AlgoSec Inc. 1

Gérer vos pare-feux dans une architecture segmentée,

conserver un niveau de conformité et remédier aux risques liés aux

évolutions des politiques de sécurité

Avishai Wool, Ph.D.AlgoSec CTO & Co-Founder

AlgoSec Inc. 2

Managing your firewalls in a segmented architecture, maintaining compliance, and remediating risks related to evolving security policies

(Translation based on BabelFish…)

AlgoSec Inc. 3

� Background� AlgoSec Firewall Analyzer

• Firewall operations efficiency• Enhance security and compliance through automation• Improve firewall performance, stretch device lifespan

� AlgoSec FireFlow• Change Workflow Automation

� Live demo

Agenda

AlgoSec Inc. 4

� Firewall configurations become overgrown over the years:• Constant rate of rule changes (dozens of changes per week!)• Multiple administrators, staff turnover, outsourcing

� Examples we’ve seen:• Check Point Firewall with 200-1,500 rules

and 1,000-20,000 objects• PIX configuration with 400-50,000 lines

� Challenges:• Industry statistics: 20-30% of firewall rule

changes are not needed!• Extend the lifespan of devices in use

Background: Firewalls become Overgrown

AlgoSec Inc. 5

� Performance and management problems• Firewall slows down – may become a bottleneck

• Hardware size limitations – may need bigger hardware• Slow and cumbersome management interface

• Hard to manage and time consuming

� Security risks:

Complexity Leads to Problems

A survey of the firewall policies of 30 US-based

large corporations suggest that all complex policies are

exposed to serious risk.

Rule-base complexity = Rules + Objects + (Interfaces) **2

AlgoSec Inc. 6

by Intelligent Automation of

Requirements for Security Management

Cost Saving Governance

AlgoSec Inc. 7

About AlgoSec

Confidential

TelecomTelecom EnergyEnergy

TransportationTransportationCommercialCommercial GovernmentGovernment

AutomotivesAutomotives

HiHi--TechTech

BigBig--4 Auditing Firms4 Auditing Firms

FinancialFinancial

Our prosperity is driven by 100% customer satisfaction

� The established leader of Firewall, Router & VPN Po licy Lifecycle Management

� Over 300 customers; 5 Patents pending

AlgoSec Inc. 8

AlgoSec Products

Confidential

Unique firewall & topology aware workflow allows:Auto plan • Auto validate • Governance •Operational efficiency • Auto-document activities •Integrates with existing systems

Unique firewall & topology aware workflow allows:Auto plan • Auto validate • Governance •Operational efficiency • Auto-document activities •Integrates with existing systems

FireFlowIntelligent Workflow for Network Security

FireFlowIntelligent Workflow for Network Security

Unique firewall & topology simulation allows: Operational efficiency • Cleanup • Performance optimization • Audit-ready compliance reports •Risk analysis & metrics • Change monitoring

Unique firewall & topology simulation allows: Operational efficiency • Cleanup • Performance optimization • Audit-ready compliance reports •Risk analysis & metrics • Change monitoring

AlgoSec Firewall Analyzer (AFA)Intelligent Analysis for Network Security

AlgoSec Firewall Analyzer (AFA)Intelligent Analysis for Network Security

Challenge: Manual firewall policy analysis is error-prone ,expensive and time consuming

Challenge: Manual firewall policy analysis is error-prone ,expensive and time consuming

Challenge: 20-30% rule changes un-needed2-8% changes done wrongLack of accountability

Challenge: 20-30% rule changes un-needed2-8% changes done wrongLack of accountability

AlgoSec Inc. 9

� The AlgoSec Firewall Analyzer is the established leading solution for:

• Firewall, router and VPN operations and change management

• Risk management, security compliance, audit

• Policy optimization and configuration cleanup

� It is a comprehensive, scalable, non-intrusive, easy-to-deploy and use, and supports all versions of the major firewall platforms in the enterprise market:

� The AlgoSec solution provides unmatched visibility, analysis andintelligence into an organization's firewall policies.

AlgoSec Solution Brief

Sun Solaris � Linux � Win-NT � Nokia �SecurePlatform � Alteon � NSF � Provider-1 �

SmartCenter � Crossbeam � OPSEC integration �

PIX � FWSM �ASA � IOS Router ACLs �

ScreenOS �NSM �

Virtual Router �Virtual System �

AlgoSec Inc. 10

AFA – How does it work?

� Real-time Monitoring – track changes

� Data Collection• Rule Base, Log and Routing Table

� Analysis• Non intrusive, offline analysis

• Single Firewall, group of firewalls or hierarchically connected firewalls (matrix)

• Analyze the traffic, not just the rules text

• Patented 5-dimentional algorithms calculate how the firewall will respond to every potential packet it may encounter

� Knowledge Base• Compare the policy to built-in industry

best practices

AlgoSec Inc. 11

� Improve manageability and security: track policy changes - in realtime• Track the 5 W‘s:

What (rules, routing, VPNs,…), Who, When, Where, What is the impact

• Realtime change alerting

� Save time with routing-aware firewall troubleshooting• Pinpoint the exact firewalls and rules that block operational traffic

� Ease firewall management using policy visualization• View firewall policy and connectivity in a format not available on native

management consoles - saves time, makes administrative tasks much easier

� Enable firewall/server consolidation/migration • Consolidation assistance: identify required rule changes• Firewall migration assistance: policies comparison

