Learn how an app-centric approach will improve security & operational efficiency
-
Upload
adi-gazit-blecher -
Category
Technology
-
view
156 -
download
1
Transcript of Learn how an app-centric approach will improve security & operational efficiency
![Page 1: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/1.jpg)
INCREASE YOUR SECURITY MATURITY THROUGH AN APPLICATION CENTRIC APPROACHJoe DiPietro
![Page 2: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/2.jpg)
AGENDA
• The Security Policy Management Maturity Model
• Understanding Application Architecture
• Autodiscovery for Applications and their Connectivity
• Identifying Risk Within Applications
• Migrating Applications to a New Data Center
![Page 3: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/3.jpg)
THE SECURITY POLICY MANAGEMENT MATURITY MODEL
Network visibility and mapping
Application to security mapping
Security policy posture
Security change management
Network infrastructure auditing
Secure decommissioning of application connectivity
Alignment between security, network and service delivery teams
3 | Confidential
Level 1Level 2
Level 3
Level 4
Understanding the components of the Security Policy Management Maturity Model
Increasing maturity
![Page 4: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/4.jpg)
THE SECURITY POLICY MANAGEMENT MATURITY MODEL
Network visibility and mapping
Application to security mapping
Security policy posture
Security change management
Network infrastructure auditing
Secure decommissioning of application connectivity
Alignment between security, network and service delivery teams
4 | Confidential• Live and dynamically updated map •Network and Security view
![Page 5: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/5.jpg)
THE SECURITY POLICY MANAGEMENT MATURITY MODEL
Network visibility and mapping
Application to security mapping
Security policy posture
Security change management
Network infrastructure auditing
Secure decommissioning of application connectivity
Alignment between security, network and service delivery teams
5 | Confidential•Application Documentation • Integrated Risk and Change Mgt View •Business Impact
Be prepared for Software Defined Networks (SDN) such as Cisco ACI
(Application Centric Infrastructure)
![Page 6: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/6.jpg)
THE SECURITY POLICY MANAGEMENT MATURITY MODEL
Network visibility and mapping
Application to security mapping
Security policy posture
Security change management
Network infrastructure auditing
Secure decommissioning of application connectivity
Alignment between security, network and service delivery teams
6 | Confidential•Continuous compliance procedures•Compliance score
• Security policy risks•Application risk
![Page 7: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/7.jpg)
THE SECURITY POLICY MANAGEMENT MATURITY MODEL
Network visibility and mapping
Application to security mapping
Security policy posture
Security change management
Network infrastructure auditing
Secure decommissioning of application connectivity
Alignment between security, network and service delivery teams
7 | Confidential•Automated process• Segregation of duties
•Embedded risk checks
Plan
Approve
ImplementValidate
Close
Request
1 2
3
4
6
5
2
Notify Requester
Each Firewall Policy is automatically analyzed to see if request is already allowed
3
4
•Add a new rule?•Modify an existing rule?•Create new objects?•Automatically document the rule change
5
6
Automatic “Push” to reduce misconfigurations
![Page 8: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/8.jpg)
THE SECURITY POLICY MANAGEMENT MATURITY MODEL
Network visibility and mapping
Application to security mapping
Security policy posture
Security change management
Network infrastructure auditing
Secure decommissioning of application connectivity
Alignment between security, network and service delivery teams
8 | Confidential•Understand what changed, and who did it•Don’t forget about changes in risk
• Look at the big picture•Have granular audit details
![Page 9: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/9.jpg)
THE SECURITY POLICY MANAGEMENT MATURITY MODEL
Network visibility and mapping
Application to security mapping
Security policy posture
Security change management
Network infrastructure auditing
Secure decommissioning of application connectivity
Alignment between security, network and service delivery teams
9 | Confidential•Reduce complexity•Map applications and automate the process
• Security policy bloat over time•Have a process to decommission
Start the decommission process when you first make the request with
“rule re-certification”!
Please decommission this application!
Legacy WebAccess Application
#6757 Firewall Change Request to remove WebAccess application
![Page 10: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/10.jpg)
THE SECURITY POLICY MANAGEMENT MATURITY MODEL
Network visibility and mapping
Application to security mapping
Security policy posture
Security change management
Network infrastructure auditing
Secure decommissioning of application connectivity
Alignment between security, network and service delivery teams
10 | Confidential
•Common goals for the business•Application alignment between groups
•More agile•Reduce risk
The back and forth exchange to clarify information can add days
into a single security policy change request!
Collaboration can occur when each party sees the information
in their native language
Service delivery Networking Security
Different views of the same application
![Page 11: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/11.jpg)
11 | Confidential
THE SECURITY POLICY MANAGEMENT MATURITY MODEL
Network visibility and mappingStatic map (E.G. Visio)
Map updatedperiodically
Live map Live map across on premise, SDN and cloud
Application to security mapping NoneApplication architecture documented
Application Risk identified within all app components
App connectivity changes seamless integrated with Security Processes
Security policy posture Poor Fair Good Excellent
Security change managementManual. Error-prone
Mostly manual.Some errors.
