SlideShare a Scribd company logo

Putting the Sec into DevOps

M
Maytal Levi

Putting the Sec into DevOps DevOps enables companies to deliver innovations faster to market. But with multiple functional teams collaborating on development, and so many moving parts, security is often left out of the DevOps process and then tacked on at the end - delaying deployment into production and negating many of the benefits of DevOps. Presented by renowned industry expert Prof. Avishai Wool, this new technical webinar will cover best practices for incorporating security into the DevOps lifecycle. This insight will help ensure better collaboration between security and the development teams right from the start and reduce the time, cost and risk of deploying applications into production. In this webinar Professor Wool will cover how to: • Identify and map existing applications and their connectivity flows to establish a baseline • Adjust application connectivity for each stage of the DevOps lifecycle – without coding • Automatically deploy connectivity throughout the development lifecycle using templates • Proactively assess risk and compliance throughout the DevOps process • Manage and maintain security in the production environment

Technology
1 of 54
Download to read offline
PUTTING THE SEC INTO DEVOPS Prof. Avishai Wool
AGENDA • Introduction: DevOps and Network Security • Ops + Security scenarios: Pitfalls and Tips • Dev + Security scenarios • DevOps with AlgoSec • Continuous integration with AlgoSec 2
WHAT’S THE MOTIVATION • Network connectivity and security is a painful bottleneck in the application delivery pipeline • Accelerate application delivery by automating network connectivity processing • Human intervention only when required • Visibility into application connectivity requirements is important for Network and Security teams • Security, full audit trail and continuous compliance must be built into the process 3
DEVOPS CYCLE • Develop (Programmers in R&D) • New application • New functionalities in an existing application • Test • Deploy (Ops) • Add capacity to an existing application • New deployment targets • Production 4
NO APPLICATION IS AN ISLAND Applications have connectivity requirements • Human users • Insiders • Remote sites and road warriors • Outsourcers • Business partners • Outsiders • Internal resources (DB, API to other applications, …) • Infrastructure resources (DNS, backup, authentication, …) • Business partner resources • Internet resource 5
NETWORK SEGMENTATION • Separate environments for Dev/Test/Pre-production/Production • Network security policies must allow the necessary traffic • Changes to applications that modify connectivity requirements must be implemented in network security policies • … so you need DevSecOps 6
TIGHTER SECURITY IN PROD DevelopmentTest Production Front Production Backend Pre-Production Test & Pre-Production environments: servers all in one security zone Production servers in several security zones 7
OPS + SECURITY SCENARIOS: PITFALLS AND TIPS
ADDING CAPACITY • Typically only Ops involved • Typically only relevant to Production environment • Add another • Web server to the web farm • Compute engine to the Compute cluster • Etc. • New clone has the same role as existing clones • No need for another security review – all pre-approved 9
SOUTHBOUND TRAFFIC: LOAD BALANCER • Load balancer in front of the web farm • Upstream security policies written using “Virtual IP” / “Virtual Server name” Result: • Add new server to the farm • Update load balancer configuration to use the new resource • No need to touch security policies Load Balancer DevTest Prod Front Prod Back Pre-Prod 10
EAST/WEST TRAFFIC • Need to connect to/accept connection from/other systems • Management connections • Access to internal/partner/Internet resources • Resources in other network segments • Connections flow across security zones • Load balancer does not help: need to differentiate between clones DevTest Prod Front Prod Back Pre-Prod Firewall 11
EAST/WEST TRAFFIC – SOLUTION A • Careful IP address allocation! • Discipline: • All clones have IP addresses in the same Subnet / Range / VLAN / VPC • Security policy rules allow traffic to/from whole Subnet Result: • Add new server to the farm • Ensure its IP address is in the correct Subnet / Range • No need to touch Security Policies 12
ADDRESS ALLOCATION – PROPERTIES Pro: works with all filtering technologies Con: • Pre-allocate IP addresses for each server class • Need to predict maximal capacity 13
EAST/WEST TRAFFIC – SOLUTION B • Use object groups! • Discipline: • Filtering devices have a network object group for each server class • Security policy rules allow traffic to/from object group Result: • Add new server to the farm • Add its IP address to the correct object group • No need to touch security policies rules – object change is sufficient  14
OBJECT GROUPS – PROPERTIES Pros: • Clones can have arbitrary IP addresses • No address pre-allocation • No need to predict maximal capacity Cons: • Need to touch object definitions on security devices • Goal: zero-touch orchestration, with audit trail • Requires filtering devices that support object groups • Router ACLs and cloud providers “Security Groups” have limitations 15
DEV + SECURITY SCENARIOS
DEVOPS WITHOUT “SEC” FAILURES • Developers add new functionality to an application • Everything works in Test and Pre-Production environments • Push new version to Production  Fail! 17
WHAT WENT WRONG? • Remember “No application is an island” • New functionality includes new connectivity flows • Dev didn’t document the new flows • Possibly didn’t realize new connectivity was required • Relaxed security policy in Dev, Test, Pre-Production environments allows connectivity • Maybe the resource replica/placeholder is inside the same zone? • Application works in Test: no need for Sec involvement – wrong! 18
