Micro-segmentation is a crucial defense-in-depth strategy for enterprises. It segregates and protects key company data to limit attackers’ lateral movements across the corporate network. It is also effective in reducing the scope of audits for regulations such as PCI-DSS. But managing the firewall rules that enforce your micro-segmented network is challenging – and the more segments you have, the more firewalls you need to deploy and manage. This inherent trade-off between security and complexity often results in under- segmented networks, which are not as secure as they should be. Fortunately, AlgoSec makes it easy to define and enforce micro-segmentation throughout your network and across all leading firewall platforms.
Discover Business Applications
The AlgoSec Benefits This first step to segmentation is understanding the traffic • Auto-discover applications and their connectivity traversing in the network and identifying the intent of the flows – without requiring any prior knowledge flows by mapping them to the applications they support. • Design your segmentation zones with live and always This can be achieved by: up-to-date map of connectivity requirements IMPORTING the flows from a CSV file • Easily define allowed traffic between your network segments • Ensure changes adhere to your micro-segmentation strategy INTEGRATING with a micro-segmentation tool and compliance requirements such as Cisco Tetration, Illumio or Guardicore • Automatically implement network security changes
UTILIZING AlgoSec AutoDiscovery to analyze your • Support software-defined micro-segmentation on platforms
traffic flows and turn them into a clear map. such as Cisco ACI and VMWare NSX AutoDiscovery receives network traffic metadata as NetFlow, SFlow, or full packets and then digests multiple streams of traffic metadata to let you clearly visualize your network traffic. Business Impact • Easily define and continuously enforce your micro-segmentation strategy across your heterogeneous environment • Effectively limit the lateral movement of cyber attackers across your network • Ensure continuous compliance of your micro-segmentation network security strategy • Avoid errors, rework and application outages due to the micro-segmentation complexity • Create a scalable and repeatable process that aligns the different teams involved in the change process • Maintain uniform security policy across the entire cloud and on-premise hybrid environment Defining the Segments with Application Mapping AppViz leverages FireFlow’s automation capabilities to allow network engineers to easily execute the many required changes AlgoSec AppViz provides an application-centric approach related to rolling out the segmentation strategy in the network to your segmentation strategy. Leveraging the AutoDiscovery — while ensuring that changes are done quickly, in line with results, the AppViz advanced optimization algorithm the segmentation strategy. All that is needed is to request to aggregates a group of connections into thick flows. This apply the discovered application flows from AppViz to the can prevent overloading multiple rules on the firewalls, network and all the heavy lifting will be done by FireFlow. which can potentially lead to performance degradation. At the same time, business application owners get a clear view Once the zones have been defined in the network, FireFlow of the network flows that support their application. will ensure the that the segmentation strategy is upheld within the network. The intelligent risk-analysis step proactively This simplifies the experience of the security operation expert assesses each request against the defined segmented zones defining and maintaining a segmentation strategy by making ensuring all changes align with the segmentation strategy the firewall rules clearer to understand and manage. The without introducing new risk or breaking compliance. algorithm predicts the future behavior of the traffic and assures it is aligned with the segmentation policy. Mapping the flows associated with the business applications will give you the business intelligence you need to define the segmentation zones around your business applications, limiting outages and downtime.
Implement Segmentation Policies
AlgoSec FireFlow helps you process security policy changes
that are required for segmentation strategy. FireFlow automates the entire security policy change process — from design and submission to proactive risk analysis, implementation, validation, and auditing.
Comprehensive Support for Heterogeneous Environments
AlgoSec supports all the leading brands of traditional and next generation firewalls and cloud security controls, as well as routers, load balancers and web proxies across any heterogeneous and multi-vendor cloud, SDN or on-premise enterprise network environments. Additionally, AlgoSec seamlessly integrates with the leading IT service management, SIEM, identity management, orchestration systems and vulnerability scanners to deliver unified security policy management. To find out more about AlgoSec’s ecosystem of technology partners, visit www.algosec.com/algosec-ecosystem.
