top of page

Search results

639 results found with an empty search

  • AlgoSec | Taking Control of Network Security Policy

    In this guest blog, Jeff Yager from IT Central Station describes how AlgoSec is perceived by real users and shares how the solution meets... Security Policy Management Taking Control of Network Security Policy Jeff Yeger 2 min read Jeff Yeger Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 8/30/21 Published In this guest blog, Jeff Yager from IT Central Station describes how AlgoSec is perceived by real users and shares how the solution meets their expectations for visibility and monitoring. Business-driven visibility A network and security engineer at a comms service provider agreed, saying, “ The complete and end-to-end visibility and analysis [AlgoSec] provides of the policy rule base is invaluable and saves countless time and effort .” On a related front, according to Srdjan, a senior technical and integration designer at a major retailer, AlgoSec provides a much easier way to process first call resolutions (FCRs) and get visibility into traffic. He said, “With previous vendors, we had to guess what was going on with our traffic and we were not able to act accordingly. Now, we have all sorts of analyses and reports. This makes our decision process, firewall cleanup, and troubleshooting much easier.” Organizations large and small find it imperative to align security with their business processes. AlgoSec provides unified visibility of security across public clouds, software-defined and on-premises networks, including business applications and their connectivity flows. For Mark G., an IT security manager at a sports company, the solution handles rule-based analysis . He said, “AlgoSec provides great unified visibility into all policy packages in one place. We are tracking insecure changes and getting better visibility into network security environment – either on-prem, cloud or mixed.” Notifications are what stood out to Mustafa K., a network security engineer at a financial services firm. He is now easily able to track changes in policies with AlgoSec , noting that “with every change, it automatically sends an email to the IT audit team and increases our visibility of changes in every policy.” Security policy and network analysis AlgoSec’s Firewall Analyzer delivers visibility and analysis of security policies, and enables users to discover, identify, and map business applications across their entire hybrid network by instantly visualizing the entire security topology – in the cloud, on-premises, and everything in between. “It is definitely helpful to see the details of duplicate rules on the firewall,” said Shubham S., a senior technical consultant at a tech services company. He gets a lot of visibility from Firewall Analyzer. As he explained, “ It can define the connectivity and routing . The solution provides us with full visibility into the risk involved in firewall change requests.” A user at a retailer with more than 500 firewalls required automation and reported that “ this was the best product in terms of the flexibility and visibility that we needed to manage [the firewalls] across different regions . We can modify policy according to our maintenance schedule and time zones.” A network & collaboration engineer at a financial services firm likewise added that “ we now have more visibility into our firewall and security environment using a single pane of glass. We have a better audit of what our network and security engineers are doing on each device and are now able to see how much we are compliant with our baseline.” Arieh S., a director of information security operations at a multinational manufacturing company, also used Tufin, but prefers AlgoSec, which “ provides us better visibility for high-risk firewall rules and ease of use.” “If you are looking for a tool that will provide you clear visibility into all the changes in your network and help people prepare well with compliance, then AlgoSec is the tool for you,” stated Miracle C., a security analyst at a security firm. He added, “Don’t think twice; AlgoSec is the tool for any company that wants clear analysis into their network and policy management.” Monitoring and alerts Other IT Central Station members enjoy AlgoSec’s monitoring and alerts features. Sulochana E., a senior systems engineer at an IT firm, said, “ [AlgoSec] provides real-time monitoring , or at least close to real time. I think that is important. I also like its way of organizing. It is pretty clear. I also like their reporting structure – the way we can use AlgoSec to clear a rule base, like covering and hiding rules.” For example, if one of his customers is concerned about different standards , like ISO or PZI levels, they can all do the same compliance from AlgoSec. He added, “We can even track the change monitoring and mitigate their risks with it. You can customize the workflows based on their environment. I find those features interesting in AlgoSec.” AlgoSec helps in terms of firewall monitoring. That was the use case that mattered for Alberto S., a senior networking engineer at a manufacturing company. He said, “ Automatic alerts are sent to the security team so we can react quicker in case something goes wrong or a threat is detected going through the firewall. This is made possible using the simple reports.” Sulochana E. concluded by adding that “AlgoSec has helped to simplify the job of security engineers because you can always monitor your risks and know that your particular configurations are up-to-date, so it reduces the effort of the security engineers.” To learn more about what IT Central Station members think about AlgoSec, visit our reviews page . To schedule your personal AlgoSec demo or speak to an AlgoSec security expert, click here . Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

