Suite 6 5 Release Notes
-
Upload
shadaab-ahmed-umair -
Category
Documents
-
view
231 -
download
0
Transcript of Suite 6 5 Release Notes
8/19/2019 Suite 6 5 Release Notes
http://slidepdf.com/reader/full/suite-6-5-release-notes 1/12
© Copyright 2013. AlgoSec, Inc. All rights reserved.
AlgoSec Security Management Suite 6.5
Release Notes (September 2013)
The information in this document is confidential.
8/19/2019 Suite 6 5 Release Notes
http://slidepdf.com/reader/full/suite-6-5-release-notes 2/12
2 © Copyright 2013. AlgoSec, Inc. All rights reserved.
Table of ContentsAlgoSec Security Management Suite Features........................................................................... 3
Juniper Space Support ................................................................................................................ 3
Juniper J Series, M/MX Series Support ....................................................................................... 3
VRF Separation for Cisco Routers ............................................................................................... 3
AlgoSec BusinessFlow Features ................................................................................................. 4
Impact Analysis ........................................................................................................................... 4
Advanced Searching Capabilities ................................................................................................ 4
Automatic Change Request Status Updates ................................................................................ 4
Enterprise Readiness .................................................................................................................. 4
AlgoSec FireFlow Features ......................................................................................................... 5 Usability Enhancements for Approvers ........................................................................................ 5
Usability Enhancements for Requestors ...................................................................................... 6
Performance ................................................................................................................................ 6
Validation of Work Order Recommendations Implementation ...................................................... 6
Partially Allowed and Not Routed Traffic ...................................................................................... 7
Choosing Wider Objects While Editing a Work Order .................................................................. 7
Edit Work Order for Palo Alto and Fortinet Devices ..................................................................... 8
Rule Modification ......................................................................................................................... 8
ActiveChange Install on All Policy Target .................................................................................... 9
Include Check Point Policy Name in Changes Without Ticket ...................................................... 9
Add Read Only Fields to a “Create” Ticket .................................................................................. 9
AlgoSec Firewall Analyzer Features .......................................................................................... 10
Out-of-the-box Baseline Configuration Compliance Reports ...................................................... 10
Web Services API ..................................................................................................................... 10
Policy Tab Enhancements ......................................................................................................... 10
Network Map Enhancements ..................................................................................................... 11
VIP Support ............................................................................................................................... 11
Dashboard for Policy Changes .................................................................................................. 11
Analysis on Specific Log Ranges ............................................................................................... 11
Provider Edition Improvements .................................................................................................. 11
Expiration Date for Trusted Traffic ............................................................................................. 12
Syslog Messages on Changes .................................................................................................. 12
Performance and Usability Improvements ................................................................................. 12
NAT Improvements.................................................................................................................... 12
8/19/2019 Suite 6 5 Release Notes
http://slidepdf.com/reader/full/suite-6-5-release-notes 3/12
3 © Copyright 2013. AlgoSec, Inc. All rights reserved.
The following features were added to the AlgoSec Security Management Suite 6.5, made
generally available in September 2013.
AlgoSec Security Management Suite Features
Support for Juniper Space
Juniper Junos Space and the Juniper SRX devices it manages are now fully supported.
BusinessFlow support includes:
Checking application connectivity supports flows that pass through devices managed by
Juniper Space, for immediate visibility of the relevant rules in the managed devices
Discovery of applications based on rules from Space managed devices
Impact Analysis can be performed on Space and the devices it manages
AlgoSec Firewall Analyzer (AFA) support includes:
Policy change monitoring
Full device analysis, optimization, risk check, and compliance reporting
Routing table analysis, including device connectivity diagram
Routing-aware traffic query capabilities
Baseline configuration compliance reporting
Support for Juniper J series, M/MX series
Juniper routers are now supported via the AlgoSec Extension Framework (AEF).
J series routers can now be considered in the path a flow takes in the network map.
