101 Guide to Security Automation

On-Demand

Video Transcription

Jennifer Pham:
Hello, everybody and welcome back to the Cybersecurity Digital Summit. I’m Jennifer Pham, head of online events at IQPC Digital. The last session introduced cyber threat intelligence, which has become an important supporting pillar in mature cybersecurity strategy. So, as mentioned earlier, when applied well, threat intelligence can help security teams defend against an ever more sophisticated threat landscape, from before, during and after an attack. Except we have security automation. This morning we actually spoke about the human element in cyber risk and if security is done manually, it can be prone to human error, so therefore, teams will need solid and automated solutions to tackle this threat landscape, thus this next session will provide a 101 Guide to Security Automation. Before I introduce you, sorry if for sounding like a broken record, but just in case it’s your first time here today, the Q and A box is open throughout the whole session, so you can ask questions from beginning until end. The console is also fully customizable, so you can maximize the view of the screen and don’t forget to download the assets from the resources box.

Jennifer Pham:
If you have any questions, feel free to pop them into the Q and A box and we’ll respond to you directly. If you’re having any problems with your screen or audio, please do refresh the screen and you should be seeing everything as per normal. Okay, we next have up here is Tim Woods, VP of Technology Alliances at FireMon, so over to you, Tim.

Tim Woods:
Jennifer, thank you so very much and I want to say a big thank you to the listening audience today as well. We realize that you have probably 100 other things you could be doing, but you chose to spend your time with us today and for that, I just want to give you my personal, sincere appreciation and thank you. So we’ll try to get through this content pretty quickly today, so as Jennifer said, if you have questions along the way, keep that paper and pencil handy there and jot them down as we go along and be sure to ask them at the end and we’ll try to address as many questions as we can as we go along here. So not only as Jennifer was going through the introduction there, not only do we have kind of a sophisticated threat landscape but, man, we have a lot of technology to help manage that sophisticated threat landscape, too. We definitely don’t have a shortage of technology. And even that, in and of itself, poses some issues as well. I know it’s even a struggle now for customers to set up their own labs and to evaluate technologies that they’re selecting and the last thing you want is to have some type of buyer’s remorse as you’re looking at these things that you’re expecting a return on your security investment.

Tim Woods:
And I know, even at the top, I’ve talked to many CISOs and COOs and C-level executives about the challenge that they have with the number of tools that they’re using today and the lack of ability to quantify the true return, the performance indicators to say, “Hey, am I getting return out of the investments that I’m making in this technology?” At FireMon, for those not familiar with FireMon, we’ve been around for almost 15 years helping customers. We’re a global security software company, development company and we’ve helping customers extend visibility across their hybrid infrastructure, help them identify and manage risk, definitely helping to drive automation and meet their compliance objectives in a dynamic fashion. But many of these technologies, I like to say, you can have the best technology on the planet, but if it’s not managed effectively, then you’re not going to realize that return on your investment. And that’s what we try to do is we try to help customers meet the challenges of growing complexity within their environments while helping them to manage the technology, empowering their people to manage the technology that they have. And let’s move right along.

Tim Woods:
One of the things I wanted to highlight here, just as we start out, there’s actually two things, but we do a couple of surveys each year. One, we do a state of the hybrid cloud security. We also do one that you’ll see me talk about here. It’s called the state of the firewall, which was just released yesterday and I’ll talk more about that in a couple of slides. But one of the things I wanted to highlight, and I would solicit you to go and take a look at that. You can go to our website and find in the resources, you can find the content if it’s not listed on the home screen to take you directly to it. But you can find it there and I think it’s some really good collateral that you’ll enjoy and some enlightening information that I think you’ll find useful as you’re discussing your implementation, security implementation strategies. But one of the things that was brought to light in the state of the hybrid cloud security is that top one there that I would bring your attention to.

