Suite 6 5 Release Notes

8/19/2019 Suite 6 5 Release Notes

http://slidepdf.com/reader/full/suite-6-5-release-notes 1/12

© Copyright 2013. AlgoSec, Inc. All rights reserved.

AlgoSec Security Management Suite 6.5

Release Notes (September 2013)

The information in this document is confidential.



2 © Copyright 2013. AlgoSec, Inc. All rights reserved.

Table of ContentsAlgoSec Security Management Suite Features........................................................................... 3

Juniper Space Support ................................................................................................................ 3

Juniper J Series, M/MX Series Support ....................................................................................... 3

VRF Separation for Cisco Routers ............................................................................................... 3

AlgoSec BusinessFlow Features ................................................................................................. 4

Impact Analysis ........................................................................................................................... 4

Advanced Searching Capabilities ................................................................................................ 4

Automatic Change Request Status Updates ................................................................................ 4

Enterprise Readiness .................................................................................................................. 4

AlgoSec FireFlow Features ......................................................................................................... 5 Usability Enhancements for Approvers ........................................................................................ 5

Usability Enhancements for Requestors ...................................................................................... 6

Performance ................................................................................................................................ 6

Validation of Work Order Recommendations Implementation ...................................................... 6

Partially Allowed and Not Routed Traffic ...................................................................................... 7

Choosing Wider Objects While Editing a Work Order .................................................................. 7

Edit Work Order for Palo Alto and Fortinet Devices ..................................................................... 8

Rule Modification ......................................................................................................................... 8

ActiveChange Install on All Policy Target .................................................................................... 9

Include Check Point Policy Name in Changes Without Ticket ...................................................... 9

Add Read Only Fields to a “Create” Ticket .................................................................................. 9

AlgoSec Firewall Analyzer Features .......................................................................................... 10

Out-of-the-box Baseline Configuration Compliance Reports ...................................................... 10

Web Services API ..................................................................................................................... 10

Policy Tab Enhancements ......................................................................................................... 10

Network Map Enhancements ..................................................................................................... 11

VIP Support ............................................................................................................................... 11

Dashboard for Policy Changes .................................................................................................. 11

Analysis on Specific Log Ranges ............................................................................................... 11

Provider Edition Improvements .................................................................................................. 11

Expiration Date for Trusted Traffic ............................................................................................. 12

Syslog Messages on Changes .................................................................................................. 12

Performance and Usability Improvements ................................................................................. 12

NAT Improvements.................................................................................................................... 12




The following features were added to the AlgoSec Security Management Suite 6.5, made

generally available in September 2013.

AlgoSec Security Management Suite Features

Support for Juniper Space

Juniper Junos Space and the Juniper SRX devices it manages are now fully supported.

BusinessFlow support includes:

Checking application connectivity supports flows that pass through devices managed by

Juniper Space, for immediate visibility of the relevant rules in the managed devices

Discovery of applications based on rules from Space managed devices

Impact Analysis can be performed on Space and the devices it manages

AlgoSec Firewall Analyzer (AFA) support includes:

Policy change monitoring

Full device analysis, optimization, risk check, and compliance reporting

Routing table analysis, including device connectivity diagram

Routing-aware traffic query capabilities

Baseline configuration compliance reporting

Support for Juniper J series, M/MX series

Juniper routers are now supported via the AlgoSec Extension Framework (AEF).

J series routers can now be considered in the path a flow takes in the network map.

Impact Analysis can be performed on Juniper routers (see Impact Analysis feature).

Changes in Juniper routers can be monitored for auditing purposes, and devices can be

added to the enterprise network map as well as to the AlgoSec Traffic Simulation Query.

VRF separation for Cisco IOS routers

Virtual Routing and Forwarding (VRF) allows setting virtual instances of routing tables on the same

router. Cisco IOS routers with VRFs can now be configured in AFA to consider each VRF as a

separate device. Each VRF has its own routes and interfaces, making the network map more

accurate and providing better Traffic Simulation Query results.




BusinessFlow Features

Impact Analysis

Identify the business impact of making changes to servers or devices:

Identify the applications impacted by planned or unexpected down-time of servers and

devices, as well as the exact flows that are relevant within these applications.

Enable organizations to simplify server migrations by discovering all of the applications that

are using the decommissioned server.

Advanced Searching Capabilities

Easily manage a large number of applications by finding all the applications that are in need ofsome traffic flow or which use a specific service, creating sophisticated searches with multiple

values, viewing the specific flows that meet the search criteria in each application, obtaining

contact information of people relevant to the discovered applications and sorting the list of found

applications by name, connectivity status, or date of update.