  • AlgoSec | The shocking truth about Network Cloud Security in 2025

    The cloud's come a long way, baby. Remember when it was just a buzzword tossed around in boardrooms? Now, it's the engine powering our... Cloud Network Security The shocking truth about Network Cloud Security in 2025 Iris Stein 2 min read Iris Stein Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 2/10/25 Published The cloud's come a long way, baby. Remember when it was just a buzzword tossed around in boardrooms? Now, it's the engine powering our digital world. But this rapid evolution has left many cloud network security managers grappling with a new reality – and a bit of an identity crisis. Feeling the heat? You're not alone. The demands on cloud security professionals are skyrocketing. We're expected to be masters of hybrid environments, navigate a widening skills gap, and stay ahead of threats evolving at warp speed. Let's break down the challenges: Hybrid is the new normal: Gartner predicts that by 2025, a whopping 90% of organizations will be running hybrid cloud environments. This means juggling the complexities of both on-premises and cloud security, demanding a broader skillset and a more holistic approach. Forget silos – we need to be fluent in both worlds. The skills gap is a chasm: (ISC)²'s 2022 Cybersecurity Workforce Study revealed a global cybersecurity workforce gap of 3.4 million. This talent shortage puts immense pressure on existing security professionals to do more with less. We're stretched thin, and something's gotta give. Threats are evolving faster than ever: The cloud introduces new attack vectors and vulnerabilities we haven't even imagined yet. McAfee reported a staggering 630% increase in cloud-native attacks in 2022. Staying ahead of these threats requires constant vigilance, continuous learning, and a proactive mindset. Level up your cloud security game So, how can you thrive in this chaotic environment and ensure your career (and your company's security posture) doesn't go down in flames? Here's your survival guide: Automate or die: Manual processes are a relic of the past. Embrace automation tools to manage complex security policies, respond to threats faster, and free up your time for strategic initiatives. Think of it as your force multiplier in the fight against complexity. Become a cloud-native ninja: Deepen your understanding of cloud platforms like AWS, Azure, and GCP. Master their security features, best practices, and quirks. The more you know, the more you can protect. Sharpen your soft skills: Technical chops alone won't cut it. Communication, collaboration, and problem-solving are critical. You need to clearly articulate security risks to stakeholders, build bridges with different teams, and drive solutions. Never stop learning: The cloud is a moving target. Continuous learning is no longer optional – it's essential. Attend conferences, devour online courses, and stay informed about the latest security trends and technologies. Complacency is the enemy. Introducing AlgoSec Cloud Enterprise (ACE): Your cloud security wingman Let's face it, managing security across a hybrid cloud environment can feel like herding cats. That's where AlgoSec Cloud Enterprise (ACE) steps in. ACE is a comprehensive cloud network security suite that gives you the visibility, automation, and control you need to secure your applications and keep the business humming. Gain X-Ray Vision into Your Hybrid Cloud: See everything, know everything. ACE gives you complete visibility across your entire environment, from on-premises servers to cloud platforms. No more blind spots, no more surprises. Enforce Security Policies Like a Boss: Consistent security policies are the bedrock of a strong security posture. ACE makes it easy to define and enforce policies across all your applications, no matter where they reside. Conquer Compliance with Confidence: Staying compliant can feel like a never-ending struggle. ACE simplifies compliance management across your hybrid environment, helping you meet regulatory requirements without breaking a sweat. Accelerate App Delivery Without Sacrificing Security: In today's fast-paced world, speed is key. ACE empowers you to accelerate application delivery without compromising security. Move fast, break things – but not your security posture. Proactive Risk Prevention: ACE goes beyond basic security checks with over 150+ network security policy risk checks, proactively identifying and mitigating potential vulnerabilities before they can be exploited. Ready to unlock the true power of the cloud while fortifying your defenses? Learn more about AlgoSec Cloud Enterprise today and take control of your cloud security destiny. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

  • New AlgoSec Double-Layered Cloud Security Solution Minimizes Critical Cyber Security Blind Spots in Cloud Environments

