More organizations are adopting network security policy management tools to improve security, application continuity, change management, cloud migration and disaster recovery. In many cases, companies that use NSPM have significantly improved both security operations and IT operations.
FireMon is taking NSPM further with FireMon Automation, which automates as much of the process as possible. For example, it executes automated change management processes based on a trigger for change, such as changes to an existing service or application, a new application launch or a security threat event. When presented with a change request or context-based trigger for change, the system will either validate it or send it to the company’s infosec team to review why it failed, map out the changes needed and send it back through the process.
If, for example, an application owner needs to add several servers to an existing application due to a spike in demand, FireMon Automation can identify the intent of the request (that new servers need to be deployed to be opened to HTTPS for an existing application), run an automated compliance/best practices check, and queue up for scheduled change or grant access in near real time, explained Don Closser, FireMon’s chief product officer.
Automating the NSPM process is critical, said Adam Hils, research director for network security at Gartner. It’s the key to enabling security operations teams to spend less time on tedious manual policy change approval, leaving more time to accomplish real security goals, such as threat hunting and incident response, he said.
The most appealing NSPM approaches will allow security administrators to automate to the degree that fits an organization’s risk tolerance, he added. “Conservative teams will review NSPM suggested policy changes, slightly streamlining what had been a lengthy, mistake-prone process; and the most aggressive NSPM users will use the solutions to automatically detect and secure infrastructure, network and platform changes, automatically recalibrating coordinate policy across transforming environments.”
Automating the process also can help stem compliance violations, Closser said. Each request passes compliance checks before moving into the design and implementation phase. And before changing policy on the firewall, FireMon will identify any part of the existing policy that should be combined or removed into the new access rule, avoiding redundant and shadowed rules on the firewall, he said. The security team also can have FireMon continuously monitor the policy for compliance, making sure that rouge or unauthorized changes have not degraded the compliant state post-deployment. If it identifies a best-practice violation in the policy, it will automatically revert to the correct access rule or queue it up to be approved for change.
Closser also said that automating the NSPM process can help reduce the friction between DevOps and SecOps.
“We often find DevOps teams running into a scenario where they want to deploy a new service but get stuck in a manual firewall change process that takes days to weeks. This can cause friction with the security team,” he said. “By automating compliance checks and building templates for different application teams, DevOps teams can send a workload out to production knowing compliance, policy design and change implementation will not be a manual bottleneck. And security will know that the deployment did not break the compliance guardrails they put in place.”
Newer, more automated NSPM solutions also help lead infrastructure transformation efforts. “With these tools in hand, security teams make possible agile migrations to public cloud, smoothly moving workloads anywhere, and securing complex private and hybrid cloud deployments automatically,” Hils said.