DevOps methodologies have become extremely popular to enable agile application development and delivery.
In this webinar, Anner Kushnir, AlgoSec’s VP of Technology will describe how the innovative 'Connectivity as Code' approach can be implemented to overcome these challenges, and seamlessly weave network security into the existing CI/CD pipeline in order to fully automate the application delivery process end-to-end.
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
2018 07-24 network security at the speed of dev ops - webinar
1. NETWORK SECURITY AT
THE SPEED OF DEVOPS
Anner Kushnir, VP Technology
Anner Kushnir
VP Technology
2. WELCOME
Have a question? Submit it via the chat
This webinar is being recorded!
Slides and recording will be sent to you after the webinar
2
3. WHAT IS DEVOPS?
• DevOps is a software engineering culture and
practice that aims at unifying software
development (Dev) and software operation (Ops).
• The main characteristic of the DevOps movement
is to strongly
advocate automation and monitoring at all steps
of software construction,
from integration, testing, releasing to
deployment and infrastructure management.
• DevOps aims at shorter development
cycles, increased deployment frequency, more
dependable releases, in close alignment with
business objectives.
code
build
test
deploy
operate
monitor
3
5. What DevOps Is
DEVOPS SECURITY
Resource
Minutes
StorageServer
Minutes
Security /
Connectivity
WeeksTime to Provision
6. How often is network connectivity slowing down
DevOps processes in your organization?
• Never
• Once a month
• Once a week
• Once a day
• Not practicing DevOps yet, I am here to learn
POLL
Please vote using the “votes from audience” tab in your BrightTALK panel
6
7. FROM OUR CUSTOMERS
“The process is broken. Developers are required to ask for
things no developer should even know about.”
“Things that should take 20 minutes drag for days and weeks.”
Senior application architect at large financial institute
“Everything works great, until some change needs to be done
in the firewalls. Then you open a ServiceNow ticket, then wait
for 2 weeks without knowing what will happen.”
Senior DevOps consultant working with large banks
“AlgoSec is the missing link”
7
8. ALGOSEC FOR DEVOPS
Network Connectivity is a painful bottleneck in the Application
Delivery pipeline
The Solution: Business-driven Automation
Bake network security into the DevOps pipeline
• Security is no longer a bottleneck – App Developers happy
Human intervention only when required
• Security still has full control and visibility – Security happy
• Business application connectivity automatically documented –
Everyone’s happy!
8
9. CI/CD PIPELINE
Palo Alto Networks Proprietary and Confidential
9
Test
environments
Integration
Performance
Run all tests
Production
Developer
Commits
Code
Compile &
Package
Unit
tests
Bring up test
environments
Connectivity
Deploy
9
10. CONNECTIVITY BLOCK (ZOOM IN)
Connectivity
as Code
BusinessFlow
Changed?
Yes
No
No
Yes
Success
Fail
Traffic Simulation
Query
FireFlow
10
11. BUILDING BLOCKS
END-TO-END NETWORK VISIBILITY
Find which security devices are in the path, and whether they allow
application traffic
Firewalls, Routers, Cloud, SDN
11 | Confidential
12. BUILDING BLOCKS
ZERO-TOUCH CHANGE
AUTOMATION
12
• Find which firewalls/policies require change
• Automatic risk check – continuous compliance
• Customizable flow – thresholds, approvals
• Automatic design and push of changes
• End-to-end - Multi-vendor, multi-platform
• Optimized changes, eliminate human error
• Full documentation and audit trail
13. BUILDING BLOCKS
BUSINESS APPLICATION REPOSITORY
Application owners (“Top down”)
• Manage application connectivity
• Describe as logical flows
• No need to know the network
• All application details in one place
• Connectivity, Risks, Compliance,
Vulnerabilities
BusinessFlow
13
14. ALGOBOT - POWER TO THE (APP) PEOPLE
• Personal network security policy assistant
• Exposes AlgoSec capabilities to App Developers
• Self Service, Empowered
• Use cases:
• Check on application’s connectivity status
• Check whether network security needs to be involved
• Easily check change requests status
• Bonus: less headache for network security
14
15. BUILDING BLOCKS
BUSINESS APPLICATION REPOSITORY
Network Security (“bottom up”)
• Automatic business context for every rule, firewall, host
• Audits, recertification
• Understand Business impact
• Cleanup, Maintenance, Security incidents
• No more “reverse engineering”
15
16. • AlgoSec APIs
• AlgoSec Python SDK
• Build your own flow, powered by AlgoSec
• AlgoSec “role” for Ansible
• AlgoSec cookbook for Chef
BUILDING BLOCKS
INTEGRATION
16
17. WHAT JUST HAPPENED HERE
• Majority of application changes – automatically processed
• Either already works, or pre-approved and immediately implemented
• When security approval is required – Change Request automatically opened
• Application connectivity repository – automatically updated
• Immediate application context – for security incidents, network/server migrations, maintenance,
etc.
• Continuous compliance is retained
• Security has full control over policy and approvals
• Full audit trail and documentation
17
18. ADDITIONAL RESOURCES
18
WEBINAR SLIDES
3- PART BLOG SERIES
WHITEPAPER
SOLUTION BROCHURE
PROF. WOOL COURSE
DEVOPS DEMO
ANSIBLE ROLE
CHEF COOKBOOK
PYTHON SDK
Please click on images to access links
19. • DevOps is all about empowering
application developers
• AlgoSec DevOpsifies Network
Security into the CI/CD pipeline
• Continuous compliance is retained
• Business applications repository
automatically created
• Business context baked into network
security operations
SUMMARY
22. The premier event for AlgoSec
customers and channel partners
Australia, July 31- Aug 3 | Americas, October 15-18
For more info:
https://www.algosec.com/algosummit/
There are several resources available for you – you can link to them directly through the attachments tab on your right.
Ansible https://galaxy.ansible.com/algosec/algosec/ & Python SDK https://github.com/algosec/algosec-python
A whitepaper on DevOpsifying Network Security: https://www.algosec.com/lp/devopsifying-network-security/
The AlgoSec Network Security & DevOps Solution Brochure: https://www.algosec.com/wp-content/uploads/2017/01/170112_algosec_devops_solution_brochure.pdf
Chef Cookbook: https://supermarket.chef.io/cookbooks/algosec
Several AlgoSec Blog posts: https://www.algosec.com/blog/category/devops/
& Chef’s Blog: https://blog.chef.io/2018/07/17/algosec-cookbook-certified-by-the-chef-partner-cookbook-program/
As well as several video files:
The DevOps Demo available on YouTube: https://www.youtube.com/watch?v=VFIE7XXBf3c
Professor Wool’s Whiteboard 4-Video Courses on the best practices for incorporating security into DevOps https://www.algosec.com/professor-wool/best-practices-incorporating-security-devops/
And the webinar slides, which we will be uploading shortly
Now, let’s open up the floor for some Q & A questions.
NEED TO UPDATE
And, before we part – we welcome you to connect with us through our social networks in LinkedIn, Facebook, Twitter and our blog.