Mostly automated. Few errors
Automated policy pushVirtually error-free
Network infrastructure auditing Manual. Costly.Some automation.Costly.
Automated and continuous
Automated and continuous
Secure decommissioning of application connectivity
Never Rare Occasional Always
Alignment between security, network and service delivery teams
Poor Fair Good DevSecOps
Level 1Level 2
Level 3
Level 4
![Page 12: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/12.jpg)
12 | Confidential
THE SECURITY POLICY MANAGEMENT MATURITY MODEL
Network visibility and mappingStatic map (E.G. Visio)
Map updatedperiodically
Live map Live map across on premise, SDN and cloud
Application to security mapping NoneApplication architecture documented
Application Risk identified within all app components
App connectivity changes seamless integrated with Security Processes
Security policy posture Poor Fair Good Excellent
Security change managementManual. Error-prone
Mostly manual.Some errors.
Mostly automated. Few errors
Automated policy pushVirtually error-free
Network infrastructure auditing Manual. Costly.Some automation.Costly.
Automated and continuous
Automated and continuous
Secure decommissioning of application connectivity
Never Rare Occasional Always
Alignment between security, network and service delivery teams
Poor Fair Good DevSecOps
Level 1Level 2
Level 3
Level 4
If we understand the application architecture and how it traverses the
network, we can dramatically increase our maturity in these areas and be
prepared for Software Defined Networks (SDN) such as Cisco ACI
(Application Centric Infrastructure)
![Page 13: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/13.jpg)
13 | Confidential
THE SECURITY POLICY MANAGEMENT MATURITY MODEL
Network visibility and mappingStatic map (E.G. Visio)
Map updatedperiodically
Live map Live map across on premise, SDN and cloud
Application to security mapping NoneApplication architecture documented
Application Risk identified within all app components
App connectivity changes seamless integrated with Security Processes
Security policy posture Poor Fair Good Excellent
Security change managementManual. Error-prone
Mostly manual.Some errors.
Mostly automated. Few errors
Automated policy pushVirtually error-free
Network infrastructure auditing Manual. Costly.Some automation.Costly.
Automated and continuous
Automated and continuous
Secure decommissioning of application connectivity
Never Rare Occasional Always
Alignment between security, network and service delivery teams
Poor Fair Good DevSecOps
Level 1Level 2
Level 3
Level 4
If we understand the application architecture and how it traverses the
network, we can dramatically increase our maturity in these areas and be
prepared for Software Defined Networks (SDN) such as Cisco ACI
(Application Centric Infrastructure)
As well as increase our business agility!
![Page 14: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/14.jpg)
BUSINESS APPLICATION ARCHITECTURE• One of the biggest challenges in IT is to understand
application architectures• Just like security, networking, and other IT
components, they can be complex• There are many different components, and here’s a
simplified view• Browsers (IE, Chrome, FireFox, etc)• Fat or thick clients (SAP, etc)• Web Servers (Apache, MicroSoft IIS, etc)• Middleware (Oracle WebLogic, Fusion, IBM WebSphere, etc)• Database Servers (Oracle, SQL Server, DB2, MongoDB,
Hadoop, etc)
• If we understand the application architecture then we understand how to secure the environment and create business agility when a change is needed
Client Tier
Web Tier
Business Logic Tier
Database Tier
![Page 15: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/15.jpg)
IDENTIFYING BUSINESS APPLICATIONS• How do you get a picture of the application and its components?
• Ask the application developer…they will know a few pieces
• Ask the sysadmin…he know what software was loaded, but…
• Ask the DBA…he just left…
• Ask the middleware engineer…They deal with a lot of applications, which one?
• Look in the CMDB…this has stale information from 5 years ago…
• It’s really hard!!
Client Tier Web Tier Business Logic Database Tier
![Page 16: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/16.jpg)
DEFINING THE APPLICATION ARCHITECTURE
Obtaining application architecture information• Import DB tables through CSV files• Sensors, Probes or Packet Brokers
which get data from:• port mirroring• promiscuous mode on an ESX server• host-based (local) sensor on an
application server• data captures in PCAP, TCPDUMP and
NetFlow format
• Capturing syslog traffic• Existing security policy
Let’s look at this one first…
![Page 17: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/17.jpg)
FIREWALL POLICY
Identify your application…Like Lotus Notes
![Page 18: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/18.jpg)
FIREWALL POLICY
You’ve documented your application!!