DOCUMENT THE APPLICATION FLOWS • Maintain a repository recording all the flows required by each application • For each flow record, at least: • Source and Destination IP addresses • Services and network-applications in use • Automation Tools: • Modify the application record whenever new functionality adds flows • Add security review and approval for new flows during Dev cycle 19
TIP: TIGHTEN SECURITY AROUND TEST • Place filtering devices around the Pre-Production environment • Apply the tight security policy of Production • Not the loose policy of Dev! Result: • Dev forgets to document new flows or • Does not realize there is a new flow • Failure will happen in Pre-Production environment – as desired • … triggering Sec review earlier in the cycle DevTest Prod Front Prod Back Pre-Prod 20
MULTIPLE INSTANCES OF APPLICATION’S RECORD • Application’s flows in Dev / Test / Pre-Prod / Prod have • Same services (“SQL”, “HTTPS”, …) • Same logical structure (“Application Logic server connects to DB”) • Different IP addresses: Test DB is different from Prod DB • Maintain separate instances of the application’s record: • Dev (“Dev-Application-logic-server connects to Dev-DB”) • Test (“Test-Application-logic-server connects to Test-DB”) • Pre-Prod (“Pre-prod-Application-logic-server connects to Pre-Prod-DB”) • Prod (“Prod-Application-logic-server connects to Prod-DB”) 21
LIFECYCLE: MIGRATE BETWEEN STAGES • Pushing application version (e.g. from Pre-Prod to Production): • Provision workloads, deploy code, … • … Don’t forget to update the security policies protecting the next stage! • Not a simple copy! • Maintain a mapping: • Dev-DB  Test-DB • When deploying security rules, replace all Pre-Prod-DB by Prod-DB 22
DEVOPS WITH ALGOSEC
APPLICATION FLOW REPOSITORY: BUSINESSFLOW For all applications, maintain record of: • Network flows • Contact information • Connectivity status • Change history and activity log • Risk and vulnerability information • Initiate DevOps-led changes from UI or from API 24
SCENARIO: NEW APPLICATION ROLLOUT Background: • New application going live • All testing in pre-production environment completed successfully • Connectivity flows for pre-production documented in BusinessFlow Current task: • Configure security policies to allow connectivity in Production 29
• Move: if application will no longer have a staging environment • Clone: retain both staging and production environments
Map Pre-Production to Production servers
#4388 BusinessFlowChangeRequestfor GameStop Central - Production
#4388 BusinessFlowChangeRequestfor GameStop Central - Production
#4388 BusinessFlowChangeRequestfor GameStop Central - Production
ZERO-TOUCH All workflow steps can be automated (with controls & audit): • Automatically accept security devices to update • Automatically accept risk check (if risks below a defined threshold) • Automatically implement on devices (“ActiveChange”) 43
CONTINUOUS INTEGRATION WITH ALGOSEC
Deploy DEVOPS PIPELINE Developer commits code Compile & Package Unit Tests Test environments Integration Performance Bring up test environments Connectivity Tests + Open + Document Run all tests Production45
CI: CONNECTIVITY TEST PIPELINE (ZOOM IN) Application Connectivity .json Code BusinessFlow FireFlow Changed ? Yes No Test connectivity Yes Success Check status in Business Flow No Pre-approved – automatic implementation Requires security approval Fail 46
APP DEVELOPMENT • Developer maintains a json file describing application connectivity requirements in test and production environments • Commit with code • Alternatively, json automatically derived from puppet during test environment bring-up ConnectivityRequirements.json { “flow1”: { “source”: “10.20.1.4”, “destination”: “8.8.8.8”, “service”: “http”, “description”: “web connectivity to Google” }, “flow2”: { “source”: “10.20.1.4”, “destination”: “10.20.5.112”, “service”: “tcp/5432”, “description”: “connectivity to PostgreSQL DB” } } 47
CI UPDATES ALGOSEC • If connectivity requirements change - CI system (Jenkins, etc.) uses AlgoSec plugin to update AlgoSec • AlgoSec BusinessFlow calculates required changes and opens a Change Request with AlgoSec FireFlow 48
CONNECTIVITY CHECK • AlgoSec FireFlow calculates the network path and checks which security policies need to be updated (if any) • If connectivity already allowed -> Return “Success” 49
OPEN BLOCKED CONNECTIVITY • If connectivity not allowed -> go through automatic change process • Find relevant firewalls and policies, perform “what-if” risk analysis • If no risks (pre-approved connectivity, not breaking compliance) -> continue with zero-touch • Push changes to relevant firewalls and routers • Multiple vendors, physical or virtual, on-prem, SDN or cloud • -> Return “Success” ACI 50
WHAT JUST HAPPENED HERE • High percentage of application changes – automatically processed • Either already works, or pre-approved and immediately implemented • When manual security approval is required – Change Request automatically opened, with relevant application context • Application connectivity requirements – automatically updated • Full application context and visibility – for infrastructure changes, security incidents, network or server migrations, maintenance, etc. • Continuous compliance is retained • Security has full control over policy and approvals • Full audit trail and documentation of changes 51
THE BOTTOM LINE • More agile application development and delivery cycles • Security is no longer a bottleneck • App developers, DevOps and Security all save time and work thanks to automation 52
MORE RESOURCES 53
Thank you! Questions can be emailed to marketing@algosec.com