Tim Woods:
It’s the one that says respondents agree or strongly agree that deployment of their business services in the cloud has accelerated past their ability to adequately secure them in a consistent manner. So what does that mean? It means business has accelerated past our ability to honor the business requests that are coming in in a timely manner. We’ll talk about that, but if I had to put a number on it, just from my own personal experience from talking to clients on a day in, day out basis, man, I’m going to say it’s somewhere up around 8X or higher from the business. And we believe we understand why that it is also, but one of the things that we’re seeing as a result of this business acceleration is people are, you tell somebody no long enough or you tell somebody to wait long enough, and they’re going to look for a way around you. And so now we see somewhat, I like to call it a fragmentation of security responsibility, we see people taking, we see people that haven’t traditionally taken responsibility for their security starting to take responsibility for their implementing their security data controls.

Tim Woods:
As an example we see business owners, stakeholders, devops, secops taking responsibility for many of the applications and assets and resources and services that they’re deploying in the cloud. And these are really, really smart people, but they’re not necessarily well grounded with a strong security foundation or strong security background, so it’s no wonder that we see some misconfigurations happening along the way. We also see kind of a misunderstanding between what a public cloud provider is providing in terms of security responsibility versus what we have to take responsibility for as a consumer of that public cloud service. And so if we don’t clearly understand where those lines of delineation exist, where those demarcations of responsibility are, then sometimes we can get that wrong as well. And the last thing we want is to expose our customers data or database. I mean, each week it seems like we’re seeing reports of either one or more data… We see hackers that aren’t even hacking.

Tim Woods:
They’re using bots or they’re using automation to scan the internet looking for public safety and IP addresses that have data unchallenged, exposed, that they can access, so it’s not even really hacking. They’re just looking for the car running that has the windows rolled down with the keys in it. So we’re seeing that happen a lot. And the velocity of business, I mean, it’s accelerated for the right reasons, right? People are trying to leverage competitive advantage. They’re trying to innovate. They’re trying to be very responsive to the demands and the needs and the desires of the customers and the way that the customers want to consume the data or consume the product that they’re offering. So no wonder they’re taking advantage of adopting cloud and embarking on their digital transformation journeys and cloud first strategies and virtualization, containerization, all those things that can help accelerate the business and give a better experience for the customer, more dynamic experience for the customer. So the velocity, the fact that the business is accelerating is no surprise and we see why it’s accelerating for the right reasons.

Tim Woods:
But to complicate things even further, one of the root cause, as we look at what is the root cause analysis. What is really the one of the key problems here? And we believe it’s directly linked to the cyber skills shortage that we’re currently imposed with. And so 67% say the skill shortage has increased the workload, so we’re stretching. Even the resources that we have are being stretched too thin, and so they have a lot of priorities on their plate. They can’t get to all of them. They try to get to the ones that they can and the ones that they can’t, they get pushed off for the next week. Only problem is, by the time next week gets here, we have more things that have backfilled and we have more priorities that we have to get to. So along the way we’re making compromises. Right? We’re making compromises, meaning that it’s not that we don’t know what to do. I hear people tell me each week, “Tim, it’s not that I don’t know what to do. It’s having the time to do it.” I hear from the managers, the security directors as well.

Tim Woods:
I hear them almost weekly telling me, “Tim, I have some of my best people, many of my best people, doing many redundant tasks, many re-occurring tasks, many highly frequent tasks that’s eating up their time and I need to get back some of their time in the day, their cycles in the day, so that I can have them focus on the higher skilled activities that I hired them for in the first place.” So it’s really a vicious circle that we find ourselves in as a result of this cybersecurity shortage. And I won’t read every one of these, being cognizant of the time, but you can see here it’s a real thing. In North America, the estimate is somewhere around 350,000 to 400,000 jobs, but it’s not just the fact that we have a job shortage. We can’t find the qualified people to fill those positions, and so anyway it puts us in this position of making compromises that unfortunately ends up in human error. It ends up in us doing 100 things kind of okay, but not doing any one thing really well.