Information can be pulled from Section Headers, Comment Fields, Object Names, Services, etc
![Page 19: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/19.jpg)
AUTO DISCOVERY OF BUSINESS APPLICATIONS
• Another method to consider is “Autodiscovery”
• Why? • Because it happens dynamically• You don’t need to rely on tribal
knowledge that left the company• The application is comprised of many
different components that are difficult for one individual to describe for you
• Because your applications run your business and if it breaks, you need to figure out where to fix it
• It can help you automatically identify changes to the application behavior over time
![Page 20: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/20.jpg)
• Autodiscovery can happen in a variety of forms
• The goal is to capture the relevant information in order to build an application diagram
DISCOVERING EXISTING APPLICATIONS
Easily discover existing application connectivity flows
PacketBroker
ESX ServerHost base sensor
On Application Server
Now that we have the application described, how can we identify the risks involved with the application?
![Page 21: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/21.jpg)
• How risky is the application?• Overall application
• Components of the application
• Access to the application
• Identifying the application components helps you gain visibility into the risk of the entire application
• Measure the risk, just like any other corporate process
RISK AND THE APPLICATION
![Page 22: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/22.jpg)
• Applications can have labels and priorities
• Application vulnerability scores can be summarized
IDENTIFY RISK WITHIN CRITICAL BUSINESS APPLICATIONS
![Page 23: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/23.jpg)
• Application component risk• Applications have many
components• Web server• Database server• Middleware• NTP server• DNS • etc
• Unscanned servers• You don’t know what kind of risk
you have here, or if there is malware on these systems already
WHAT OTHER RISKS DO WE HAVE?
![Page 24: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/24.jpg)
• Measuring Risk helps application developers understand security’s view point to help prevent a data breach
• Integrate the vulnerability assessment scanning data into the application architecture
• Qualys, Rapid 7 and Nessus scanners + more
• Helps requestors know what parts of their application are vulnerable to breaches
“RISK” CAN BE ADDED WHEN PERFORMING FIREWALL CHANGE REQUEST
• The red highlight critical risk
• The yellow highlighted medium risk
• The gray identified serves that were not scanned
![Page 25: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/25.jpg)
CONSTANTLY TRY TO IMPROVE YOUR SCORE
• By measuring your application risk you can maintain a process to reduce it over time
• Certain components of the application will be more critical than others
• Prioritize your remediation strategies to accomplish your goals for risk reduction
• How risky is it to migrate your application?
![Page 26: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/26.jpg)
MIGRATE APPLICATIONS TO NEW DATA CENTER
• Identify Applications
• Extract relevant components
• Map new IP information
• Automatically prepare firewall changes for new connectivity
• Implement changes
• Decommission old rules
![Page 27: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/27.jpg)
HELP DESK APPLICATION
1. This is the application to migrate
2. Identify the flows
3. Identify the relevant servers
4. Prepare change requests
Help Desk Application1
2
![Page 28: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/28.jpg)
MIGRATING THE HELP DESK APPLICATION
Extract required servers and prepare them for the
planning stage
Help Desk Application
3
![Page 29: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/29.jpg)
LETS MIGRATE A SERVER FROM THE APPLICATION
![Page 30: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/30.jpg)
SMS SERVER DC1 HAS A NEW DEFINITION
• Understanding the architecture helps you identify what components need to talk to each other
• If this server moves to a new location, these flows will be affected
![Page 31: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/31.jpg)
WE
We have the server definitions defined, but now we need to update the application
![Page 32: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/32.jpg)
OPEN REQUEST CREATED
Updated kicks off an open request to modify application connectivity
4
![Page 33: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/33.jpg)
![Page 34: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/34.jpg)
CHANGE REQUEST IS AUTOMATICALLY PLANNED
![Page 35: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/35.jpg)
RISK CHECKS FOR NEW SERVER MOVE (TO BE APPROVED)
This is where we can understand how much
risk is introduced by the application move
![Page 36: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/36.jpg)
SECURITY POLICY DETAILS FOR EACH DEVICE (TO BE IMPLEMENTED)
![Page 37: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/37.jpg)
ANOTHER DEVICE IN THE PATH
![Page 38: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/38.jpg)
PROGRESSING ALONG THE PATH
![Page 39: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/39.jpg)
MIGRATION COMPLETE
![Page 40: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/40.jpg)
SUMMARY
• Increase your security policy management maturity by mapping your application architecture
• This will give you better security visibility and also business agility
• Try to progress your maturity in a consistent manner
• Include risk analysis for your application visibility
• Mapping applications can accelerate your data center and cloud migration goals!!
40 | Confidential
![Page 41: Learn how an app-centric approach will improve security & operational efficiency](https://reader031.fdocuments.net/reader031/viewer/2022030304/587903851a28ab6f658b468f/html5/thumbnails/41.jpg)
MORE RESOURCES