    Industry’s first double-layered cloud security solution stands as a barrier against cyber threats by providing deep visibility into more than 150 cloud network risks alongside existing CNAPP offerings New AlgoSec Double-Layered Cloud Security Solution Minimizes Critical Cyber Security Blind Spots in Cloud Environments Industry’s first double-layered cloud security solution stands as a barrier against cyber threats by providing deep visibility into more than 150 cloud network risks alongside existing CNAPP offerings June 4, 2024 Speak to one of our experts RIDGEFIELD PARK, NJ – June 4, 2024 – AlgoSec , a global cybersecurity leader, has introduced a new release of its revolutionary Prevasio Cloud Security platform . The new release delivers the first Double-Layered Cloud Security solution to address the paradigm shift in cloud network security, offering comprehensive protection against the ever-evolving landscape of cyber threats. Network security is the backbone of any cloud estate. As businesses increasingly migrate to cloud environments, the complexity of network security increases, which means the need for robust defensive measures has never been more critical. Traditional Cloud Native Application Protection Platforms (CNAPP) alone are not sufficient to secure the entire cloud infrastructure. Overlooking network misconfigurations also poses significant risks to both security groups and native cloud firewalls. Deploying a Double-Layered cloud security approach, anchored in the cloud network, serves as a barrier against malicious actors, preventing unauthorized access to business application resources. AlgoSec’s Prevasio Cloud Security solution combines advanced network security measures with deep visibility and flexibility, empowering organizations to safeguard their digital assets and commit to securing their cloud infrastructure. Key Features of AlgoSec’s Prevasio Cloud Security solution: Deep Visibility into Cloud Network Risks : Providing unparalleled insight into potential threats with more than 150 network checks, including risks which are unique in the cloud environment, AlgoSec’s Prevasio Cloud Security solution offers deep visibility into cloud network risks and misconfigurations. It delivers proactive risk management and remediation, unlike traditional approaches that may overlook critical vulnerabilities. Holistic Risk Identification : By identifying and mitigating network risks across both cloud infrastructure and on-premises data centers, AlgoSec’s Prevasio Cloud Security solution ensures no area of the network remains vulnerable. This comprehensive approach significantly reduces the risk of breaches and data loss. Support for 3rd Party Firewalls : Seamlessly integrating both third-party and cloud-native firewalls within the cloud environment, this solution allows organizations to leverage their preferred security solutions. This flexibility ensures that security measures align closely with organizational needs and preferences, enhancing overall defense capabilities. Tailored Guardrail Policy : The solution offers customizable guardrail policies tailored to an organization’s specific network topology. This granular control enables the implementation of finely tuned security measures that address unique security challenges and compliance requirements. The guardrail policy is flexible and can be adjusted differently per cloud account. “In today’s digital landscape, securing your cloud estate is paramount. At the heart of this defense lies the cloud network layer—a crucial barrier against inbound attacks, exfiltration attempts, and insider threats alike. While adhering to configuration standards is essential, solely relying on them may leave blind spots in your cloud security strategy,” said Eran Shiff, VP Product at AlgoSec . “We are offering the industry’s only end-to-end cloud-native security platform, designed to eliminate blind spots through over 150 deep cloud network checks and provide comprehensive protection for mission critical business applications.” AlgoSec will be presenting its new solution at its booth during AWS re:Inforce. For more information, visit the website . About AlgoSec AlgoSec, a global cybersecurity leader, empowers organizations to secure application connectivity and cloud-native applications throughout their multi-cloud and hybrid network. Trusted by more than 1,800 of the world’s leading organizations, AlgoSec’s application-centric approach enables secure acceleration of business application deployment by centrally managing application connectivity and security policies across the public clouds, private clouds, containers, and on-premises networks. Using its unique vendor-agnostic deep algorithm for intelligent change management automation, AlgoSec enables the acceleration of digital transformation projects, helps prevent business application downtime and substantially reduces manual work and exposure to security risks. AlgoSec’s policy management and CNAPP platforms provide a single source for visibility into security and compliance issues within cloud-native applications as well as across the hybrid network environment, to ensure ongoing adherence to internet security standards, industry, and internal regulations. Learn how AlgoSec enables application owners, information security experts, DevSecOps and cloud security teams to deploy business applications up to 10 times faster while maintaining security at https://www.algosec.com .

