Security policies are as critical to safeguarding your networks as any new cybersecurity product. Joanne Godfrey, director of communications for AlgoSec explains how policies can be better managed
Ever since the first firewalls were deployed on business networks in the early 1990s, enterprise security goals haven’t really changed: keep the bad guys out, and ensure that only authorized users and software are allowed to communicate over approved network paths. Sounds simple enough, right? And in those early days, those goals were relatively easy to achieve.
Networks were smaller and less complex, with fewer devices, business applications and external connections. So, the organization’s network security policies that governed how firewalls, proxy servers and other security devices work were simpler. They needed only a relatively small set of rules to control what traffic should be blocked, what should be allowed, and where it’s allowed to go to enable security, ensure compliance and drive business productivity.
Fast forward 25 years, and networks have grown dramatically in size and complexity, with business applications being introduced and changed rapidly to support more users and new functionality. Enterprise adoptions of virtualized and cloud infrastructures have introduced even more new network connectivity flows that need to be managed to keep applications secure. And the threat landscape has changed almost beyond recognition, which means more security products are deployed to counter new threats.
Traffic control problems
As a result, the security policies that control network devices and traffic have grown massively. They now typically comprise hundreds or even thousands of firewall rules – making it increasingly challenging to maintain those policies, and balance the needs of the business with the need to keep it as secure as possible. Just to keep up with business demands, network and security teams can find themselves managing hundreds of policy change requests a week.
With this growing volume and frequency of changes, continuing to rely on error-prone, manual processes to manage network security policy changes is too costly, time-consuming and inefficient. What’s more, it dramatically increases the potential for misconfigurations and mistakes that lead to application outages, security holes and compliance violations. In our 2016 State of Automation in Security” survey, 20% of organizations had experienced a security breach, 48% an application outage, and 42% a network outage as a result of a misconfiguration caused by a manual security-related process.
So it’s clear that organizations need to change the way that they manage their security policies, if they want to keep up with the speed of business – especially as more companies migrate applications to the cloud and adopt DevOps processes to help them develop and deploy new applications and functions faster. So how should they go about it?
The key is to automate policy changes using a management solution. An effective solution will provide holistic visibility across the enterprise network and the applications that run across it, enabling IT teams to see all the network and security devices, applications and their connectivity flows – whether on-premise or in private or public clouds – in a single pane of glass.
The solution will understand the rules and syntax used by the different network security devices – including traditional and next-gen firewalls and routers and cloud security controls – and manage them holistically from a single console, giving IT teams centralized control of all the ‘traffic lights’ on their networks, and enabling them to eliminate the time-consuming errors and problems that result from manual change processes.
It’s all about the applications
As the most common trigger for policy changes are changes to an application, it’s critical that teams understand exactly what devices and connectivity each application needs in order to function correctly and deliver its benefits, while remaining secure. Therefore, the automation solution should be able to automatically discover and map the connectivity flows for all of the enterprise’s business applications, to show IT and security staff exactly how data flows across the network. This application-centric approach helps teams to focus their efforts on what really matters to the business.
The automation solution should also enable IT teams to perform proactive risk analysis on planned application connectivity or security policy changes before they are made, to ensure that they don’t introduce security gaps or compliance violations. Then, if no exceptions or issues are identified, the approved changes can be rolled out to the relevant security devices with zero touch – thereby saving significant time, effort, and most importantly helping to prevent misconfigurations which cause outages and security holes. The solution should automatically document all these changes for audit purposes – and to help demonstrate compliance with the growing ‘alphabet soup’ of regulatory standards.
By taking an application-centric view of network security, the security policy management solution can also be used to accelerate incident response processes in the wake of cyberattacks or outages. Linking the policy management solution to SIEM systems and vulnerability scanners adds vital context to information about incidents, enabling network and security teams’ actions to be prioritized according to the risk and impact on critical business applications.
In conclusion, automating security policy management delivers a stronger security posture across organizations, enables business continuity, accelerates digital transformation initiatives such as migrating applications to the cloud, and streamlines DevOps processes by supporting team collaboration. Enterprise security truly is a matter of policy.