Securely Managing Application Connectivity – Best Practices

Yoni Geva
Product Manager

New business applications are added, changed or removed every day, forcing implementation of complex, time-consuming network security changes. Migrating business applications to the cloud adds additional complexities, such as understanding the network connectivity of each application prior to deployment, provisioning the relevant firewalls and routers in the cloud, and then migrating and adjusting existing network connectivity to support them.

In this webinar, Yoni Geva, Product Manager at AlgoSec will present:

Relevant Resources
algosec appviz

AlgoSec AppViz - Application visibility for AlgoSec Firewall Analyzer

Firewall analyzer

AlgoSec Firewall Analyzer- See the whole picture

Discover, identify, and map business applications and security policies – anywhere. With the industry’s app-centric perspective, you can now gain clear visibility into the security policies and the business applications that run your business — across your hybrid network. AlgoSec Firewall Analyzer enables you to stay on top of your security posture with continuous analysis and detection of risk and compliance gaps, allowing you to adapt quickly before an attack happens.  

The Need for Application-Centric Security Policy Management

The Need for Application-Centric Security Policy Management

In today's interconnected environment, no large organization can run without the applications that run both its internal operations (email, HR, Finance etc.) as well as its customer- and partner-facing operations (E.g. Online banking if you’re a bank, or E-Commerce if you are an online retailer). The challenge is that much like complexity that we've seen with network security, application development has also seen a dramatic rise in complexity. Think about the following: The sheer volume of applications being run in large organizations is typically in the hundreds if not thousands New applications are regularly being introduced to the network or decommissioned Changes to existing applications occur at a frenetic pace Complex connectivity requirements involve multiple parties, such as application owners, network operations and firewall administrators with pertinent information siloed off in different corners of the business With everyone hopefully understanding the challenge of managing the volume of applications and the pace and volume of changes involved, let's dig into the complexity around application connectivity requirements. In order to operate, applications require complex connectivity between different components, and often even 3rd party sites. And in order to make these connections, you have to  “poke holes” in firewalls and related security infrastructure. But with so many firewalls and rules, most security administrators have no visibility into what each application requires –resulting in overly permissive security policies, which also include many rules for decommissioned applications that nobody dares to remove. As more applications are brought onboard and as connectivity requirements continue to increase in complexity, here are some tips to improve application-centric security management: Document applications and their connectivity needs - This can be done in CMDBs, excel sheets or other solutions as long as they can be maintained. Map firewall rules to applications – Whether you use comment fields, or more sophisticated automated tools, having this visibility will allow you to ensure the required application connectivity and only the required connectivity, is in fact enabled by the security policy. Think in application terms when it comes to change management – Let's face it, most firewall changes are driven by applications (Isn’t that why you really want to allow “Service X” between two IP addresses?). Make sure you can associate all changes related to each application, so they can be removed when the application is decommissioned. And now a word from our sponsor.... Consider adding another arrow to your application security quiver – A new category of tools is emerging for application-centric security policy management. We are at the forefront of this movement with our announcement of BusinessFlow (part of the AlgoSec Security Management Suite), which allows translates application connectivity requests from application terms into required rule changes, and provides the necessary visibility and understanding of the impact of security policy changes on application availability and vice-versa. With a solution like BusinessFlow, security policy management for business applications can now be centralized and automated throughout their entire lifecycle, from deployment to ongoing maintenance and decommissioning. Beyond the above tips, organizations should consider breaking down the invisible walls that typically prevent the different stakeholders (application owners, security admins, network operations) from effectively communicating with each other. By doing so, you may just end up with more efficient operations and better security.

A 3 Layered Approach to Application Migration

A 3 Layered Approach to Application Migration

There are many processes involved in migrating applications to the cloud, however network security is often neglected. When this happens, applications are deployed in the cloud with inadequate security and compliance measures in place, or conversely the security team steps in and halts the migration process. This white paper presents a structural approach for bridging this network security gap before and during the process of migrating applications, that gives security team the essential groundwork needed to prepare for a secure migration process to the cloud.