  • ALGOSEC DESIGNATED SUPPORT ENGINEER - AlgoSec

    ALGOSEC DESIGNATED SUPPORT ENGINEER Download PDF Download PDF Add a Title Add a Title Add a Title Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

  • Stop Putting out Fires. Pass Network Security Audits – Every Time | AlgoSec

    Webinars Stop Putting out Fires. Pass Network Security Audits – Every Time Compliance with network and data security regulations and internal standards is vital and mission-critical. But with increasing global regulations and network complexities, it’s harder than ever to keep up. Firewall management and network security policies are critical components in achieving compliance. Firewall audits are complex and demanding and documentation of current rules is lacking. There’s no time and resources to find, organize, and inspect all your firewall rules. Instead of being proactive and preventative, network security teams are constantly putting out fires. In this webinar, you will learn: The golden rules for passing a network security audit Best practices to maintain continuous compliance How to conduct a risk assessment and fix issues Learn how to prevent fires and pass network security audits every time. Tal Dayan, AlgoSec’s product manager, will reveal the Firewall Audit Checklist, the six best practices to ensure successful audits. By adopting these best practices, security teams will significantly improve their network’s security posture and reduce the pain of ensuring compliance with regulations, industry standards and corporate policies. October 29, 2019 Tal Dayan AlgoSec security expert Relevant resources Network firewall security management See Documentation Firewall policy management Automate firewall rule changes See Documentation Securing & managing hybrid network security See Documentation Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

  • AlgoSec | NACL best practices: How to combine security groups with network ACLs effectively

