Search results

In this webinar, Omer Ganot, AlgoSec’s Cloud Security Product Manager, and Stuti Deshpande s, Amazon Web Service’s Partner Solutions Architect, will share security challenges in the hybrid cloud and provide tips to protect your AWS and hybrid environment Webinars Overcoming hybrid environment management challenges | AWS & AlgoSec Webinar Public clouds such as Amazon Web Services (AWS) are a critical part of your hybrid network. It is important to keep out the bad guys (including untrusted insiders) and proactively secure your entire hybrid network. Securing your network is both the responsibility of the cloud providers, as well as your organization’s IT and CISOs – the shared responsibility model. As a result, your organization needs visibility into what needs to be protected, as well as an understanding of the tools that are available to keep them secure. In this webinar, Omer Ganot, AlgoSec’s Cloud Security Product Manager, and Stuti Deshpande’s, Amazon Web Service’s Partner Solutions Architect, will share security challenges in the hybrid cloud and provide tips to protect your AWS and hybrid environment, including how to: Securely migrate workloads from on-prem to public cloud Gain unified visibility into your network topology and traffic flows, including both public cloud and on-premises assets, from a single console. Manage/orchestrate multiple layers of security controls and proactively detect misconfigurations Protect your data, accounts, and workloads from misconfiguration risks Protect web applications in AWS by filtering traffic and blocking common attack patterns, such as SQL injection or cross-site scripting Gain a unified view of your compliance status and achieve continuous compliance September 30, 2020 Stuti Deshpande Partner Solution Architect, AWS Omer Ganot Product Manager Relevant resources Migrating Business Applications to AWS? Tips on Where to Start Keep Reading Tips for auditing your AWS security policies, the right way Keep Reading Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Like all modern cloud providers, Amazon adopts the shared responsibility model for cloud security. Amazon guarantees secure... AWS NACL best practices: How to combine security groups with network ACLs effectively Prof. Avishai Wool 2 min read Prof. Avishai Wool Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 8/28/23 Published Like all modern cloud providers, Amazon adopts the shared responsibility model for cloud security. Amazon guarantees secure infrastructure for Amazon Web Services, while AWS users are responsible for maintaining secure configurations. That requires using multiple AWS services and tools to manage traffic. You’ll need to develop a set of inbound rules for incoming connections between your Amazon Virtual Private Cloud (VPC) and all of its Elastic Compute (EC2) instances and the rest of the Internet. You’ll also need to manage outbound traffic with a series of outbound rules. Your Amazon VPC provides you with several tools to do this. The two most important ones are security groups and Network Access Control Lists (NACLs). Security groups are stateful firewalls that secure inbound traffic for individual EC2 instances. Network ACLs are stateless firewalls that secure inbound and outbound traffic for VPC subnets. Managing AWS VPC security requires configuring both of these tools appropriately for your unique security risk profile. This means planning your security architecture carefully to align it the rest of your security framework. For example, your firewall rules impact the way Amazon Identity Access Management (IAM) handles user permissions. Some (but not all) IAM features can be implemented at the network firewall layer of security. Before you can manage AWS network security effectively , you must familiarize yourself with how AWS security tools work and what sets them apart. Everything you need to know about security groups vs NACLs AWS security groups explained: Every AWS account has a single default security group assigned to the default VPC in every Region. It is configured to allow inbound traffic from network interfaces assigned to the same group, using any protocol and any port. It also allows all outbound traffic using any protocol and any port. Your default security group will also allow all outbound IPv6 traffic once your VPC is associated with an IPv6 CIDR block. You can’t delete the default security group, but you can create new security groups and assign them to AWS EC2 instances. Each security group can only contain up to 60 rules, but you can set up to 2500 security groups per Region. You can associate many different security groups to a single instance, potentially combining hundreds of rules. These are all allow rules that allow traffic to flow according the ports and protocols specified. For example, you might set up a rule that authorizes inbound traffic over IPv6 for linux SSH commands and sends it to a specific destination. This could be different from the destination you set for other TCP traffic. Security groups are stateful, which means that requests sent from your instance will be allowed to flow regardless of inbound traffic rules. Similarly, VPC security groups automatically responses to inbound traffic to flow out regardless of outbound rules. However, since security groups do not support deny rules, you can’t use them to block a specific IP address from connecting with your EC2 instance. Be aware that Amazon EC2 automatically blocks email traffic on port 25 by default – but this is not included as a specific rule in your default security group. AWS NACLs explained: Your VPC comes with a default NACL configured to automatically allow all inbound and outbound network traffic. Unlike security groups, NACLs