Tim Woods:
And so it’s no wonder that you see these headlines weekly, weekly we’re seeing these headlines of data breaches due to misconfigurations. I think it was Gartner that said, “We believe that 99% of all firewall breaches will be a direct result of human misconfiguration.” So scary things, scary place, but definitely it points us, it gives us a direction to go as far as where we need to apply some attention. One of the costliest threats that we see, and this came as part of our intelligence gathering as well, but was planned changes, authorized changes, approved changes, meaning that 83% of impacts to the business or impacts to the system were made during an approved change. And in the state of the firewall report that hopefully you’ll have an opportunity to review also brings this. This is one of the things that was surfaced as well, talking about the number of changes that we have to make each week and how many of those changes result in an error or misconfiguration that we have to go back and rework.

Tim Woods:
And of course, when a change happens, in security in general, I’ll digress here just a second, though, I think one of the best things we can do for ourselves is monitoring for change, whether that’s an approved change, whether we’re verifying that we did what we said we were going to do and it works prior to the business having to pick up the phone and tell us something’s not working, we need to be proactive to know if worked or if it didn’t work. And of course, that takes time. It gets right back to the available cycles that we have in the day, but any time a change happens on our network, any time a change, we have to have real-time monitoring in place that detects that change. And of course, the question that we have to ask, that we always have to ask is was it good change or was it bad change? Did the change that just took place impact have an impact to the business in any way shape or form, but also did it have an impact to my compliance posture?

Tim Woods:
Did it have an impact to my risk posture? Did I just expose, did I open up access that just exposed a known vulnerability that I have an attack vector, a potential attack vector going into my infrastructure that didn’t exist previously? So monitoring for change and analyzing that change is extremely important. And we’re going to talk a little bit about that because as change happens and as complexity in the environment goes up, the resources required to manage that also goes up. But unfortunately what we’ve seen, and you can apply this to a number of different areas, if you look at the little chart here where it says challenged and highly challenged, if I apply this to, say, looking at just the sheer volume of firewall rules that exist in the enterprise today, that line would correlate almost exactly to just this volume increase. And of course, and they increase for various reasons, regulatory compliance initiatives, cloud adoption, having more security enforcement points throughout our infrastructure, micro segmentation, there’s just a number of reasons that the rules keep going up and to the right.

Tim Woods:
And as I said, I’ve been at FireMon for just about 12 years and so I’ve even seen this personally, where I remember seeing a firewall that had 8,000 rules on it and remembering, “God, how could you ever need 8,000 rules on a firewall?” and now I see firewalls that have 40,000, 50,000. We’ve even seen firewalls with 100,000 rules on them. So as these rules go up and to the right, the sheer volume, and you extrapolate that to say, “Hey, that’s just for one firewall. What if I have 60 firewalls or 200 firewalls?” Imagine the volume of rules. But the problem here is that the resources necessary to manage that has remained somewhat stagnant. And so apply this also to cloud adoption. Consider the number of applications that are being deployed in the cloud at any given time, applications, assets, resources and services that are being deployed. How are we tracking those? How are we managing those? Sometimes organic growth can be good, but if it’s not managed properly, organic growth can be bad also.

Tim Woods:
But think about the non-organic growth, when there’s a merger or an acquisition and you take on the assets of another company and now you have responsibility for that as well. So you can see here, if we don’t manage that growing complexity, if we don’t manage that growth and we’re not adding more resources, then what are we going to do? And I believe that automation, of course, is part of the solution here. We have to empower people to have more cycles in the day. We have to, if we’re not going to add more people, then we have to turn to automation to try to get more efficient in the things that we’re doing in order to be more productive in our day in, day out schedules, in order to get to those things that we know we need to be doing.