Impact Analysis can be performed on Juniper routers (see Impact Analysis feature).
Changes in Juniper routers can be monitored for auditing purposes, and devices can be
added to the enterprise network map as well as to the AlgoSec Traffic Simulation Query.
VRF separation for Cisco IOS routers
Virtual Routing and Forwarding (VRF) allows setting virtual instances of routing tables on the same
router. Cisco IOS routers with VRFs can now be configured in AFA to consider each VRF as a
separate device. Each VRF has its own routes and interfaces, making the network map more
accurate and providing better Traffic Simulation Query results.
8/19/2019 Suite 6 5 Release Notes
http://slidepdf.com/reader/full/suite-6-5-release-notes 4/12
4 © Copyright 2013. AlgoSec, Inc. All rights reserved.
BusinessFlow Features
Impact Analysis
Identify the business impact of making changes to servers or devices:
Identify the applications impacted by planned or unexpected down-time of servers and
devices, as well as the exact flows that are relevant within these applications.
Enable organizations to simplify server migrations by discovering all of the applications that
are using the decommissioned server.
Advanced Searching Capabilities
Easily manage a large number of applications by finding all the applications that are in need ofsome traffic flow or which use a specific service, creating sophisticated searches with multiple
values, viewing the specific flows that meet the search criteria in each application, obtaining
contact information of people relevant to the discovered applications and sorting the list of found
applications by name, connectivity status, or date of update.
Automatic Change Request Status Updates
Gain improved visibility of the status of change requests originating in BusinessFlow as the
application status changes dynamically to reflect the status of the request. Keep track of
applications pending to be implemented, gain visibility of applications moving from 'Pending' to
'Active' once changes are implemented and create new drafts based on rejected revisions.
Enterprise Readiness
BusinessFlow supports enterprise requirements by preventing data loss with Backup and Restore
capabilities, using two appliances in active-standby mode to support High Availability, and enabling
the logo in the header to be customized to meet organizational standards.
8/19/2019 Suite 6 5 Release Notes
http://slidepdf.com/reader/full/suite-6-5-release-notes 5/12
5 © Copyright 2013. AlgoSec, Inc. All rights reserved.
AlgoSec FireFlow Features
Usability Enhancements for Approvers
Simplified screens make it easier for users to review the information. Additionally, the new UI
guides the user through the different steps of the workflow, while also providing a view to previous
steps (read-only), for better decision making and analysis (view the information in proper context).
Work Order information, Risk Check and Validation results are relevant to the device and if
available, are accessible on any step of the workflow
General details and traffic information for all devices in the change request are available as
additional layers on top of the change request, and can be expanded/collapsed.
Change request SLA status is constantly available on the main page of the change request,
with color coding (orange = not meeting SLA, green = meeting). Hover for details.
The top level menu to the left of the screen is collapsible enabling a larger viewable area to
more easily edit change request information and configurations.
Change request page performance improvements prioritize fetching of page elements.
8/19/2019 Suite 6 5 Release Notes
http://slidepdf.com/reader/full/suite-6-5-release-notes 6/12
6 © Copyright 2013. AlgoSec, Inc. All rights reserved.
Usability Enhancements for Requestors
New, simplified workflow template removes some of the least-frequently-used fields (Priority, cc,
refers to and refer to by).
Performance
Performance enhancements made across the different stages and components of FireFlow, from
the initial login and through the initial request and Auto Matching stages.
Validation of Work Order Recommendations Implementation
To improve change validation accuracy, a smart validation runs on the change request’s “Planned
Change” and “Work Order Recommendation” for each traffic line separately. In addition to auto-
matching, the new validation uses the monitor-collected policy, so the user is able to validate theCR immediately after is it implemented. Validation checks to make sure that:
Requested traffic is allowed and that the exact objects were defined, including their names
are as requested.
The change on the device is not wider than the work order recommendation and if so, fails
or only partially passes the validation.