    Like all modern cloud providers, Amazon adopts the shared responsibility model for cloud security. Amazon guarantees secure... AWS NACL best practices: How to combine security groups with network ACLs effectively Prof. Avishai Wool 2 min read Prof. Avishai Wool Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 8/28/23 Published Like all modern cloud providers, Amazon adopts the shared responsibility model for cloud security. Amazon guarantees secure infrastructure for Amazon Web Services, while AWS users are responsible for maintaining secure configurations. That requires using multiple AWS services and tools to manage traffic. You’ll need to develop a set of inbound rules for incoming connections between your Amazon Virtual Private Cloud (VPC) and all of its Elastic Compute (EC2) instances and the rest of the Internet. You’ll also need to manage outbound traffic with a series of outbound rules. Your Amazon VPC provides you with several tools to do this. The two most important ones are security groups and Network Access Control Lists (NACLs). Security groups are stateful firewalls that secure inbound traffic for individual EC2 instances. Network ACLs are stateless firewalls that secure inbound and outbound traffic for VPC subnets. Managing AWS VPC security requires configuring both of these tools appropriately for your unique security risk profile. This means planning your security architecture carefully to align it the rest of your security framework. For example, your firewall rules impact the way Amazon Identity Access Management (IAM) handles user permissions. Some (but not all) IAM features can be implemented at the network firewall layer of security. Before you can manage AWS network security effectively , you must familiarize yourself with how AWS security tools work and what sets them apart. Everything you need to know about security groups vs NACLs AWS security groups explained: Every AWS account has a single default security group assigned to the default VPC in every Region. It is configured to allow inbound traffic from network interfaces assigned to the same group, using any protocol and any port. It also allows all outbound traffic using any protocol and any port. Your default security group will also allow all outbound IPv6 traffic once your VPC is associated with an IPv6 CIDR block. You can’t delete the default security group, but you can create new security groups and assign them to AWS EC2 instances. Each security group can only contain up to 60 rules, but you can set up to 2500 security groups per Region. You can associate many different security groups to a single instance, potentially combining hundreds of rules. These are all allow rules that allow traffic to flow according the ports and protocols specified. For example, you might set up a rule that authorizes inbound traffic over IPv6 for linux SSH commands and sends it to a specific destination. This could be different from the destination you set for other TCP traffic. Security groups are stateful, which means that requests sent from your instance will be allowed to flow regardless of inbound traffic rules. Similarly, VPC security groups automatically responses to inbound traffic to flow out regardless of outbound rules. However, since security groups do not support deny rules, you can’t use them to block a specific IP address from connecting with your EC2 instance. Be aware that Amazon EC2 automatically blocks email traffic on port 25 by default – but this is not included as a specific rule in your default security group. AWS NACLs explained: Your VPC comes with a default NACL configured to automatically allow all inbound and outbound network traffic. Unlike security groups, NACLs filter traffic at the subnet level. That means that Network ACL rules apply to every EC2 instance in the subnet, allowing users to manage AWS resources more efficiently. Every subnet in your VPC must be associated with a Network ACL. Any single Network ACL can be associated with multiple subnets, but each subnet can only be assigned to one Network ACL at a time. Every rule has its own rule number, and Amazon evaluates rules in ascending order. The most important characteristic of NACL rules is that they can deny traffic. Amazon evaluates these rules when traffic enters or leaves the subnet – not while it moves within the subnet. You can access more granular data on data flows using VPC flow logs. Since Amazon evaluates NACL rules in ascending order, make sure that you place deny rules earlier in the table than rules that allow traffic to multiple ports. You will also have to create specific rules for IPv4 and IPv6 traffic – AWS treats these as two distinct types of traffic, so rules that apply to one do not automatically apply to the other. Once you start customizing NACLs, you will have to take into account the way they interact with other AWS services. For example, Elastic Load Balancing won’t work if your NACL contains a deny rule excluding traffic from 0.0.0.0/0 or the subnet’s CIDR. You should create specific inclusions for services like Elastic Load Balancing, AWS Lambda, and AWS CloudWatch. You may need to set up specific inclusions for third-party APIs, as well. You can create these inclusions by specifying ephemeral port ranges that correspond to the services you want to allow. For example, NAT gateways use ports 1024 to 65535. This is the same range covered by AWS Lambda functions, but it’s different than the range used by Windows operating systems. When creating these rules, remember that unlike security groups, NACLs are stateless. That means that when responses to allowed traffic are generated, those responses are subject to NACL rules. Misconfigured NACLs deny traffic responses that should be allowed, leading to errors, reduced visibility, and potential security vulnerabilities . How to configure and map NACL associations A major part of optimizing NACL architecture involves mapping the associations between security groups and NACLs. Ideally, you want to enforce a specific set of rules at the subnet level using NACLs, and a different set of instance-specific rules at the security group level. Keeping these rulesets separate will prevent you from setting inconsistent rules and accidentally causing unpredictable performance problems. The first step in mapping NACL associations is using the Amazon VPC console to find out which NACL is associated with a particular subnet. Since NACLs can be associated with multiple subnets, you will want to create a comprehensive list of every association and the rules they contain. To find out which NACL is associated with a subnet: Open the Amazon VPC console . Select Subnets in the navigation pane. Select the subnet you want to inspect. The Network ACL tab will display the ID of the ACL associated with that network, and the rules it contains. To find out which subnets are associated with a NACL: Open the Amazon VPC console . Select Network ACLS in the navigation pane. Click over to the column entitled Associated With. Select a Network ACL from the list. Look for Subnet associations on the details pane and click on it. The pane will show you all subnets associated with the selected Network ACL. Now that you know how the difference between security groups and NACLs and you can map the associations between your subnets and NACLs, you’re ready to implement some security best practices that will help you strengthen and simplify your network architecture. 