Tim Woods:
There are tons of benefits of automation. We don’t have enough time today to go through all of them, but even if I looked at, I think, top of the list, if I look at this list here, at the very top of the list and at the end of the day, it’s really about managing risk in our environment. It’s about managing risk to a level that’s acceptable by the business. It’s about understanding what we have that somebody else wants and to what extent they would go to get it. How well funded is the potential, nefarious bad actor and what will they do to get to what I have? And then I have to gear my defenses around accordingly to how big I think the threat is, but reducing risk, I think, looms large and risk awareness, raising, across the organization as well. And so there’s different kind of degrees of risk also, but where we have high risk and extreme risk, of course, those are areas of great concern and those are areas that we have to focus on.

Tim Woods:
And here again, too, is an area where I think automation can be applied, where we can remove some of the human element, remove some of the human error factor and apply better consistency and become a little more risk adverse as well. Here’s one thing that’s for sure. As that complexity in our environment goes up, and complexity comes in many forms, it can come in, again if I go and look at policy hygiene on an enforcement point, I think about unused rules, shadowed rules, redundant rules and of course, the infamous overly permissive rules, where we’re providing way more access to meet the objectives of the business than what is needed, which can open us up to additional risk as well. But as that complexity goes up, the probability of human error creeping into the equation also goes up, the probability of risk also goes up. So how do we manage that?

Tim Woods:
I put this little cartoon here, I just thought it was cute, but I thought it really depicted kind of where we’re at on any given day because some risk you can kind of get through it. You can walk through it, you can step over it. Some of it sometimes you have to kind of step back and take a jump, but then there’s risk that absolutely, unless we build a bridge, we’re just not going to be able to span that gap. So it’s important to understand how big the risk is and what we have to do about it. And it’s not just me saying this. My customers that we talked to again, this is directly coming from the customer’s voice. I’m not going to go into detail here because we’re already running up on our time and I want to leave room today for some questions, but the shortage is real. We talk about vendor consolidation, integration of the technology that I have, number of incident response saturation, this is a big area where automation can be applied to see some good return on that investment, but then also cloud is just as critical as ever.

Tim Woods:
It’s mission critical, but we need visibility in the cloud. We can’t just go in. Regardless we need visibility across our entire hybrid infrastructure. We can’t take our eyes off of the on prem just because we’re going into cloud, but just because we’re going into cloud doesn’t mean that we need any less visibility. We still need extended visibility in the cloud as well. And of course, government compliance is not shrinking. We see the growth in compliance that’s taking shape. GDPR is a great example as it applies to personal information, personally identifiable information. Some of the things that were surfaced in the 2019 state of the firewall report, I’m going to go into each one of these, but you can see here. I’ll leave it for you. Misconfigurations, visibility, compliance, complexity, manual change. But one of the things that really came out of the report at the end of the day, and this was illuminating and the first time that automation kind of made the list. This is the sixth year that we’ve done this report. 65% of the almost 600 participants said, “We’re not using any type of automation to manage our environment.”

Tim Woods:
And the makeup of this survey was 20% of it was C-level executives, it was global in nature, people that were grounded or had hands on or had direct knowledge of their security IT operations. So what are some triggers for policy change? It’s either event driven or it’s policy driven, right? An event happens and we respond to that even and ideally you have, the desired time is minutes, but oftentimes what we find is that turns into days. Same thing with if we’re making a move or change or it’s a planned change or we’re having to scale due to network demand or growth or something. Maybe it’s during a holiday season and we’re a retail organization. Then we make some contextual changes to the network to accommodate that. And again, even that, the change, the desired timeline is in hours, but we see that happening days to weeks and then even for new service rollouts, sometimes we see what should be days turn into months.