Automatic Change Request Status Updates

Gain improved visibility of the status of change requests originating in BusinessFlow as the

application status changes dynamically to reflect the status of the request. Keep track of

applications pending to be implemented, gain visibility of applications moving from 'Pending' to

'Active' once changes are implemented and create new drafts based on rejected revisions.

Enterprise Readiness

BusinessFlow supports enterprise requirements by preventing data loss with Backup and Restore

capabilities, using two appliances in active-standby mode to support High Availability, and enabling

the logo in the header to be customized to meet organizational standards.




AlgoSec FireFlow Features

Usability Enhancements for Approvers

Simplified screens make it easier for users to review the information. Additionally, the new UI

guides the user through the different steps of the workflow, while also providing a view to previous

steps (read-only), for better decision making and analysis (view the information in proper context).

Work Order information, Risk Check and Validation results are relevant to the device and if

available, are accessible on any step of the workflow

General details and traffic information for all devices in the change request are available as

additional layers on top of the change request, and can be expanded/collapsed.

Change request SLA status is constantly available on the main page of the change request,

with color coding (orange = not meeting SLA, green = meeting). Hover for details.

The top level menu to the left of the screen is collapsible enabling a larger viewable area to

more easily edit change request information and configurations.

Change request page performance improvements prioritize fetching of page elements.




Usability Enhancements for Requestors

New, simplified workflow template removes some of the least-frequently-used fields (Priority, cc,

refers to and refer to by).

Performance

Performance enhancements made across the different stages and components of FireFlow, from

the initial login and through the initial request and Auto Matching stages.

Validation of Work Order Recommendations Implementation

To improve change validation accuracy, a smart validation runs on the change request’s “Planned

Change” and “Work Order Recommendation” for each traffic line separately. In addition to auto-

matching, the new validation uses the monitor-collected policy, so the user is able to validate theCR immediately after is it implemented. Validation checks to make sure that:

Requested traffic is allowed and that the exact objects were defined, including their names

are as requested.

The change on the device is not wider than the work order recommendation and if so, fails

or only partially passes the validation.

Each Change Request receives a summarized validation result - if all traffic lines are “successful”

then it is validated; if at least one traffic line “fails” / “partially successful” than the validation “fails”.

Compared to auto-matching, smart validation results are displayed as part of the change request’s

display page, and is part of the change request’s life cycle. When the “validation tab” is displayed

the user will see the detailed validation results. When the user views the “validation tab” in “readonly” mode, a short sentence summarizing the validation result will be visible.




Partially Allowed and Not Routed Traffic

FireFlow now addresses cases where the traffic line in a change request is partially allowed or not

routed by the firewall. A more precise recommendation is now provided:

An object in source/destination/service will be ignored if it is allowed by the firewall for all

destinations/services/applications in the traffic line, or if it is not routed by the firewall at all.

Already allowed objects are marked with a sign. Not routed objects are marked with a .

Choosing Wider Objects While Editing a Work Order

An optional configuration in FireFlow lets the user choose, while editing the work order, alternative

objects that may contain more addresses in addition to the original request, hence are wider than

the original request. For example, if during handling a request to access server A1, net admin

realizes that server A1 has a backup server A2, he/she can now edit the work order to allow

access to a whole object A. By opening the advanced editing wizard, the user can either create a

new object (even is such an object already exists), see suggestions for objects that contain the

same IPs (exact match) or choose an object that contain the requested IP address from a list of

wider objects. Indication for the size and a drill down into its definition are available as well.




Edit Work Order for Palo Alto and Fortinet Devices

In addition to existing support for editing work order on Check Point and Juniper devices, FireFlow

now allows users to also edit work order for Palo Alto and Fortinet devices.

Editing the work order opens free-text fields for rule name (Palo Alto) and which rule will

follow the changed one (Palo Alto and Fortinet), as well as editable source, destination and

service fields. Application field is not editable.

Validation is performed on editable fields, ensuring correct work order is produced.

Rule Modification

FireFlow supports making changes to a rule (for example, in order to support server migration) for

all supported vendors, including ActiveChange for Check Point. Rule Modification is a new request

type, and out-of-the-box installation of FireFlow includes a request template and workflow type forrule modification, including a request creation, work order generation and change validation.

The new request type allows choosing a rule tomodify, out of a list which indicates which rules

are modifiable and which are not, updating new

source, destination and service and create the

change request for approval. The rule data is

fetched from a database containing the most

updated report or monitor information

(whichever had run most recently). If the rule

changed since the change request was created

then an appropriate message will be displayed

to the user.




ActiveChange – Install on All Policy Target

With ActiveChange, a new rule can now be installed on all Check Point devices that share the

same policy on the same management server.