Each Change Request receives a summarized validation result - if all traffic lines are “successful”
then it is validated; if at least one traffic line “fails” / “partially successful” than the validation “fails”.
Compared to auto-matching, smart validation results are displayed as part of the change request’s
display page, and is part of the change request’s life cycle. When the “validation tab” is displayed
the user will see the detailed validation results. When the user views the “validation tab” in “readonly” mode, a short sentence summarizing the validation result will be visible.
8/19/2019 Suite 6 5 Release Notes
http://slidepdf.com/reader/full/suite-6-5-release-notes 7/12
7 © Copyright 2013. AlgoSec, Inc. All rights reserved.
Partially Allowed and Not Routed Traffic
FireFlow now addresses cases where the traffic line in a change request is partially allowed or not
routed by the firewall. A more precise recommendation is now provided:
An object in source/destination/service will be ignored if it is allowed by the firewall for all
destinations/services/applications in the traffic line, or if it is not routed by the firewall at all.
Already allowed objects are marked with a sign. Not routed objects are marked with a .
Choosing Wider Objects While Editing a Work Order
An optional configuration in FireFlow lets the user choose, while editing the work order, alternative
objects that may contain more addresses in addition to the original request, hence are wider than
the original request. For example, if during handling a request to access server A1, net admin
realizes that server A1 has a backup server A2, he/she can now edit the work order to allow
access to a whole object A. By opening the advanced editing wizard, the user can either create a
new object (even is such an object already exists), see suggestions for objects that contain the
same IPs (exact match) or choose an object that contain the requested IP address from a list of
wider objects. Indication for the size and a drill down into its definition are available as well.
8/19/2019 Suite 6 5 Release Notes
http://slidepdf.com/reader/full/suite-6-5-release-notes 8/12
8 © Copyright 2013. AlgoSec, Inc. All rights reserved.
Edit Work Order for Palo Alto and Fortinet Devices
In addition to existing support for editing work order on Check Point and Juniper devices, FireFlow
now allows users to also edit work order for Palo Alto and Fortinet devices.
Editing the work order opens free-text fields for rule name (Palo Alto) and which rule will
follow the changed one (Palo Alto and Fortinet), as well as editable source, destination and
service fields. Application field is not editable.
Validation is performed on editable fields, ensuring correct work order is produced.
Rule Modification
FireFlow supports making changes to a rule (for example, in order to support server migration) for
all supported vendors, including ActiveChange for Check Point. Rule Modification is a new request
type, and out-of-the-box installation of FireFlow includes a request template and workflow type forrule modification, including a request creation, work order generation and change validation.
The new request type allows choosing a rule tomodify, out of a list which indicates which rules
are modifiable and which are not, updating new
source, destination and service and create the
change request for approval. The rule data is
fetched from a database containing the most
updated report or monitor information
(whichever had run most recently). If the rule
changed since the change request was created
then an appropriate message will be displayed
to the user.
8/19/2019 Suite 6 5 Release Notes
http://slidepdf.com/reader/full/suite-6-5-release-notes 9/12
9 © Copyright 2013. AlgoSec, Inc. All rights reserved.
ActiveChange – Install on All Policy Target
With ActiveChange, a new rule can now be installed on all Check Point devices that share the
same policy on the same management server.
Include Check Point Policy Name in Changes Without Ticket
Auto matching the list of changes without requests now also displays the policy name for Check
Point, Juniper NSM and FortiManager devices.
Add Read Only Fields to a “Create” Ticket
A Read-Only field can now be added to request forms – such as instructions or links, as well as
notifications to users regarding default values they cannot change.
8/19/2019 Suite 6 5 Release Notes
http://slidepdf.com/reader/full/suite-6-5-release-notes 10/12
10 © Copyright 2013. AlgoSec, Inc. All rights reserved.