Recommended

Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solutionAlgosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Maytal Levi
 
DevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOpsDevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOps
shira koper
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best Practices
AlgoSec
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation
Maytal Levi
 
AlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarAlgoSec Application Migration Webinar
AlgoSec Application Migration Webinar
Maytal Levi
 
Ransomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondRansomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respond
AlgoSec
 
5 things you didnt know you could do with security policy management
5 things you didnt know you could do with security policy management5 things you didnt know you could do with security policy management
5 things you didnt know you could do with security policy management
AlgoSec
 
Migrating and Managing Security Policies in a Segmented Data Center
Migrating and Managing Security Policies in a Segmented Data CenterMigrating and Managing Security Policies in a Segmented Data Center
Migrating and Managing Security Policies in a Segmented Data Center
AlgoSec
 

Recommended

Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solutionAlgosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Maytal Levi
 
DevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOpsDevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOps
shira koper
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best Practices
AlgoSec
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation
Maytal Levi
 
AlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarAlgoSec Application Migration Webinar
AlgoSec Application Migration Webinar
Maytal Levi
 
Ransomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondRansomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respond
AlgoSec
 
5 things you didnt know you could do with security policy management
5 things you didnt know you could do with security policy management5 things you didnt know you could do with security policy management
5 things you didnt know you could do with security policy management
AlgoSec
 
Migrating and Managing Security Policies in a Segmented Data Center
Migrating and Managing Security Policies in a Segmented Data CenterMigrating and Managing Security Policies in a Segmented Data Center
Migrating and Managing Security Policies in a Segmented Data Center
AlgoSec
 
AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’ts
AlgoSec
 
Security Change Management: Agility vs. Control
Security Change Management: Agility vs. ControlSecurity Change Management: Agility vs. Control
Security Change Management: Agility vs. Control
AlgoSec
 
Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...
AlgoSec
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
AlgoSec
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
Maytal Levi
 
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires
Liraz Goldstein
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
AlgoSec
 
Taking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changesTaking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changes
AlgoSec
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slides
AlgoSec
 