Tim Woods:
This is a traditional workflow, and I’ve just used this as an example because this is one area, this was also highlighted in the reports, another excellent example of where automation can have a tremendous impact. But this traditional workflow, it just no longer works for the world that we live in today. And what do I mean by that? I mean that the traditional processes that we use can’t honor, as we talked about, that speed of business, they can’t honor the speed at which business is moving today. And there’s ways to increase the efficiency of the workflow and I would still highly recommend that you analyze that and do that as well because I think there’s benefit there, especially as it relates to consistency and efficiency at the end of it. But where I see us falling short is this process workflow, in some ways, I still see spreadsheets and emails and even Word documents being used in our enterprise networks to track changes and to honor business requests and things like that.

Tim Woods:
So those don’t scale. They fail very quickly, especially when you have attrition and turnover and you’re trying to have a system that’s repeatable. So here again, too, we have to look at the processes that we have in place in order to understand what it is that we can automate and how we can automate that. So again, I look at these triggers of change. Over here to the left are the different triggers of change. Some of these I talked about earlier, but whether it’s an ITSM system or whether it’s a source system that’s looking, trying to manage the different alerts and events that are coming into my environment or it’s environmental changes that are taking place, spreadsheets, emails, the agile development systems that we have in place today, most of these go to some type of a workflow, workflow process driven change, where we schedule the change. They have to submit the ticket for the change. Somebody has to get involved to analyze or convert that business request into the technical request. Somebody has to then convert that technical into what it looks like from an access implementation.

Tim Woods:
That has to get reviewed. It has to be approved. It has to be staged and implemented and then it has to be validated at the end of it. And so what we see here, this is an area where many of these things, again, this is where we were talking about some of the things that can be fast passed, some of the things that can be, some of these re-occurring, redundant tasks where if we properly mapped out our application port guide, if we’re adhering to a security policy that aligns with our zones of control and who can come from where, where they’re coming from, where they need to go to and what is allowed and what isn’t allowed from a services or a protocol or application perspective, then we should be able to template this in some form and honor those requests on a more timely basis. This is an area of automation where we think you can get somewhere between 40 to 50% return on your investment, meaning we can give back to our people. Instead of having them process and turning them into access managers, let’s get them back into their security roles, but we think we can see an efficiency gain here of somewhere between 40 to 50%.

Tim Woods:
We’ve introduced a multi-level security automation structure plan that does just that, where we look at the different areas, and automation isn’t something that you have to deploy across the entire business, meaning that you need to be able to consume automation at the level of readiness that your business is at for adopting and deploying automation. So there’s different areas. Some areas you may not need to automate or right now it’s still more human touch. But other areas, where we’re using spreadsheets or Word documents or even maybe a home grown ITSM type system that isn’t scaling very well or isn’t capturing the documentation as well or still has too much manual input or too many human insertion points, and automation isn’t a code word for eliminating the human either. Automation is a way to make the human element work more efficiently, to give them more time back in their day. But at the first level here, when we talk about automated design, this is just a level of being able to really deploy an application port guide that can be technically interpreted and technically enforced.

Tim Woods:
So being able to automatically give design recommendations such as if I’m trying to get from point A to point B, rather than a technician or a IT security professional having to use ping or trace route or telnet or SSH or finger or who or whatever trying to understand how do I get from point A to point B, but more importantly, trying to understand are there any enforcement points along the way that have to be modified and then I have to analyze the policy and how am I going to analyze policy behavior when I figure out, “Well, in order for me to honor this business request, we’re going to have to look at they have to transfer this firewall and then there’s another ACL on a router here and then there’s a load balancer and that also has an ACL or enforcement point technology on it, so I have to look at the policies there”? What if I could digitalize that and automatically assess what that path needs to look like and where I need to apply, based on my knowledge of what the compensating controls are actually doing, what the behavior of those compensating controls already look like?

Tim Woods:
So that’s an area. Also be able to review the proposed change in the context of the existing policies and what our compliance posture should look like. So being able to automatically analyze that, rather than trying to humanly interpret it or manually interpret it, can give us back some time in our day. And then being able to implement that automatically. So as we look in the automated implementations, so rather than having to process it in one system, again, if you’re doing it on a spreadsheet, at some point, somebody has to get on a keyboard and type that stuff in, but what if the system could do that for me? What if I could leverage my APIs and my integration? What if I could leverage my forms of automation in order to say interpret what I’ve already approved and allow the system to automatically implement that and actually push it out for me?

