infosec 2014: tech talk - firewall change management
Post on 15-Jan-2015
255 Views
Preview:
DESCRIPTION
TRANSCRIPT
Alastair Williams
Technical Director, EMEA
Firewall Change Management
© 2013 Skybox Security Inc. 2
Solution Overview
Change Management
Policy Compliance
Optimization & Cleanup
Remediation
Analysis / Prioritization
Discovery
Network Security Management Vulnerability & Threat Management
© 2013 Skybox Security Inc. 3
Change Management Workflow
Risk Assessment
Verification Implementation Technical
Translation Request
Ticketing System
or eMail Manual Process Manual Process Manual Process Not Done
© 2013 Skybox Security Inc. 4
Change Management Integration
Skybox Analytics Engine
Risk Assessment
Verification Implementation Technical Details
Request
3rd Party Ticketing System
and/or
Skybox Change Manager
© 2013 Skybox Security Inc. 5
Raise Request
Capture business & technical details
Skybox Analytics Engine
Risk Assessment
Verification Implementation Technical Details
Request
• Reduce workload
• Reduce time to process
• Capture structured and unstructured data
© 2013 Skybox Security Inc. 6
Technical Details
Translate
Path identification
Rule analysis
Skybox Analytics Engine
Risk Assessment
Verification Implementation Technical Details
Request
• Reduce workload
• Reduce time to process
• Reduce # of firewall changes
• Reduce overlapping rules
• Excellent ROI
© 2013 Skybox Security Inc. 7
Technical Details
© 2013 Skybox Security Inc. 8
Technical Details
© 2013 Skybox Security Inc. 9
Risk Assessment
Identify policy violations &
Vulnerability exposures
Accept/Reject
Skybox Analytics Engine
Risk Assessment
Verification Implementation Technical Details
Request
• Reduce human error
• Reduce roll back
• Reduce misconfigurations
• Create risk acceptance audit trail
© 2013 Skybox Security Inc. 10
Risk Assessment
© 2013 Skybox Security Inc. 11
Change Management Workflow – 3rd Party
Changes are queued by firewall
Skybox Analytics Engine
Risk Assessment
Verification Implementation Technical Details
Request
• Administrators see only the changes they are responsible for
• Displayed by firewall – not by ticket
• Tickets are promoted when all changes have been implemented
© 2013 Skybox Security Inc. 12
Verification
Skybox Analytics Engine
Reconcile against observed changes
Verify Access
Risk Assessment
Verification Implementation Technical Details
Request
• 3rd party validation that a change ticket has been implemented
• Protection against “fat fingering”
• Changes without tickets can be identified
© 2013 Skybox Security Inc. 13
Summary
Change Research – Demonstrable ROI
Risk Analysis – Automated, accurate, complete
Implementation – Changes grouped by firewall
Reconciliation – 3rd party validation of ticket completion
top related