filter traffic at the subnet level. That means that Network ACL rules apply to every EC2 instance in the subnet, allowing users to manage AWS resources more efficiently. Every subnet in your VPC must be associated with a Network ACL. Any single Network ACL can be associated with multiple subnets, but each subnet can only be assigned to one Network ACL at a time. Every rule has its own rule number, and Amazon evaluates rules in ascending order. The most important characteristic of NACL rules is that they can deny traffic. Amazon evaluates these rules when traffic enters or leaves the subnet – not while it moves within the subnet. You can access more granular data on data flows using VPC flow logs. Since Amazon evaluates NACL rules in ascending order, make sure that you place deny rules earlier in the table than rules that allow traffic to multiple ports. You will also have to create specific rules for IPv4 and IPv6 traffic – AWS treats these as two distinct types of traffic, so rules that apply to one do not automatically apply to the other. Once you start customizing NACLs, you will have to take into account the way they interact with other AWS services. For example, Elastic Load Balancing won’t work if your NACL contains a deny rule excluding traffic from 0.0.0.0/0 or the subnet’s CIDR. You should create specific inclusions for services like Elastic Load Balancing, AWS Lambda, and AWS CloudWatch. You may need to set up specific inclusions for third-party APIs, as well. You can create these inclusions by specifying ephemeral port ranges that correspond to the services you want to allow. For example, NAT gateways use ports 1024 to 65535. This is the same range covered by AWS Lambda functions, but it’s different than the range used by Windows operating systems. When creating these rules, remember that unlike security groups, NACLs are stateless. That means that when responses to allowed traffic are generated, those responses are subject to NACL rules. Misconfigured NACLs deny traffic responses that should be allowed, leading to errors, reduced visibility, and potential security vulnerabilities . How to configure and map NACL associations A major part of optimizing NACL architecture involves mapping the associations between security groups and NACLs. Ideally, you want to enforce a specific set of rules at the subnet level using NACLs, and a different set of instance-specific rules at the security group level. Keeping these rulesets separate will prevent you from setting inconsistent rules and accidentally causing unpredictable performance problems. The first step in mapping NACL associations is using the Amazon VPC console to find out which NACL is associated with a particular subnet. Since NACLs can be associated with multiple subnets, you will want to create a comprehensive list of every association and the rules they contain. To find out which NACL is associated with a subnet: Open the Amazon VPC console . Select Subnets in the navigation pane. Select the subnet you want to inspect. The Network ACL tab will display the ID of the ACL associated with that network, and the rules it contains. To find out which subnets are associated with a NACL: Open the Amazon VPC console . Select Network ACLS in the navigation pane. Click over to the column entitled Associated With. Select a Network ACL from the list. Look for Subnet associations on the details pane and click on it. The pane will show you all subnets associated with the selected Network ACL. Now that you know how the difference between security groups and NACLs and you can map the associations between your subnets and NACLs, you’re ready to implement some security best practices that will help you strengthen and simplify your network architecture. 5 best practices for AWS NACL management Pay close attention to default NACLs, especially at the beginning Since every VPC comes with a default NACL, many AWS users jump straight into configuring their VPC and creating subnets, leaving NACL configuration for later. The problem here is that every subnet associated with your VPC will inherit the default NACL. This allows all traffic to flow into and out of the network. Going back and building a working security policy framework will be difficult and complicated – especially if adjustments are still being made to your subnet-level architecture. Taking time to create custom NACLs and assign them to the appropriate subnets as you go will make it much easier to keep track of changes to your security posture as you modify your VPC moving forward. Implement a two-tiered system where NACLs and security groups complement one another Security groups and NACLs are designed to complement one another, yet not every AWS VPC user configures their security policies accordingly. Mapping out your assets can help you identify exactly what kind of rules need to be put in place, and may help you determine which tool is the best one for each particular case. For example, imagine you have a two-tiered web application with web servers in one security group and a database in another. You could establish inbound NACL rules that allow external connections to your web servers from anywhere in the world (enabling port 443 connections) while strictly limiting access to your database (by only allowing port 3306 connections for MySQL). Look out for ineffective, redundant, and misconfigured deny rules Amazon recommends placing deny rules first in the sequential list of rules that your NACL enforces. Since you’re likely to enforce multiple deny rules per NACL (and multiple NACLs throughout your VPC), you’ll want to pay close attention to the order of those rules, looking for conflicts and misconfigurations that will impact your security posture. Similarly, you should pay