AFA Solution:Network Operations Efficiency

AlgoSec Inc. 12

� Improve performance through Intelligent rule reordering• Based on log analysis

� Improve performance by cleanup:• Rules: unused, duplicate, covered, disabled, timed out

• Objects: Unused, unattached, duplicate, empty

• VPN: Unused, unattached, expired ,users and groups• Support log analysis for over a year

• Analyze historical logs

AFA Solution: Extend Firewall Lifespan and Performance

AlgoSec Inc. 13

� Automated Industry Best Practice (IBP) risk analysis• Out-of-the-box usability based on AlgoSec IBP Knowledgebase• Shows risks ranked by severity and lists all risky rules

• Provides details on risks found, offers remediation guidance

� Friendly customizations to conform with internal policies• Easy to use risk customization, trusted traffic, user-defined zone types

• Ensures each firewall conforms to organization-specific security policy

� Automatically completed compliance reports• SOX, PCI-DSS, J-SOX, ISO 27001

� VPN risk analysis• Identify risks associated to VPN rules and objects

AFA Solution: Intelligent Automation of Risk & Compliance

AlgoSec Inc. 14

� Two hardware appliance models:• AlgoSec 1020 – entry level

• CPU: Dual Core• Memory: 4GB (1GB DDR2/667 x 4)

• AlgoSec 1080 – high-performance, enterprise level• CPU: 8-Core• Memory: 16GB (2GB FB-DIMM x 8)

� Pre-built VMware “soft-appliance”

� Software only

AlgoSec Delivery Options

AlgoSec Inc. 15

Product DemoFeature Overview

Security. Visibility. Governance.

AlgoSec Inc. 16

FireFlow

Network Security Policy Change Workflow Automation

Confidential

AlgoSec Inc. 17

Firewall policy change process overview

� Business units make firewall change requests• Often many requests per week

• The process of meeting the requests is complex

• Involves multiple people in different organizations• Involves several approvals and checks

• Subject to audit and regulation

• Change planning, risk assessment rely on personal expertise

• Industry statistics: 20-30% of implemented rule chang es are not needed !

� Existing systems are focused on process administration

AlgoSec Inc. 18

Current Challenges

� Delays and mistakes create inefficiency and time waste� Actual change may differ from original request� Actual change may differ from what was approved � Variable levels of expertise may introduce mistakes � SLA is hard to maintain� Poor visibility increases cost:

• Where are we in the process?• Who requested / approved / implemented the change?• Why was a change made?• What are the impacts of a change?

Confidential

AlgoSec Inc. 19

FireFlow within Your Organization

End-user (Business Unit)

Information Security

Network Operations

Firewall

Create Change Request( Existing system, web form, email)

Create Change Request( Existing system, web form, email)

AlgoSec Inc. 20

Translate vague request into technical requirement. Check if rule-change needed

Cost saving: avoid unneeded changes

Translate vague request into technical requirement. Check if rule-change needed

Cost saving: avoid unneeded changes

FireFlow within Your Organization

End-user (Business Unit)

Information Security

Network Administration

Firewall

AlgoSec Inc. 21

Assess risk of suggested change,Approve change

Assess risk of suggested change,Approve change

FireFlow within Your Organization

End-user (Business Unit)

Information Security

Network Operations

Firewall

AlgoSec Inc. 22

Auto-create work ordercreate checklist of rules and

firewalls to be modified

Auto-create work ordercreate checklist of rules and

firewalls to be modified

FireFlow within Your Organization

End-user (Business Unit)

Information Security

Network Operations

Firewall

AlgoSec Inc. 23

`̀

Auto-detect policy changes,match to requests

Auto-detect policy changes,match to requests

FireFlow within Your Organization

End-user (Business Unit)

Information Security

Network Operations

Firewall

Apply modified policy

Policy was modified !

A matching request

was found.

AlgoSec Inc. 24

Notify stakeholders of successful completion of change

Notify stakeholders of successful completion of change

FireFlow within Your Organization

End-user (Business Unit)

Information Security

Network Operations

Firewall

AlgoSec Inc. 25

FireFlow within Your Organization

Information Security

Create Flexible Reports,Visibility, and Measurable Results

Create Flexible Reports,Visibility, and Measurable Results

Audit and complianceCIO,

Management

Network Operations

Efficiency metrics,SLA reports

Unauthorized Changes

Delayed requests, Internal billing

Audit Trail,Documentation

Archive

AlgoSec Inc. 26

Request and Auto planning stages in FireFlow

� Request • Translate vague incoming requests into technical requirements

� Convert DNS names to IP addresses� Convert port ↔ firewall service name

� Auto Plan� Identify if a policy change is needed at all� Auto identify which

devices participatesin change process

AlgoSec Inc. 27

Risk Check and Approval

� Check and Approve• Identify introduction of new risks, alert if non regulation compliant • Approve for implementation, or send to re-plan

� Issue Work Order� Auto-build rule change recommendation

AlgoSec Inc. 28

Reconciliation: Auto-m atch change and request

� Validate• Ensure that implemented policy meets the request

� Reconcile• Ensure that all requests get implemented• Ensure that no unauthorized changes are made

� Audit• View full request history• Link modified rules to request history

AlgoSec Inc. 29

Network Security Change Lifecycle. FireFlow™

Any questions before live demo?

AlgoSec Inc. 30

Questions?

� E-mail:• avishai.wool@algosec.com• http://www.algosec.com