5 best practices for AWS NACL management Pay close attention to default NACLs, especially at the beginning Since every VPC comes with a default NACL, many AWS users jump straight into configuring their VPC and creating subnets, leaving NACL configuration for later. The problem here is that every subnet associated with your VPC will inherit the default NACL. This allows all traffic to flow into and out of the network. Going back and building a working security policy framework will be difficult and complicated – especially if adjustments are still being made to your subnet-level architecture. Taking time to create custom NACLs and assign them to the appropriate subnets as you go will make it much easier to keep track of changes to your security posture as you modify your VPC moving forward. Implement a two-tiered system where NACLs and security groups complement one another Security groups and NACLs are designed to complement one another, yet not every AWS VPC user configures their security policies accordingly. Mapping out your assets can help you identify exactly what kind of rules need to be put in place, and may help you determine which tool is the best one for each particular case. For example, imagine you have a two-tiered web application with web servers in one security group and a database in another. You could establish inbound NACL rules that allow external connections to your web servers from anywhere in the world (enabling port 443 connections) while strictly limiting access to your database (by only allowing port 3306 connections for MySQL). Look out for ineffective, redundant, and misconfigured deny rules Amazon recommends placing deny rules first in the sequential list of rules that your NACL enforces. Since you’re likely to enforce multiple deny rules per NACL (and multiple NACLs throughout your VPC), you’ll want to pay close attention to the order of those rules, looking for conflicts and misconfigurations that will impact your security posture. Similarly, you should pay close attention to the way security group rules interact with your NACLs. Even misconfigurations that are harmless from a security perspective may end up impacting the performance of your instance, or causing other problems. Regularly reviewing your rules is a good way to prevent these mistakes from occurring. Limit outbound traffic to the required ports or port ranges When creating a new NACL, you have the ability to apply inbound or outbound restrictions. There may be cases where you want to set outbound rules that allow traffic from all ports. Be careful, though. This may introduce vulnerabilities into your security posture. It’s better to limit access to the required ports, or to specify the corresponding port range for outbound rules. This establishes the principle of least privilege to outbound traffic and limits the risk of unauthorized access that may occur at the subnet level. Test your security posture frequently and verify the results How do you know if your particular combination of security groups and NACLs is optimal? Testing your architecture is a vital step towards making sure you haven’t left out any glaring vulnerabilities. It also gives you a good opportunity to address misconfiguration risks. This doesn’t always mean actively running penetration tests with experienced red team consultants, although that’s a valuable way to ensure best-in-class security. It also means taking time to validate your rules by running small tests with an external device. Consider using AWS flow logs to trace the way your rules direct traffic and using that data to improve your work. How to diagnose security group rules and NACL rules with flow logs Flow logs allow you to verify whether your firewall rules follow security best practices effectively. You can follow data ingress and egress and observe how data interacts with your AWS security rule architecture at each step along the way. This gives you clear visibility into how efficient your route tables are, and may help you configure your internet gateways for optimal performance. Before you can use the Flow Log CLI, you will need to create an IAM role that includes a policy granting users the permission to create, configure, and delete flow logs. Flow logs are available at three distinct levels, each accessible through its own console: Network interfaces VPCs Subnets You can use the ping command from an external device to test the way your instance’s security group and NACLs interact. Your security group rules (which are stateful) will allow the response ping from your instance to go through. Your NACL rules (which are stateless) will not allow the outbound ping response to travel back to your device. You can look for this activity through a flow log query. Here is a quick tutorial on how to create a flow log query to check your AWS security policies. First you’ll need to create a flow log in the AWS CLI. This is an example of a flow log query that captures all rejected traffic for a specified network interface. It delivers the flow logs to a CloudWatch log group with permissions specified in the IAM role: aws ec2 create-flow-logs \ –resource-type NetworkInterface \ –resource-ids eni-1235b8ca123456789 \ –traffic-type ALL \ –log-group-name my-flow-logs \ –deliver-logs-permission-arn arn:aws:iam::123456789101:role/publishFlowLogs Assuming your test pings represent the only traffic flowing between your external device and EC2 instance, you’ll get two records that look like this: 2 123456789010 eni-1235b8ca123456789 203.0.113.12 172.31.16.139 0 0 1 4 336 1432917027 1432917142 ACCEPT OK 2 123456789010 eni-1235b8ca123456789 172.31.16.139 203.0.113.12 0 0 1 4 336 1432917094 1432917142 REJECT OK To parse this data, you’ll need to familiarize yourself with flow log syntax. Default flow log records contain 14 arguments, although you can also expand custom queries to return more than double that number: Version tells you the version currently in use. Default flow logs requests use Version 2. Expanded custom requests may use Version 3 or 4. Account-id tells you the account ID of the owner of the network interface that traffic is traveling through. The record may display as unknown if the network interface is part of an AWS service like a Network Load Balancer. Interface-id shows the