Migrating Application Connectivity and Network Security to AWS
Migrating Application Connectivity and Network Security to AWSMigrating Application Connectivity and Network Security to AWS
Migrating Application Connectivity and Network Security to AWS
AlgoSec
 
Radically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertificationRadically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertification
AlgoSec
 
compliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarcompliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinar
AlgoSec
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)
AlgoSec
 
Migrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best PracticesMigrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best Practices
shira koper
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
AlgoSec
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
AlgoSec
 
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application ConnectivityMovin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
shira koper
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network final
AlgoSec
 
Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Security
shira koper
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
CloudPassage
 
15-factor-apps.pdf
15-factor-apps.pdf15-factor-apps.pdf
15-factor-apps.pdf
Nilesh Gule
 
Better Deployments with Sub Environments Using Spring Cloud and Netflix Ribbon
Better Deployments with Sub Environments Using Spring Cloud and Netflix RibbonBetter Deployments with Sub Environments Using Spring Cloud and Netflix Ribbon
Better Deployments with Sub Environments Using Spring Cloud and Netflix Ribbon
VMware Tanzu
 

More Related Content

What's hot

AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’ts
AlgoSec
 
Security Change Management: Agility vs. Control
Security Change Management: Agility vs. ControlSecurity Change Management: Agility vs. Control
Security Change Management: Agility vs. Control
AlgoSec
 
Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...
AlgoSec
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
AlgoSec
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
Maytal Levi
 
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires
Liraz Goldstein
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
AlgoSec
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slides
AlgoSec
 
Migrating Application Connectivity and Network Security to AWS
Migrating Application Connectivity and Network Security to AWSMigrating Application Connectivity and Network Security to AWS
Migrating Application Connectivity and Network Security to AWS
AlgoSec
 
Radically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertificationRadically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertification
AlgoSec
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)
AlgoSec
 
Migrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best PracticesMigrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best Practices
shira koper
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
AlgoSec
 
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application ConnectivityMovin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
shira koper
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network final
AlgoSec
 
Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Security
shira koper
 

What's hot (20)

AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’ts
 
Security Change Management: Agility vs. Control
Security Change Management: Agility vs. ControlSecurity Change Management: Agility vs. Control
Security Change Management: Agility vs. Control
 
Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
 
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires
2019 01-30 Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
 
Taking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changesTaking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changes
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slides
 
Migrating Application Connectivity and Network Security to AWS
Migrating Application Connectivity and Network Security to AWSMigrating Application Connectivity and Network Security to AWS
Migrating Application Connectivity and Network Security to AWS
 
Radically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertificationRadically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertification
 
compliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarcompliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinar
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)
 
Migrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best PracticesMigrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best Practices
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
 
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application ConnectivityMovin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network final
 
Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Security
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
 

Similar to Putting the Sec into DevOps

Better Deployments with Sub Environments Using Spring Cloud and Netflix Ribbon
Better Deployments with Sub Environments Using Spring Cloud and Netflix RibbonBetter Deployments with Sub Environments Using Spring Cloud and Netflix Ribbon
Better Deployments with Sub Environments Using Spring Cloud and Netflix Ribbon
VMware Tanzu
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with Docker
Docker, Inc.
 
OpenStack Enabling DevOps
OpenStack Enabling DevOpsOpenStack Enabling DevOps
OpenStack Enabling DevOps
Cisco DevNet
 

Similar to Putting the Sec into DevOps (20)

15-factor-apps.pdf
15-factor-apps.pdf15-factor-apps.pdf
15-factor-apps.pdf
 
Better Deployments with Sub Environments Using Spring Cloud and Netflix Ribbon
Better Deployments with Sub Environments Using Spring Cloud and Netflix RibbonBetter Deployments with Sub Environments Using Spring Cloud and Netflix Ribbon
Better Deployments with Sub Environments Using Spring Cloud and Netflix Ribbon
 
2018 07-24 network security at the speed of dev ops - webinar
2018 07-24 network security at the speed of dev ops - webinar2018 07-24 network security at the speed of dev ops - webinar
2018 07-24 network security at the speed of dev ops - webinar
 
