Effective Security Management in a Software Defined World

Software defined infrastructure (SDx) along with use of private and public clouds completely transforms the way IT departments manage enterprise data centers and workloads. Automation is a key component of software defined networking (SDN), bringing network, server, security management and other IT functions or teams together.

In the past when organizations deployed new applications, the application owner needed to collaborate with several teams. For example: one team installed the required servers HW and OS, a separate team connected servers to the network, and yet another team provisioned the security and firewall rules.

It was as if the stars (or functional teams) had to align in order for all of the necessary components to provision so that the application owners could start using the new infrastructure to deploy and make use of their new applications.

Today, private and public cloud infrastructures allows IT to automate these operations; virtual machines are dynamically created and deployed, operating systems are quickly and easily provisioned, and connecting new services to the network is streamlined and automatic. As a result, pre-configured templates of commonly used and well defined services are available to the application owner with a single click on a self-service portal, across multiple data centers, private and public clouds.

In this new world where new apps are instantly created or moved to a different location as the infrastructure gets provisioned, changed and elastically scaled based on demand, security officers are challenged to enforce the organization security policy and retain full visibility of security incidents.

It turns out the keys to getting control back are creating dynamic security policies, API scoping and security management consolidation.

Creating Dynamic Security Policies

Dynamic security policies in modern networks are achieved by close integration with network virtualization and public IaaS solutions like VMware NSX, Cisco ACI, OpenStack or AWS/Azure. By integrating with these solutions objects defined by those systems such as groups and tags are learned and utilized security policies. This creates dynamic policies where changes in the software-defined environment are immediately translated and instantly reflected into an effective and active security policy that is applied to all traffic automatically – without human intervention.

Additionally, leveraging and populating this contextual information in log files gives security admins the ability to better understand and investigate any security incident. Check Point vSEC integrates with leading cloud and network virtualization solutions, providing advanced threat protection for both east-west and north-south traffic while making use of dynamic cloud and other SDN objects in the security policy and logs.

API scoping

In order to completely automate the deployment of new applications, organizations need to grant developers access to APIs that in many cases involve modification of security policies. It is vital to ensure this access is scoped or limited appropriately; otherwise, a mistake by a developer could potentially alter the security policy of the entire organization making it vulnerable to threats.

Scoping access to APIs example:

The printer admin use an app to add printers to the network. In doing so, this involves modifying firewall rules using an API. The security policy must ensure that the printer application can only add new printers – nothing else – and is only permitted within relevant network segments.

The Check Point R80 management solution with sub policies is the only security solution today that allows scoping API access down to a rule level, thus eliminating the possibility of inadvertently modifying the security posture and exposing the entire organization to new threats.

Security Management Consolidation

Consolidation of management functions is necessary to gain complete and holistic visibility of security policies and incidents across the entire organization’s infrastructure – including all north-south, east-west, virtual and physical, private and public cloud traffic. Without management consolidation incidents are difficult to identify, correlate and analyze across the various cloud networks, making it operationally impossible to secure these environments.

Check Point is widely recognized as the “golden standard” in security management providing customers with a unified solution that consolidates policy management, visibility and reporting across private and public clouds – all from a single pane of glass. Additionally, Check Point SmartEvent presents detailed analysis and correlation of security events across the entire enterprise network.

The Check Point vSEC cloud security product line and new Check Point R80 management solution together allow customers to confidently embrace automation and the cloud while retaining advanced security using effective security management for software-defined data centers and public cloud environments.