Tim Woods:
And then when we get into zero touch, zero touch doesn’t always mean completely zero touch, but what we’re seeing here is everything needs to be aligned with our best practices, with our golden rules, with our guard rails. And there’s still going to be things that, for the automation, where if something is going through that conflicts with what our security guard rails say, then of course a human has to get in there and arbitrate and decide, “Well, what is it that we’re trying to do and accomplish?” Yes, we’re going to have to go back to the business to understand what it is that they’re trying to do. And then integration with other systems. And I’m going to close today with talking about integration with other systems because I think it’s of key importance. I think it’s of growing importance and so I’m just going to touch on that.

Tim Woods:
But also in the final phase of automation here is where we see, and I hesitate to call it a phase because this isn’t a “I’ve got to do this one before I can do this one and then I have to go here.” It’s really not the way that automation works. There are different areas and different states of maturation where we can consume automation and leverage automation to benefit us. So don’t look at this as I have to do this one before I can do this, but there are different goals that can be set here as far as what we want to achieve with the implementation of automation. And so it’s very important to understand, setting out, what are the processes that we want to automate? How do we want to automate those? What’s the expectation at the end of the automation initiative? And what’s the return on that investment that we expect to get? If done correctly, and you don’t want to automate a broken process, right, because if we automate a broken process, what happens? We get to failure more quickly.

Tim Woods:
So we want to make sure we analyze our processes up front, where we need to automate and what the expectations there. But then also, the last one here is where we can self-correct, so when changes, I always go back to the changes on the network and analyzing changes on the network any time a change happens and as we move in the cloud, it becomes even more dynamic because changes can happen even more quickly and more rapidly. But the network has to be able to self-adjust to say, “Hey, a change is made. What is the impact to our system? And can we rely on automation to put us back where we need it to be?” So if somebody does something, changes a policy that impacts our business continuity, we should be able to detect that automatically to say, “Hey, somebody’s done something here that is either disallowed, is a high risk to our compliance posture and has made zone to zone communication that shouldn’t exist.” For example, we’d never want our HVAC network to communicate to our PCI network.

Tim Woods:
That zone of communication, that path of communication should be allowed and the system should be able to identify that and pick up on it and make the course correction dynamically. This is an area that FireMon, as a company, can help with as well. So we’re out of time. I want to leave room for questions. There’s a number of different areas here from operational efficiency all the way to the agile development, the integration of threat and vulnerability management. I see many companies that just don’t analyze. They don’t look at their compensating controls. They don’t overlay their vulnerability threat data to the policies that are allowing access into their environment. They don’t try to figure out where are those potential vectors of attack, and that’s an area that I think that I think that we can all benefit from, just understanding if a bad actor was to come in a well-known threat entry point, how far could they get? What potential vulnerabilities exist that they could exploit? Understanding those helps us to understand how our policies should adjust.

Tim Woods:
Don’t have time to go through all of these. One I will touch on, let’s look at, just the global hospitality organization, the third one there to the right. This was a way for these, these are actual business use cases that were implemented, but this was a way to automatically update their malicious IP list across their enforcement point technologies to say, across their policies to say, “Any time my malicious IP list changed, what was changed or added to it, I wanted to make sure that my security posture reflected that, that my security policy reflected that without a human having to go and do it manually, without a human having to go through and look at every single security policy.” Because what happens there over time is it just doesn’t get the attention to detail that it needs and so it’s always halfway done. This goes back to what I was talking about at the very beginning where we’re making compromises that come back at some point to haunt us. So being able to leverage automation in order to do those updates automatically was a big deal.