AFA Features
Out-of-the-Box Baseline Configuration Compliance Reports
AFA allows security teams to easily verify that baseline hardware and software configurations
comply with the industry's best practices. The new out-of-the-box Baseline Compliance
requirements are now available for all supported devices, including new profiles for Juniper SRX,
Juniper NetScreen, Fortinet FortiGate, Palo Alto, McAfee Enterprise Firewall (Sidewinder), and
Cisco Nexus. Baseline Configuration reports can be customized and new ones can be created.
Web Services API
AFA now allows easy and quick integration of administration and information gathering tasks with
external applications using SOAP web services. This capability allows automating repeating
activities, such as on-boarding new customers in MSSP environments, extracting analyzed
information to enterprise dashboards and more. New web services include:
Administration Tasks - add \ edit device groups; run \ schedule an Analysis on a device;
get the list of all defined devices; create domain
Operational Tasks: edit Rule Documentation – allows to read\write data to be attached to
a specific rule in AFA; get Risk Analysis results
Policy Tab Enhancements
The Policy Tab simplifies
finding security rules for server
migration and data center
consolidation by allowing
multiple policies to be viewed
from a group of devices for
quickly locating policies and
rules based on information in
the rule or in the custom rule
documentation fields.
Search multiple policies for IP addresses contained within objects in rules, throughout the
object's hierarchy
Summary results include the number of relevant policies and relevant rules within each
policy
Enhanced search result view with highlighted text fields, for example objects in which the
searched IP or object resides
8/19/2019 Suite 6 5 Release Notes
http://slidepdf.com/reader/full/suite-6-5-release-notes 11/12
11 © Copyright 2013. AlgoSec, Inc. All rights reserved.
Network Map Enhancements
Enhanced map editing capabilities include merging multiple clouds, based on map search results
and adding, removing and editing networks on a cloud.
Enhanced routing simulation capabilities directly from the map include routing-only traffic
simulation on the entire map and a route lookup from a selected device to a chosen destination.
Enhanced map view allows for the left menu to be minimized, for a wider and clearer view.
Enhanced traffic simulation involving layer-2 devices includes filtering policy check on all
layer-2 devices in a group traffic simulation query.
VIP Support
AFA now supports Virtual IP assignments to devices' interfaces, commonly used in HSRP and
VRRP protocols, for Juniper (SRX and MX routers) and Cisco devices. This support enriches the
enterprise network map and the AlgoSec Traffic Simulation Query capabilities.
Dashboard for Policy Changes
The new Policy Changes dashboard provides instant visibility on the trends of policy changes in a
group of devices over time and on the number of policy changes per device within the group.
Analysis on Specific Log Ranges
Policy optimization analysis on a device or a
group can now be based on a specific log
range, configurable separately per-analysis. Get
ready for audits by easily determining the
starting point from which traffic logs are
analyzed.
Provider Edition Improvements
AFA Provider Edition (Domains) includes several enhancements in license provisioning:
Allocate a specific number of device licenses with separate provisioning per domain
Offer different services to each domain and support more flexible business models by
enabling different license types per domain
8/19/2019 Suite 6 5 Release Notes
http://slidepdf.com/reader/full/suite-6-5-release-notes 12/12
Expiration Date for Trusted Traffic
AFA allows selecting rules or traffic that are trusted and should not be considered in risk analysis.
The trusted traffic can now be limited to a certain time range, after which the traffic will be
considered risky again.
Syslog Messages on Changes
The Syslog messages generated by AFA now include messages about changes in rules, objects,
and services in the various devices' policies and configurations. The messages are sent
automatically based on the AlgoSec ongoing device monitoring, allowing integration with SIEM /
SOC products.
Performance and Usability Improvements
Performance and usability improvements include: web user interface general browsing
performance improvements, the ability to view the network map or policies at the full width of your
screen by hiding the left menu bar, and faster log collection and processing.
NAT Improvements
Enhanced support for destination NAT in complex queries
Support Cisco ASA 8.3 NAT rules and configurations
265 Franklin Street
Boston, MA 02110
USA
T: +1-888-358-3696
F: +1-866-673-7873
AlgoSec.com