12 Factor App Methodology
12 Factor App Methodology12 Factor App Methodology
12 Factor App Methodology
 
12-Factor Apps
12-Factor Apps12-Factor Apps
12-Factor Apps
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with Docker
 
Wellington MuleSoft Meetup 2021-02-18
Wellington MuleSoft Meetup 2021-02-18Wellington MuleSoft Meetup 2021-02-18
Wellington MuleSoft Meetup 2021-02-18
 
Operating a High Velocity Large Organization with Spring Cloud Microservices
Operating a High Velocity Large Organization with Spring Cloud MicroservicesOperating a High Velocity Large Organization with Spring Cloud Microservices
Operating a High Velocity Large Organization with Spring Cloud Microservices
 
Twelve-Factor App: Software Application Architecture
Twelve-Factor App: Software Application ArchitectureTwelve-Factor App: Software Application Architecture
Twelve-Factor App: Software Application Architecture
 
.NET Cloud-Native Bootcamp
.NET Cloud-Native Bootcamp.NET Cloud-Native Bootcamp
.NET Cloud-Native Bootcamp
 
Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOps
 
Modernizing Testing as Apps Re-Architect
Modernizing Testing as Apps Re-ArchitectModernizing Testing as Apps Re-Architect
Modernizing Testing as Apps Re-Architect
 
A Bit of Everything Chef
A Bit of Everything ChefA Bit of Everything Chef
A Bit of Everything Chef
 
JCON_15FactorWorkshop.pptx
JCON_15FactorWorkshop.pptxJCON_15FactorWorkshop.pptx
JCON_15FactorWorkshop.pptx
 
AzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release ManagementAzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release Management
 
.NET microservices with Azure Service Fabric
.NET microservices with Azure Service Fabric.NET microservices with Azure Service Fabric
.NET microservices with Azure Service Fabric
 
CloudFest 2018 Hackathon Project Results Presentation - CFHack18
CloudFest 2018 Hackathon Project Results Presentation - CFHack18CloudFest 2018 Hackathon Project Results Presentation - CFHack18
CloudFest 2018 Hackathon Project Results Presentation - CFHack18
 
OpenStack Enabling DevOps
OpenStack Enabling DevOpsOpenStack Enabling DevOps
OpenStack Enabling DevOps
 
Kube con china_2019_7 missing factors for your production-quality 12-factor apps
Kube con china_2019_7 missing factors for your production-quality 12-factor appsKube con china_2019_7 missing factors for your production-quality 12-factor apps
Kube con china_2019_7 missing factors for your production-quality 12-factor apps
 
DevSecOps - Security in DevOps
DevSecOps - Security in DevOpsDevSecOps - Security in DevOps
DevSecOps - Security in DevOps
 