Tim Woods:
And last, but certainly not least, in my last minute here, and I want to give us 10 minutes for questions, the importance of having good vendor supported APIs cannot be understated today. And whether you’re using it today or not, I promise you in the future it’s something that you’re going to want to have in your environment. If you want to raise the total value of your combined security solutions, at some point in the future you’re going to want to integrate and or exchange data with the systems that you have. And having strong, robust APIs that help you intercommunicate with your B2B and with your machine to machine is going to be very important. APIs are nothing more than a user interface for the applications themselves, right? So it’s important that we’re able to exchange information easily and quite readily where we need to do that. But I promise you, this is an area of value that will continue to gain more exposure, but will also pay you back some dividends if the vendor solutions that you selected promote a strong API structure.

Tim Woods:
So, with that, let’s go ahead and open it up for questions. I’ll leave you with this. This is the FireMon solution platform. It covers visibility. It covers automation. It covers security hygiene of your policies, real-time, dynamic compliance adoption, the ability to create a security policy that can be technically enforced. So let’s go ahead and open it up, Jennifer, if we have some questions that we can hit right quick.

Jennifer Pham:
Yeah, absolutely. Thank you, Tim, for the great presentation. Just to remind the audience, there’s still time to ask some questions. The recording for this webinar will be available after this webinar closes. You just need to refresh the screen and you can find the webinar there again. Just going to start with some questions in here, Tim. Going back to slide 19 here, where you were talking about security events to automate, we have a question here on whether you can give examples of the environmental changes.

Tim Woods:
So anytime that the environment changes, again, it goes back to what I talked about earlier, when a change happens, what is the impact to my business posture? In other words, first and foremost, I want to make sure business continuity remains intact, but secondly, I want to make sure that my compliance posture remains intact and that I haven’t violated my compliance. And when I say compliance, I’m not just talking about regulatory compliance initiatives, I’m talking about your own personal best practices that hopefully you have in place. There’s no silver bullet. Compliance is not a silver bullet. Best practice is not a silver bullet, but it definitely helps you. When you look at defense and depth strategies, it’s definitely a way to make the system stronger, but whenever change happens, you just want to make sure that that environmental change to the system did not introduce something that violates your security policy.

Jennifer Pham:
Absolutely. I hope that answers the question. So next question coming through. How does your solution fit cloud, dev secops model?

Tim Woods:
So today we support on prem. We believe, right now, and so I’m just going to say this because some people will chuckle at this, but hybrid is forever. There’s just on premise solutions that are not going to go away any time in the near future. So right now, hybrid is forever. You can’t take your eye off the on prem, the data center, just because we’re going into cloud. But we support native cloud controls in Amazon, in Google, in Azure, the network security groups, the security firewalls, the policies that are out there, understanding change. Just as we understand traditional change that we’re monitoring for real-time, everything we do is as close to real-time as possible, but as we’re monitoring for change real-time in the environment, we also have to be monitoring for change and being able to understand that change in the cloud as well. So, even from a, and the term dev secops, which I love, because what you’re implying there is I’m putting security at the forefront of my devops process.

Tim Woods:
So it’s just like Judy Piar talks about security by design and default, somewhere or another, if I have a breach and I’m found not to give security its due consideration in the implementation of my processes, then my fines could potentially be higher. But security in our processes today has to be at the forefront. It has to be, as Judy Piar states, by design at the very front, by design and default. And so we look at that model very seriously to say, “How does security apply?” or even if we’re engaged with a client and we’re looking at their strategic initiatives, it’s always of interest to me to the see the technology they’re leveraging to achieve their strategic goals. But then I always ask the question underneath, how does the people come into play and more importantly, how does security come into play? How am I empowering my people to ensure that the technology that I’m selecting will be successful and where does security fold into that? Because security should be all encompassing and especially in the dev secops model.

