Post on 22-Jan-2018
transcript
AGENDA
Traditional approach to managing / removing unnecessary Firewall rules
A more advanced recertification process
01
02
03
Why Firewall Rules Become Redundant
An application-centric approach to firewall rule recertification
How AlgoSec can automate the recertification process
02
03
WHY FIREWALL RULES BECOME REDUNDANT
An application is decommissioned
An application is upgraded and uses
different services/ ports
An endpoint is moved to a different datacenter
6 | Confidential
TRADITIONAL METHODOLOGY
REVIEWthe firewall logs and determine
when the rule was last used
READthe comments to
see who requested the rule
and which application it
serves
VALIDATEthat the
application is in use with the
relevant contact
REMOVEthe rule or extend
the expiration date
A MORE ADVANCED RECERTIFICATION PROCESS
Recertify or remove obsolete rules
Notify change requesters
Find related firewall rule requests
Review pending rules / rule request needed to be recertify
AN APPLICATION-CENTRIC APPROACH TO
19 | Confidential
VALIDATEthat the application is in use with the relevant contact
REMOVEthe rule or extend the expiration date
SUMMARY
36 | Confidential
AlgoSec security policy automation and tools can simplify, reduce the risk and save time with Firewall rule recertification
Firewall rule recertification is a necessary evil
Firewall rule recertification is a manual, complex, and error-prone process. Mistakes are common and they can cause application outages
Application-centric approach to Firewall rule recertification can save time in the rule recertification process
01
02
03