is getting ever more complex. There are more network points to secure – both on-premise and in public or private clouds – and therefore a much larger attack surface. The situation is getting worse – as highlighted in our survey this year, which showed that two-thirds of respondents use multiple clouds, with 35% using three or more cloud vendors, and over half operating hybrid environments. The only solution to this growing complexity is network security automation. Humans need tools to help them set network configuration more accurately and more efficiently. The demand for security automation is only going to increase in 2020 and beyond. Compliance complexity Achieving and maintaining regulatory compliance has long been a major challenge for networking staff, and as networks become more complex it is only getting harder. In recent years, we have seen a raft of new compliance frameworks introduced across multiple verticals and geographical regions. Regulators worldwide are flexing their muscles. The crucial point to understand is that new regulations typically don’t replace existing regimes – rather, they add to what is already in place. The list of regulatory demands facing organizations is getting longer and achieving and demonstrating compliance is becoming an ever-larger commitment for organizations.  Once again, the only solution is more automation: Being in “continuous compliance”, with automatic creation of audit-ready reports for all the relevant regulations, delivers both the time and resource savings that organizations need in order to meet their compliance demands. The turn to intent-based network security What do I mean by intent-based network security? It is ultimately about asking a simple question – why is this security control configured the way it is? Understanding the intent behind individual network security rules is crucial for a wide range of network maintenance and management tasks, from responding to data breaches to undertaking network cleanups, from working through vulnerability reports to dealing with planned or unplanned downtime. In every scenario, you need to understand why the security setting is the way it is, and who to notify if something has gone wrong or if you want to amend or remove the rule. And the answer is always that a particular business application needed connectivity from point A to point B. The organization “just” needs to find out which application that was – and that’s 95% of the intent. The trouble is that organizations were not diligent enough about recording this intent for a long time. The result has been a huge number of undocumented rules, whose intent is unclear. In other words, organizations are in a brownfield situation; they have too many rules, and not enough information about their intent. The change we will see in 2020 is more and more deployment of technologies that allow a retrospective understanding of the intent behind security rules, all based on the traffic observed on the network. By listening to this traffic and applying algorithms, these new technologies can reverse-engineer and ultimately identify, and document, the original intent. Embracing automation Public cloud vendors are providing more and more security features and controls, and this trend looks set to continue, with more security controls becoming available as part of their core offerings. This is a good thing. The more controls available, the more secure organizations can be – if they take advantage of the additional capabilities. But this doesn’t mean less work for IT and security teams. They need to take ownership of these new capabilities, and to configure and manage them properly – and this takes us straight back to the misconfiguration issue I outlined earlier. In conclusion, if I had to distill my predictions for network security in 2020 into a single point, it would be the need to embrace more automation across all security and compliance-related processes. This is at the core of enabling organizations to manage the ever-growing complexity of their networks and responding to the constantly evolving threat landscape. Watch the 9-minute 2020-predictions CouchTalk discussion here.

business application visibility

Security policy management & application visibility tool

The case for network security policy management (NSPM) is being adopted by tens of thousands of enterprises. There is a clear trend of investment in this technology. But is there more that enterprises can do to protect their networks and datacenters against security threats? Can increased visibility into business-application usage help to identify additional security holes that threaten the security, agility or compliance posture?

CSA-Cloud-security

Hybrid & multi-cloud Security challenges

Cloud computing provides improved security, agility, and flexibility. However, integrating this new service into legacy IT environments comes with some great concerns. In a recent survey conducted by the Cloud Security Alliance (CSA) and AlgoSec, security, data loss and compliance were identified as the top 3 concerns when moving to the cloud.

AlgoSec Corporate Overview

AlgoSec Corporate Overview

An overview of AlgoSec's vision, solution, customers, partners, corporate values and achievements.