Recently uploaded

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

Recently uploaded (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 

Putting the Sec into DevOps

  • 1. PUTTING THE SEC INTO DEVOPS Prof. Avishai Wool
  • 2. AGENDA • Introduction: DevOps and Network Security • Ops + Security scenarios: Pitfalls and Tips • Dev + Security scenarios • DevOps with AlgoSec • Continuous integration with AlgoSec 2
  • 3. WHAT’S THE MOTIVATION • Network connectivity and security is a painful bottleneck in the application delivery pipeline • Accelerate application delivery by automating network connectivity processing • Human intervention only when required • Visibility into application connectivity requirements is important for Network and Security teams • Security, full audit trail and continuous compliance must be built into the process 3
  • 4. DEVOPS CYCLE • Develop (Programmers in R&D) • New application • New functionalities in an existing application • Test • Deploy (Ops) • Add capacity to an existing application • New deployment targets • Production 4
  • 5. NO APPLICATION IS AN ISLAND Applications have connectivity requirements • Human users • Insiders • Remote sites and road warriors • Outsourcers • Business partners • Outsiders • Internal resources (DB, API to other applications, …) • Infrastructure resources (DNS, backup, authentication, …) • Business partner resources • Internet resource 5
  • 6. NETWORK SEGMENTATION • Separate environments for Dev/Test/Pre-production/Production • Network security policies must allow the necessary traffic • Changes to applications that modify connectivity requirements must be implemented in network security policies • … so you need DevSecOps 6
  • 7. TIGHTER SECURITY IN PROD DevelopmentTest Production Front Production Backend Pre-Production Test & Pre-Production environments: servers all in one security zone Production servers in several security zones 7
  • 8. OPS + SECURITY SCENARIOS: PITFALLS AND TIPS
  • 9. ADDING CAPACITY • Typically only Ops involved • Typically only relevant to Production environment • Add another • Web server to the web farm • Compute engine to the Compute cluster • Etc. • New clone has the same role as existing clones • No need for another security review – all pre-approved 9
  • 10. SOUTHBOUND TRAFFIC: LOAD BALANCER • Load balancer in front of the web farm • Upstream security policies written using “Virtual IP” / “Virtual Server name” Result: • Add new server to the farm • Update load balancer configuration to use the new resource • No need to touch security policies Load Balancer DevTest Prod Front Prod Back Pre-Prod 10
  • 11. EAST/WEST TRAFFIC • Need to connect to/accept connection from/other systems • Management connections • Access to internal/partner/Internet resources • Resources in other network segments • Connections flow across security zones • Load balancer does not help: need to differentiate between clones DevTest Prod Front Prod Back Pre-Prod Firewall 11
  • 12. EAST/WEST TRAFFIC – SOLUTION A • Careful IP address allocation! • Discipline: • All clones have IP addresses in the same Subnet / Range / VLAN / VPC • Security policy rules allow traffic to/from whole Subnet Result: • Add new server to the farm • Ensure its IP address is in the correct Subnet / Range • No need to touch Security Policies 12
  • 13. ADDRESS ALLOCATION – PROPERTIES Pro: works with all filtering technologies Con: • Pre-allocate IP addresses for each server class • Need to predict maximal capacity 13
  • 14. EAST/WEST TRAFFIC – SOLUTION B • Use object groups! • Discipline: • Filtering devices have a network object group for each server class • Security policy rules allow traffic to/from object group Result: • Add new server to the farm • Add its IP address to the correct object group • No need to touch security policies rules – object change is sufficient  14
  • 15. OBJECT GROUPS – PROPERTIES Pros: • Clones can have arbitrary IP addresses • No address pre-allocation • No need to predict maximal capacity Cons: • Need to touch object definitions on security devices • Goal: zero-touch orchestration, with audit trail • Requires filtering devices that support object groups • Router ACLs and cloud providers “Security Groups” have limitations 15
  • 16. DEV + SECURITY SCENARIOS
  • 17. DEVOPS WITHOUT “SEC” FAILURES • Developers add new functionality to an application • Everything works in Test and Pre-Production environments • Push new version to Production  Fail! 17
  • 18. WHAT WENT WRONG? • Remember “No application is an island” • New functionality includes new connectivity flows • Dev didn’t document the new flows • Possibly didn’t realize new connectivity was required • Relaxed security policy in Dev, Test, Pre-Production environments allows connectivity • Maybe the resource replica/placeholder is inside the same zone? • Application works in Test: no need for Sec involvement – wrong! 18
  • 19. DOCUMENT THE APPLICATION FLOWS • Maintain a repository recording all the flows required by each application • For each flow record, at least: • Source and Destination IP addresses • Services and network-applications in use • Automation Tools: • Modify the application record whenever new functionality adds flows • Add security review and approval for new flows during Dev cycle 19