Include Check Point Policy Name in Changes Without Ticket

Auto matching the list of changes without requests now also displays the policy name for Check

Point, Juniper NSM and FortiManager devices.

Add Read Only Fields to a “Create” Ticket

A Read-Only field can now be added to request forms – such as instructions or links, as well as

notifications to users regarding default values they cannot change.




AFA Features

Out-of-the-Box Baseline Configuration Compliance Reports

AFA allows security teams to easily verify that baseline hardware and software configurations

comply with the industry's best practices. The new out-of-the-box Baseline Compliance

requirements are now available for all supported devices, including new profiles for Juniper SRX,

Juniper NetScreen, Fortinet FortiGate, Palo Alto, McAfee Enterprise Firewall (Sidewinder), and

Cisco Nexus. Baseline Configuration reports can be customized and new ones can be created.

Web Services API

AFA now allows easy and quick integration of administration and information gathering tasks with

external applications using SOAP web services. This capability allows automating repeating

activities, such as on-boarding new customers in MSSP environments, extracting analyzed

information to enterprise dashboards and more. New web services include:

Administration Tasks - add \ edit device groups; run \ schedule an Analysis on a device;

get the list of all defined devices; create domain

Operational Tasks: edit Rule Documentation – allows to read\write data to be attached to

a specific rule in AFA; get Risk Analysis results

Policy Tab Enhancements

The Policy Tab simplifies

finding security rules for server

migration and data center

consolidation by allowing

multiple policies to be viewed

from a group of devices for

quickly locating policies and

rules based on information in

the rule or in the custom rule

documentation fields.

Search multiple policies for IP addresses contained within objects in rules, throughout the

object's hierarchy

Summary results include the number of relevant policies and relevant rules within each

policy

Enhanced search result view with highlighted text fields, for example objects in which the

searched IP or object resides




Network Map Enhancements

Enhanced map editing capabilities include merging multiple clouds, based on map search results

and adding, removing and editing networks on a cloud.

Enhanced routing simulation capabilities directly from the map include routing-only traffic

simulation on the entire map and a route lookup from a selected device to a chosen destination.

Enhanced map view allows for the left menu to be minimized, for a wider and clearer view.

Enhanced traffic simulation involving layer-2 devices includes filtering policy check on all

layer-2 devices in a group traffic simulation query.

VIP Support

AFA now supports Virtual IP assignments to devices' interfaces, commonly used in HSRP and

VRRP protocols, for Juniper (SRX and MX routers) and Cisco devices. This support enriches the

enterprise network map and the AlgoSec Traffic Simulation Query capabilities.

Dashboard for Policy Changes

The new Policy Changes dashboard provides instant visibility on the trends of policy changes in a

group of devices over time and on the number of policy changes per device within the group.

Analysis on Specific Log Ranges

Policy optimization analysis on a device or a

group can now be based on a specific log

range, configurable separately per-analysis. Get

ready for audits by easily determining the

starting point from which traffic logs are

analyzed.

Provider Edition Improvements

AFA Provider Edition (Domains) includes several enhancements in license provisioning:

Allocate a specific number of device licenses with separate provisioning per domain

Offer different services to each domain and support more flexible business models by

enabling different license types per domain



Expiration Date for Trusted Traffic

AFA allows selecting rules or traffic that are trusted and should not be considered in risk analysis.

The trusted traffic can now be limited to a certain time range, after which the traffic will be

considered risky again.

Syslog Messages on Changes

The Syslog messages generated by AFA now include messages about changes in rules, objects,

and services in the various devices' policies and configurations. The messages are sent

automatically based on the AlgoSec ongoing device monitoring, allowing integration with SIEM /

SOC products.

Performance and Usability Improvements

Performance and usability improvements include: web user interface general browsing

performance improvements, the ability to view the network map or policies at the full width of your

screen by hiding the left menu bar, and faster log collection and processing.

NAT Improvements

Enhanced support for destination NAT in complex queries

Support Cisco ASA 8.3 NAT rules and configurations

265 Franklin Street

Boston, MA 02110

USA

T: +1-888-358-3696

F: +1-866-673-7873

E: [email protected]

AlgoSec.com

mailto:[email protected]


http://www.algosec.com/

http://www.youtube.com/algosec

http://www.linkedin.com/company/algosec

http://www.facebook.com/AlgoSec

http://blog.algosec.com/

http://www.twitter.com/algosec

http://www.algosec.com/


Date post:	08-Jul-2018
Category:	Documents
Upload:	shadaab-ahmed-umair
View:	222 times
Download:	0 times

Suite 6 5 Release Notes

Documents