unique ID of the network interface for the traffic currently under inspection. Srcaddr shows the source of incoming traffic, or the address of the network interface for outgoing traffic. In the case of IPv4 addresses for network interfaces, it is always its private IPv4 address. Dstaddr shows the destination of outgoing traffic, or the address of the network interface for incoming traffic. In the case of IPv4 addresses for network interfaces, it is always its private IPv4 address. Srcport is the source port for the traffic under inspection. Dstport is the destination port for the traffic under inspection. Protocol refers to the corresponding IANA traffic protocol number . Packets describes the number of packets transferred. Bytes describes the number of bytes transferred. Start shows the start time when the first data packet was received. This could be up to one minute after the network interface transmitted or received the packet. End shows the time when the last data packet was received. This can be up to one minutes after the network interface transmitted or received the data packet. Action describes what happened to the traffic under inspection: ACCEPT means that traffic was allowed to pass. REJECT means the traffic was blocked, typically by security groups or NACLs. Log-status confirms the status of the flow log: OK means data is logging normally. NODATA means no network traffic to or from the network interface was detected during the specified interval. SKIPDATA means some flow log records are missing, usually due to internal capacity restraints or other errors. Going back to the example above, the flow log output shows that a user sent a command from a device with the IP address 203.0.113.12 to the network interface’s private IP address, which is 172.31.16.139. The security group’s inbound rules allowed the ICMP traffic to travel through, producing an ACCEPT record. However, the NACL did not let the ping response go through, because it is stateless. This generated the REJECT record that followed immediately after. If you configure your NACL to permit output ICMP traffic and run this test again, the second flow log record will change to ACCEPT. azon Web Services (AWS) is one of the most popular options for organizations looking to migrate their business applications to the cloud. It’s easy to see why: AWS offers high capacity, scalable and cost-effective storage, and a flexible, shared responsibility approach to security. Essentially, AWS secures the infrastructure, and you secure whatever you run on that infrastructure. However, this model does throw up some challenges. What exactly do you have control over? How can you customize your AWS infrastructure so that it isn’t just secure today, but will continue delivering robust, easily managed security in the future? The basics: security groups AWS offers virtual firewalls to organizations, for filtering traffic that crosses their cloud network segments. The AWS firewalls are managed using a concept called Security Groups. These are the policies, or lists of security rules, applied to an instance – a virtualized computer in the AWS estate. AWS Security Groups are not identical to traditional firewalls, and they have some unique characteristics and functionality that you should be aware of, and we’ve discussed them in detail in video lesson 1: the fundamentals of AWS Security Groups , but the crucial points to be aware of are as follows. First, security groups do not deny traffic – that is, all the rules in security groups are positive, and allow traffic. Second, while security group rules can be set to specify a traffic source, or a destination, they cannot specify both on the same rule. This is because AWS always sets the unspecified side (source or destination) as the instance to which the group is applied. Finally, single security groups can be applied to multiple instances, or multiple security groups can be applied to a single instance: AWS is very flexible. This flexibility is one of the unique benefits of AWS, allowing organizations to build bespoke security policies across different functions and even operating systems, mixing and matching them to suit their needs. Adding Network ACLs into the mix To further enhance and enrich its security filtering capabilities AWS also offers a feature called Network Access Control Lists (NACLs). Like security groups, each NACL is a list of rules, but there are two important differences between NACLs and security groups. The first difference is that NACLs are not directly tied to instances, but are tied with the subnet within your AWS virtual private cloud that contains the relevant instance. This means that the rules in a NACL apply to all of the instances within the subnet, in addition to all the rules from the security groups. So a specific instance inherits all the rules from the security groups associated with it, plus the rules associated with a NACL which is optionally associated with a subnet containing that instance. As a result NACLs have a broader reach, and affect more instances than a security group does. The second difference is that NACLs can be written to include an explicit action, so you can write ‘deny’ rules – for example to block traffic from a particular set of IP addresses which are known to be compromised. The ability to write ‘deny’ actions is a crucial part of NACL functionality. It’s all about the order As a consequence, when you have the ability to write both ‘allow’ rules and ‘deny’ rules, the order of the rules now becomes important. If you switch the order of the rules between a ‘deny’ and ‘allow’ rule, then you’re potentially changing your filtering policy quite dramatically. To manage this, AWS uses the concept of a ‘rule number’ within each NACL. By specifying the rule number, you can identify the correct order of the rules for your needs. You can choose which traffic you deny at the outset, and which you then actively allow. As such, with NACLs you can manage security tasks in a way that you cannot do with security groups alone. However, we did point out earlier that an instance inherits security rules from both the security groups, and from the NACLs – so how do these interact? The order by which rules are evaluated is this; For inbound traffic, AWS’s infrastructure first assesses the NACL rules. If traffic gets through the NACL, then all the security groups that are associated with that specific instance are evaluated, and the order in which this happens within and among the security groups is unimportant because they are all ‘allow’ rules. For outbound traffic, this order is reversed: the traffic is first evaluated against the security groups, and then finally against the NACL that is associated with the relevant subnet. You can see me explain this topic in person in my new whiteboard video: Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