Tim Woods:
But I think the middle of that statement says it all. Security in the process of devops is critical and crucial today. And I’ll also say, I’ll step back and get on my soapbox really quickly, is I think to have a successful implementation of security in your devops process is as much cultural as it is technical, meaning that we have to align our people as well. It has to be supported at the top, but it’s almost a cultural initiative that has to exist. In other words, we can’t have silos between my different functional areas. They have to operate as one.

Jennifer Pham:
Yeah, absolutely. And following that last point, then, what departments need to be involved in the implementation of the FireMon automation?

Tim Woods:
That’s a great question. Collaboration is key. We’re a big believer and one of the reasons, we have a product within our portfolio that really creates global policy control or is really a collaborative centralized security policy orchestration platform, but it promotes the idea of involving the business, involving compliance, involving infrastructure teams, the IT security teams, everyone having input to this centralized security doctrine that becomes technically enforced. But everybody collaborates around what are the needs? What can be allowed? What can be flowed? What can be automated? Where are the efficiencies to be gained? Where are my bottlenecks? And you do that by understanding. Everybody has to understand the different pieces of the business. No one entity can operate in a vacuum or operate in their own contained silo. It can’t be exclusive. So, yeah, being collaborative is key to the success of many automation implementations. I’ll say this. We’ve seen several automation initiatives fail because they weren’t collaborative in nature.

Jennifer Pham:
Okay. And then also just then to follow onto that last point for the final question of this session, are there any issues that people have possibly run into when using FireMon for the first time or are there any possible mistakes to avoid?

Tim Woods:
Again, it gets back to collaboration, making sure that everybody understands what you’re doing, what you’re trying to achieve with any technical solution, even FireMon, because what we’re trying to do is augment the benefits that you’re getting from the technology that you have. We’re trying to give you that. Most large enterprise environments have a lot of heterogeneity. You have all kinds of different vendors and vendor devices, so we’re trying to give you that common pane of glass that gives you the visibility that you need to let you know where you’re at any given point in time, what your security posture actually looks like and where should I be directing my attention as it relates to the highest priority things that I need to be working on in order to keep that environment secure as well. From an automation perspective, to answer that question, again, I go back to my point that I made earlier about ensuring that the processes that you’re going to automate are good processes and are fully encompassing process and that you’ve taken the time to understand everybody that has involvement in that process and will benefit from that process, that you understand what the achievable goals that you want to attain at the end for automating that process are.

Tim Woods:
Because it’s really hard to create a charter of action if you don’t understand what your goal at the end looks like and what success looks like, so really kind of focus on what success should look like. As far as implementing FireMon in general, customers see almost an immediate return on their implementation of FireMon just from a hygiene, just from a security hygiene perspective. Being able to quickly identify technical mistakes in your security policy is kind of what we call a day zero exercise once our system is implemented and we can start realizing the returns on that implementation almost immediately.

Jennifer Pham:
Okay, great answer. Unfortunately that’s all the time we have for this session, so thank you, Tim, for joining us today. Don’t forget, everyone, to download the resources for this session. The presentation slides for this webinar will also be available at the close of this day, so you will receive a direct email with the details. Okay. Next up, we saved the biggest session until last. We have not one, but three speakers joining us this afternoon to talk about whose responsible for cybersecurity in the enterprise. As we come to the close for this event, I want to introduce this topic to remind you all that although cybersecurity is primarily seen as an IT issue, they are not the only teams that are responsible. So stick around for the final session on how to encourage the executive board to communicate policies and how to ensure best practice is maintained throughout your business. You can click on the green arrow to take you directly to the next session. So, thank you again, Tim, and we’ll see you again soon.

Tim Woods:
Thanks, everyone.

Read more

Get 90% Better. See How to Get:

  • 90% EFFICIENCY GAIN by automating firewall support operations
  • 90%+ FASTER time to globally block malicious actors to a new line
  • 90% REDUCTION in FTE hours to implement firewalls

SCHEDULE A DEMO