rsa 2014: firewall change management: automate, secure & comply
DESCRIPTION
Skybox has a complete portfolio solving many common problems in enterprise cyber security. Right now we’ll focus on Network Security Management, where the story is often about policy compliance. We offer several types of policy engines that can be used to show compliance with internal policies or external regulations. Before an organization attacks their compliance issues, sometimes they need to address the messiness of firewalls whose rules sets have grown organically over the years. Our Optimization and Cleanup tools help with that situation. Lastly, once a company has their network in compliance, it’s certainly beneficial to keep it there, and that’s where change management becomes so important. I’ll demonstrate how integrating your change management workflow with Skybox’s analysis engine can produce clear ROI and risk reduction.TRANSCRIPT
Sean Keef Director of Sales Engineering
Firewall Change Management
© 2013 Skybox Security Inc. 2
Solution Overview
Change Management
Policy Compliance
Optimization & Cleanup
Remediation
Analysis / Prioritization
Discovery
Network Security Management Vulnerability & Threat Management
© 2013 Skybox Security Inc. 3
Change Management Workflow
Risk Assessment
Verification Implementation Technical
Translation Request
Ticketing System
Or
Manual Process Manual Process Manual Process Not Done
© 2013 Skybox Security Inc. 4
Change Management Integration
Skybox Analytics Engine
Risk Assessment
Verification Implementation Technical Details
Request
3rd Party Ticketing System
or
Skybox Change Manager
© 2013 Skybox Security Inc. 5
Change Management Integration
Translate
Path identification
Rule analysis
Skybox Analytics Engine
Risk Assessment
Verification Implementation Technical Details
Request
• Reduce workload
• Reduce time to process
• Reduce # of firewall changes
• Reduce overlapping rules
• Excellent ROI
© 2013 Skybox Security Inc. 6
Technical Details
© 2013 Skybox Security Inc. 7
Technical Details
© 2013 Skybox Security Inc. 8
Risk Assessment
Identify policy violations &
Vulnerability exposures
Accept/Reject
Skybox Analytics Engine
Risk Assessment
Verification Implementation Technical Details
Request
Skybox and/or 3rd Party Ticketing System
• Reduce human error
• Reduce role back
• Reduce misconfigurations
• Create risk acceptance audit trail
© 2013 Skybox Security Inc. 9
Risk Assessment
© 2013 Skybox Security Inc. 10
Change Management Workflow – 3rd Party
Changes are queued by firewall
Skybox Analytics Engine
Risk Assessment
Verification Implementation Technical Details
Request
Skybox and/or 3rd Party Ticketing System
• Administrators see only the changes they are responsible for
• Displayed by firewall – not by ticket
• Tickets are promoted when all changed have been implemented
• Auto-provisioning in the works
© 2013 Skybox Security Inc. 11
Verification
Skybox Analytics Engine
Reconcile against observed changes
Verify Access
Risk Assessment
Verification Implementation Technical Details
Request
Skybox and/or 3rd Party Ticketing System
• 3rd party validation that a change ticket has been implemented
• Protection against “fat fingering”
• Changes without tickets can be identified
© 2013 Skybox Security Inc. 12
Summary
Path Analysis – Demonstrable ROI
Risk Analysis – Automated, accurate, complete
Implementation – Changes grouped by firewall
Reconciliation – 3rd party validation of ticket completion