  • Palo Alto and AlgoSec Integration Guide - AlgoSec

    Palo Alto and AlgoSec Integration Guide Download PDF Download PDF Add a Title Add a Title Add a Title Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

  • AlgoSec | 4 tips to manage your external network connections

    Last week our CTO, Professor Avishai Wool, presented a technical webinar on the do’s and don’ts for managing external connectivity to and... Auditing and Compliance 4 tips to manage your external network connections Joanne Godfrey 2 min read Joanne Godfrey Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 8/10/15 Published Last week our CTO, Professor Avishai Wool, presented a technical webinar on the do’s and don’ts for managing external connectivity to and from your network . We kicked off our webinar by polling the audience (186 people) on how many external permanent connections into their enterprise network they have. 40% have less than 50 external connections 31% have 50-250 external connections 24% have more than 250 external connections 5% wish they knew how many external connections they have! Clearly this is a very relevant issue for many enterprises, and one which can have a profound effect on security. The webinar covered a wide range of best practices for managing the external connectivity lifecycle and I highly recommend that you view the full presentation. But in the meantime, here are a few key issues that you should be mindful of when considering how to manage external connectivity to and from your network: Network Segmentation While there has to be an element of trust when you let an external partner into your network, you must do all you can to protect your organization from attacks through these connections. These include placing your servers in a demilitarized zone (DMZ), segregating them by firewalls, restricting traffic in both directions from the DMZ as well as using additional controls such as web application firewalls, data leak prevention and intrusion detection. Regulatory Compliance Bear in mind that if the data being accessed over the external connection is regulated, both your systems and the related peer’s systems are now subject t. So if the network connection touches credit card data, both sides of the connection are in scope, and outsourcing the processing and management of regulated data to a partner does not let you off the hook. Maintenance Sometimes you will have to make changes to your external connections, either due to planned maintenance work by your IT team or the peer’s team, or as a result of unplanned outages. Dealing with changes that affect external connections is more complicated than internal maintenance, as it will probably require coordinating with people outside your organisation and tweaking existing workflows, while adhering to any contractual or SLA obligations. As part of this process, remember that you’ll need to ensure that your information systems allow your IT teams to recognize external connections and provide access to the relevant technical information in the contract, while supporting the amended workflows. Contracts In most cases there is a contract that governs all aspects of the external connection – including technical and business issues. The technical points will include issues such as IP addresses and ports, technical contact points, SLAs, testing procedures and the physical location of servers. It’s important, therefore, that this contract is adhered to whenever dealing with technical issues related to external connections. These are just a few tips and issues to be aware of. To watch the webinar from Professor Wool in full, check out the recording here . Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

  • Partner solution brief AlgoSec and VMware - AlgoSec

    Partner solution brief AlgoSec and VMware Download PDF Download PDF Add a Title Add a Title Add a Title Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

  • How to stop ransomware in its tracks | AlgoSec

    What to do if your network is infected by ransomware How to prepare a ransomware playbook, using the existing capabilities of network security policy management tools Webinars How to stop ransomware in its tracks Stop ransomware in its tracks. Yes, it’s possible. But the time to prepare is now — before it strikes. In this session, security expert Dania Ben Peretz will demonstrate what to do if your network is infected by ransomware. She will show how to prepare a ransomware playbook, using the existing capabilities of network security policy management tools, so you can handle a ransomware incident as it happens. Join us and learn: The dangers of ransomware How to prepare the playbook How to stop ransomware when it strikes March 31, 2021 Dania Ben Peretz Product Manager Relevant resources Reducing your risk of ransomware attacks Keep Reading Ransomware Attack: Best practices to help organizations proactively prevent, contain and respond Keep Reading Fighting Ransomware - CTO Roundtable Insights Keep Reading Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

  • Hybrid Cloud Security with Google and AlgoSec | AlgoSec

    Learn how Google Cloud and AlgoSec solutions help companies improve visibility and reduce risk in large complex hybrid networking environments Webinars Hybrid Cloud Security with Google and AlgoSec Learn how Google Cloud and AlgoSec solutions help companies improve visibility and reduce risk in large complex hybrid networking environments Learn how Google Cloud and AlgoSec solutions help companies improve visibility and reduce risk in large complex hybrid networking environments November 15, 2023 Faye Feng Product Manager at Google Ava Chawla Global Head of Cloud Security Relevant resources Why misconfigurations continue to plague public cloud network services and how to avoid them? Keep Reading Security policy management for the hybrid cloud environment Read an Ebook Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

  • Checklist for implementing security as code - AlgoSec

    Checklist for implementing security as code Download PDF Download PDF Add a Title Add a Title Add a Title Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

bottom of page