intelligent firewall management: the key ingredient for network consolidation success
Post on 15-Jan-2015
1.169 Views
Preview:
DESCRIPTION
TRANSCRIPT
Intelligent Firewall Management A Key Ingredient for Network
Consolidation Success
Michelle Johnson Cobb
VP Marketing
SANS Webcast
May 23, 2012
Skybox Security Overview
© 2012 Skybox Security
• Proven deployments in complex networks
• Financial Services, Government, Defense, Energy &
Utilities, Retail, Service Providers, Manufacturing, Tech
Global 2000 Customers
• 85% growth in 2011
• 300 customers in 32 countries
Accelerating Rapidly
2
• Automated Firewall Management
• Continuous Network Compliance and Modeling
• Risk and Vulnerability Management
Leader in Security Risk Management Solutions
High Performing Organizations
Choose Skybox Security
© 2012 Skybox Security
Financial
Services
Service
Providers
Energy &
Utilities
Gov &
Defense Others
3
Webcast Agenda
• Complexity Drives Consolidation
• Firewall Consolidation Challenges
• Case Study: Global Manufacturer
• Simplifying Firewall Consolidation
• Best Practice Firewall Management • Data Normalization
• Configuration Compliance
• Change Control
• Optimization
• Open API
• Choosing the Right Firewall
Management Tool
Network Complexity and Scale is
a Huge Challenge
Enterprise network
• 55,000 nodes
• 300 firewalls
• 25,000 rules
• 65 network changes/day
• 10,000 daily reported vulnerabilities
© 2012 Skybox Security 5
Heterogeneous Networks
Mean Multiple Device Languages
© 2012 Skybox Security 6
Hard to Manage and Troubleshoot
• Time consuming to identify
root cause of security or
access issues
• Unchecked rulesets impact
performance
• Firewall and network policy
overlaps and unused rules
• Redundant device
functionality – but where?
7
Security Challenges
Outpace Ability to Execute
• Fast growth and changes
• BYOD, cloud, virtualization challenges
• Continuous threats
• Network and security analysis complicated
• Security team can’t keep up!
• Can you achieve a 16X improvement in 4 years?
© 2012 Skybox Security 8
0
20
40
60
80
100
120
140
2009 2010 2011 2012 2013 2014
Security
challenges
Ability to execute
Case Study: Network Security
Consolidation Project
The Situation
The Mission
Global
Brewery
• Improve visibility of the interaction between network
infrastructure, security controls and policies
•Use this knowledge to optimize and consolidate the network
security infrastructure
•Reduce latency, improve security, reduce management costs
• Numerous daily network changes
• Large rulesets affecting performance
• 70+ locations
• 60 firewalls
• Numerous acquisitions increased network complexity
• Business services to some locations were disrupted by
latency issues
• Excessive time to traverse multiple firewalls
Case Study: Results
The Solution
Verified Results
Global
Brewery
• Eliminated 20% of firewalls
• Reduced rulesets by 80%
• Cut roundtrip latency by 50%
• Easier to manage, reduced risk level
• Skybox Security for
• Firewall policy analysis
• Ruleset optimization
• Network visibility
• Network and risk modeling and simulation
• Access path analysis
Simplifying Firewall Consolidation
Help us visualize and
analyze the situation Identify options to optimize
firewalls and rule sets
Will changes break services
or cause security holes?
Network Device Visualization and
Analysis
Help us visualize and
analyze the situation
Network modeling
Firewall policy analysis
Configuration analysis
Access compliance
Create a Network Model
13
• Import topology data
• Device configs
• Routing tables
• Automatically create a
hierarchical model tree,
grouping hosts by
TCP/IP network
• Add function,
location, type
• Analyze model to detect
missing info – hosts, ACLs,
routing rules for gateways
Network
Assurance
Network context
is important!
Automating Firewall Analysis
Best
Practice
Policy
Configuration
Repository Firewalls
Security
Team
Network
Operations
Basic
Firewall
Checks
Access
Compliance
Analysis
Normalized Firewall Configuration Repository
Firewall Analysis Workflow
Corporate
Policies
Reports
1
2
3 4 5
Automated Data Collection
Normalize the Firewall Data
• Remove vendor-specific
language
• Consolidated view to
compare results
• Use same features across
all types of firewalls
• More efficient analysis
Firewall Policy Compliance
Analysis
• Security best practices
• Platform configuration
checks
• Basic rule analysis
• Syntax
• Audit each rule by itself
• Not topology aware
Chang
e
Severi
ty
Modify
Paramet
ers
Find all Access Paths
• Complete End-to-
End path analysis
• Highlighting
ACL’s and routing
rules
• Supports NAT,
VPN, Dynamic
Routing and
Authenticated
rules
17
Determine Rules Allowing Access
• Find blocking
or allowing
devices
• Show rules
involved
• View routes
18
Firewall Optimization and Cleanup
Firewall performance can
degrade over time Too many rules
Redundant rules
Shadowed rules
Automated analysis can help
you speed up your firewalls--
regardless of vendor language
What are best options to
optimize firewalls?
Find Shadowed and Redundant
Rules
• Analysis runs against imported, normalized view of
firewall configurations
Rule Usage Analysis
• Automatically examine rulebase from firewall logs
(LEA, syslog) for:
• Unused rules and objects
• Partially used rules and objects
• Rule and object hit count
Planning Firewall Changes
Preventive - Assess impact of changes
before deployment
Ensure access to critical services
Track changes
Process improvements - change workflow
Will changes cause service
access issues or security holes?
Assess Planned Changes in
Advance • “What if” analysis - side by side comparison
Ensure Access to Critical Services
Access required: Remote access to business service
Identify Relevant Firewalls
Access requested: Remote access to business service
Firewall blocks the desired
action – change required
Firewall allows the action – no change needed
Troubleshoot Potential Access
Issues
Analyze inaccessible routes
- Quickly determine which
firewalls are blocking
access
- Shows which rules are
involved on each device
Network
Assurance
Access Analyzer
Verify Access Compliance
• Topology intelligence
• Use knowledge of what the
firewall is protecting
• Allows holistic review of
the firewall ruleset –
including NAT, VPN,
routing rules
• Better compliance
analysis
• PCI DSS
• NIST
• Custom policies
Track Changes
• Maintain history of changes to rules and objects in a normalized view
Requirements for a Firewall
Management Tool
• Normalize data
• Automate all tasks – data collection, analysis, reporting
• Policy compliance analysis
• Access analysis and troubleshooting
• Find unused rules • Eliminates potential attack scenarios
• Optimize the rulebase • Improves firewall performance
• Produce reports • Demonstrate compliance on-demand
• Documenting changes
Skybox Product Portfolio
© 2012 Skybox Security 30
Firewall Assurance
Automated firewall
analysis and audits
Change Manager
Complete firewall
change workflow
Network Assurance
Network compliance and
access path analysis
Risk Control
Identify exposed
vulnerabilities
Threat Manager
Workflow to address
new threats
Questions? Submit a question via chat
Remember to select ‘send to Moderators’
Or www.skyboxsecurity.com/contact-us
Thank you!
© 2012 Skybox Security 31
top related