RSA 2014: Firewall Change Management: Automate, Secure & Comply
-
Upload
skybox-security -
Category
Technology
-
view
133 -
download
1
description
Transcript of RSA 2014: Firewall Change Management: Automate, Secure & Comply
Sean Keef Director of Sales Engineering
Firewall Change Management
© 2013 Skybox Security Inc. 2
Solution Overview
Change Management
Policy Compliance
Optimization & Cleanup
Remediation
Analysis / Prioritization
Discovery
Network Security Management Vulnerability & Threat Management
© 2013 Skybox Security Inc. 3
Change Management Workflow
Risk Assessment
Verification Implementation Technical
Translation Request
Ticketing System
Or
Manual Process Manual Process Manual Process Not Done
© 2013 Skybox Security Inc. 4
Change Management Integration
Skybox Analytics Engine
Risk Assessment
Verification Implementation Technical Details
Request
3rd Party Ticketing System
or
Skybox Change Manager
© 2013 Skybox Security Inc. 5
Change Management Integration
Translate
Path identification
Rule analysis
Skybox Analytics Engine
Risk Assessment
Verification Implementation Technical Details
Request
• Reduce workload
• Reduce time to process
• Reduce # of firewall changes
• Reduce overlapping rules
• Excellent ROI
© 2013 Skybox Security Inc. 6
Technical Details
© 2013 Skybox Security Inc. 7
Technical Details
© 2013 Skybox Security Inc. 8
Risk Assessment
Identify policy violations &
Vulnerability exposures
Accept/Reject
Skybox Analytics Engine
Risk Assessment
Verification Implementation Technical Details
Request
Skybox and/or 3rd Party Ticketing System
• Reduce human error
• Reduce role back
• Reduce misconfigurations
• Create risk acceptance audit trail
© 2013 Skybox Security Inc. 9
Risk Assessment
© 2013 Skybox Security Inc. 10
Change Management Workflow – 3rd Party
Changes are queued by firewall
Skybox Analytics Engine
Risk Assessment
Verification Implementation Technical Details
Request
Skybox and/or 3rd Party Ticketing System
• Administrators see only the changes they are responsible for
• Displayed by firewall – not by ticket
• Tickets are promoted when all changed have been implemented
• Auto-provisioning in the works
© 2013 Skybox Security Inc. 11
Verification
Skybox Analytics Engine
Reconcile against observed changes
Verify Access
Risk Assessment
Verification Implementation Technical Details
Request
Skybox and/or 3rd Party Ticketing System
• 3rd party validation that a change ticket has been implemented
• Protection against “fat fingering”
• Changes without tickets can be identified
© 2013 Skybox Security Inc. 12
Summary
Path Analysis – Demonstrable ROI
Risk Analysis – Automated, accurate, complete
Implementation – Changes grouped by firewall
Reconciliation – 3rd party validation of ticket completion