  • 20. TIP: TIGHTEN SECURITY AROUND TEST • Place filtering devices around the Pre-Production environment • Apply the tight security policy of Production • Not the loose policy of Dev! Result: • Dev forgets to document new flows or • Does not realize there is a new flow • Failure will happen in Pre-Production environment – as desired • … triggering Sec review earlier in the cycle DevTest Prod Front Prod Back Pre-Prod 20
  • 21. MULTIPLE INSTANCES OF APPLICATION’S RECORD • Application’s flows in Dev / Test / Pre-Prod / Prod have • Same services (“SQL”, “HTTPS”, …) • Same logical structure (“Application Logic server connects to DB”) • Different IP addresses: Test DB is different from Prod DB • Maintain separate instances of the application’s record: • Dev (“Dev-Application-logic-server connects to Dev-DB”) • Test (“Test-Application-logic-server connects to Test-DB”) • Pre-Prod (“Pre-prod-Application-logic-server connects to Pre-Prod-DB”) • Prod (“Prod-Application-logic-server connects to Prod-DB”) 21
  • 22. LIFECYCLE: MIGRATE BETWEEN STAGES • Pushing application version (e.g. from Pre-Prod to Production): • Provision workloads, deploy code, … • … Don’t forget to update the security policies protecting the next stage! • Not a simple copy! • Maintain a mapping: • Dev-DB  Test-DB • When deploying security rules, replace all Pre-Prod-DB by Prod-DB 22
  • 24. APPLICATION FLOW REPOSITORY: BUSINESSFLOW For all applications, maintain record of: • Network flows • Contact information • Connectivity status • Change history and activity log • Risk and vulnerability information • Initiate DevOps-led changes from UI or from API 24
  • 25.
  • 26.
  • 27.
  • 28.
  • 29. SCENARIO: NEW APPLICATION ROLLOUT Background: • New application going live • All testing in pre-production environment completed successfully • Connectivity flows for pre-production documented in BusinessFlow Current task: • Configure security policies to allow connectivity in Production 29
  • 30.
  • 31.
  • 32.
  • 33. • Move: if application will no longer have a staging environment • Clone: retain both staging and production environments
  • 34. Map Pre-Production to Production servers
  • 35.
  • 36.
  • 37.
  • 39.
  • 42.
  • 43. ZERO-TOUCH All workflow steps can be automated (with controls & audit): • Automatically accept security devices to update • Automatically accept risk check (if risks below a defined threshold) • Automatically implement on devices (“ActiveChange”) 43
  • 45. Deploy DEVOPS PIPELINE Developer commits code Compile & Package Unit Tests Test environments Integration Performance Bring up test environments Connectivity Tests + Open + Document Run all tests Production45
  • 46. CI: CONNECTIVITY TEST PIPELINE (ZOOM IN) Application Connectivity .json Code BusinessFlow FireFlow Changed ? Yes No Test connectivity Yes Success Check status in Business Flow No Pre-approved – automatic implementation Requires security approval Fail 46
  • 47. APP DEVELOPMENT • Developer maintains a json file describing application connectivity requirements in test and production environments • Commit with code • Alternatively, json automatically derived from puppet during test environment bring-up ConnectivityRequirements.json { “flow1”: { “source”: “10.20.1.4”, “destination”: “8.8.8.8”, “service”: “http”, “description”: “web connectivity to Google” }, “flow2”: { “source”: “10.20.1.4”, “destination”: “10.20.5.112”, “service”: “tcp/5432”, “description”: “connectivity to PostgreSQL DB” } } 47
  • 48. CI UPDATES ALGOSEC • If connectivity requirements change - CI system (Jenkins, etc.) uses AlgoSec plugin to update AlgoSec • AlgoSec BusinessFlow calculates required changes and opens a Change Request with AlgoSec FireFlow 48
  • 49. CONNECTIVITY CHECK • AlgoSec FireFlow calculates the network path and checks which security policies need to be updated (if any) • If connectivity already allowed -> Return “Success” 49
  • 50. OPEN BLOCKED CONNECTIVITY • If connectivity not allowed -> go through automatic change process • Find relevant firewalls and policies, perform “what-if” risk analysis • If no risks (pre-approved connectivity, not breaking compliance) -> continue with zero-touch • Push changes to relevant firewalls and routers • Multiple vendors, physical or virtual, on-prem, SDN or cloud • -> Return “Success” ACI 50
  • 51. WHAT JUST HAPPENED HERE • High percentage of application changes – automatically processed • Either already works, or pre-approved and immediately implemented • When manual security approval is required – Change Request automatically opened, with relevant application context • Application connectivity requirements – automatically updated • Full application context and visibility – for infrastructure changes, security incidents, network or server migrations, maintenance, etc. • Continuous compliance is retained • Security has full control over policy and approvals • Full audit trail and documentation of changes 51
  • 52. THE BOTTOM LINE • More agile application development and delivery cycles • Security is no longer a bottleneck • App developers, DevOps and Security all save time and work thanks to automation 52
  • 54. Thank you! Questions can be emailed to marketing@algosec.com