Network Security Vision with Application Visibility | Live discussion and demo

Discover, identify, and map business applications and security policies – anywhere. With the industry’s app-centric perspective, you can now gain clear visibility into the security policies and the business applications that run your business — across your hybrid network. AlgoSec Firewall Analyzer enables you to stay on top of your security posture with continuous analysis and detection of risk and compliance gaps, allowing you to adapt quickly before an attack happens.  

In today's interconnected environment, no large organization can run without the applications that run both its internal operations (email, HR, Finance etc.) as well as its customer- and partner-facing operations (E.g. Online banking if you’re a bank, or E-Commerce if you are an online retailer). The challenge is that much like complexity that we've seen with network security, application development has also seen a dramatic rise in complexity. Think about the following: The sheer volume of applications being run in large organizations is typically in the hundreds if not thousands New applications are regularly being introduced to the network or decommissioned Changes to existing applications occur at a frenetic pace Complex connectivity requirements involve multiple parties, such as application owners, network operations and firewall administrators with pertinent information siloed off in different corners of the business With everyone hopefully understanding the challenge of managing the volume of applications and the pace and volume of changes involved, let's dig into the complexity around application connectivity requirements. In order to operate, applications require complex connectivity between different components, and often even 3rd party sites. And in order to make these connections, you have to  “poke holes” in firewalls and related security infrastructure. But with so many firewalls and rules, most security administrators have no visibility into what each application requires –resulting in overly permissive security policies, which also include many rules for decommissioned applications that nobody dares to remove. As more applications are brought onboard and as connectivity requirements continue to increase in complexity, here are some tips to improve application-centric security management: Document applications and their connectivity needs - This can be done in CMDBs, excel sheets or other solutions as long as they can be maintained. Map firewall rules to applications – Whether you use comment fields, or more sophisticated automated tools, having this visibility will allow you to ensure the required application connectivity and only the required connectivity, is in fact enabled by the security policy. Think in application terms when it comes to change management – Let's face it, most firewall changes are driven by applications (Isn’t that why you really want to allow “Service X” between two IP addresses?). Make sure you can associate all changes related to each application, so they can be removed when the application is decommissioned. And now a word from our sponsor.... Consider adding another arrow to your application security quiver – A new category of tools is emerging for application-centric security policy management. We are at the forefront of this movement with our announcement of BusinessFlow (part of the AlgoSec Security Management Suite), which allows translates application connectivity requests from application terms into required rule changes, and provides the necessary visibility and understanding of the impact of security policy changes on application availability and vice-versa. With a solution like BusinessFlow, security policy management for business applications can now be centralized and automated throughout their entire lifecycle, from deployment to ongoing maintenance and decommissioning. Beyond the above tips, organizations should consider breaking down the invisible walls that typically prevent the different stakeholders (application owners, security admins, network operations) from effectively communicating with each other. By doing so, you may just end up with more efficient operations and better security.

In my previous blogs I’ve looked at two of the myths that prevent organizations moving to an application-centric approach to security policy management.

The case for network security policy management (NSPM) is being adopted by tens of thousands of enterprises. There is a clear trend of investment in this technology. But is there more that enterprises can do to protect their networks and datacenters against security threats? Can increased visibility into business-application usage help to identify additional security holes that threaten the security, agility or compliance posture?

As part of your organization’s security policy management best practices, firewall rules need to be reviewed and recertified regularly to ensure security, compliance and optimal firewall performance. Firewall rules that are out of date, unused or unnecessary should be removed, as firewall bloat creates gaps in your security posture, causes compliance violations, and impacts firewall performance. In the past, firewall rule recertification was often performed manually; an error-prone and time-consuming process. The new application-centric approach to firewall recertification offers an efficient, effective and automated method of recertifying firewall rules.