close attention to the way security group rules interact with your NACLs. Even misconfigurations that are harmless from a security perspective may end up impacting the performance of your instance, or causing other problems. Regularly reviewing your rules is a good way to prevent these mistakes from occurring. Limit outbound traffic to the required ports or port ranges When creating a new NACL, you have the ability to apply inbound or outbound restrictions. There may be cases where you want to set outbound rules that allow traffic from all ports. Be careful, though. This may introduce vulnerabilities into your security posture. It’s better to limit access to the required ports, or to specify the corresponding port range for outbound rules. This establishes the principle of least privilege to outbound traffic and limits the risk of unauthorized access that may occur at the subnet level. Test your security posture frequently and verify the results How do you know if your particular combination of security groups and NACLs is optimal? Testing your architecture is a vital step towards making sure you haven’t left out any glaring vulnerabilities. It also gives you a good opportunity to address misconfiguration risks. This doesn’t always mean actively running penetration tests with experienced red team consultants, although that’s a valuable way to ensure best-in-class security. It also means taking time to validate your rules by running small tests with an external device. Consider using AWS flow logs to trace the way your rules direct traffic and using that data to improve your work. How to diagnose security group rules and NACL rules with flow logs Flow logs allow you to verify whether your firewall rules follow security best practices effectively. You can follow data ingress and egress and observe how data interacts with your AWS security rule architecture at each step along the way. This gives you clear visibility into how efficient your route tables are, and may help you configure your internet gateways for optimal performance. Before you can use the Flow Log CLI, you will need to create an IAM role that includes a policy granting users the permission to create, configure, and delete flow logs. Flow logs are available at three distinct levels, each accessible through its own console: Network interfaces VPCs Subnets You can use the ping command from an external device to test the way your instance’s security group and NACLs interact. Your security group rules (which are stateful) will allow the response ping from your instance to go through. Your NACL rules (which are stateless) will not allow the outbound ping response to travel back to your device. You can look for this activity through a flow log query. Here is a quick tutorial on how to create a flow log query to check your AWS security policies. First you’ll need to create a flow log in the AWS CLI. This is an example of a flow log query that captures all rejected traffic for a specified network interface. It delivers the flow logs to a CloudWatch log group with permissions specified in the IAM role: aws ec2 create-flow-logs \ –resource-type NetworkInterface \ –resource-ids eni-1235b8ca123456789 \ –traffic-type ALL \ –log-group-name my-flow-logs \ –deliver-logs-permission-arn arn:aws:iam::123456789101:role/publishFlowLogs Assuming your test pings represent the only traffic flowing between your external device and EC2 instance, you’ll get two records that look like this: 2 123456789010 eni-1235b8ca123456789 203.0.113.12 172.31.16.139 0 0 1 4 336 1432917027 1432917142 ACCEPT OK 2 123456789010 eni-1235b8ca123456789 172.31.16.139 203.0.113.12 0 0 1 4 336 1432917094 1432917142 REJECT OK To parse this data, you’ll need to familiarize yourself with flow log syntax. Default flow log records contain 14 arguments, although you can also expand custom queries to return more than double that number: Version tells you the version currently in use. Default flow logs requests use Version 2. Expanded custom requests may use Version 3 or 4. Account-id tells you the account ID of the owner of the network interface that traffic is traveling through. The record may display as unknown if the network interface is part of an AWS service like a Network Load Balancer. Interface-id shows the unique ID of the network interface for the traffic currently under inspection. Srcaddr shows the source of incoming traffic, or the address of the network interface for outgoing traffic. In the case of IPv4 addresses for network interfaces, it is always its private IPv4 address. Dstaddr shows the destination of outgoing traffic, or the address of the network interface for incoming traffic. In the case of IPv4 addresses for network interfaces, it is always its private IPv4 address. Srcport is the source port for the traffic under inspection. Dstport is the destination port for the traffic under inspection. Protocol refers to the corresponding IANA traffic protocol number . Packets describes the number of packets transferred. Bytes describes the number of bytes transferred. Start shows the start time when the first data packet was received. This could be up to one minute after the network interface transmitted or received the packet. End shows the time when the last data packet was received. This can be up to one minutes after the network interface transmitted or received the data packet. Action describes what happened to the traffic under inspection: ACCEPT means that traffic was allowed to pass. REJECT means the traffic was blocked, typically by security groups or NACLs. Log-status confirms the status of the flow log: OK means data is logging normally. NODATA means no network traffic to or from the network interface was detected during the specified interval. SKIPDATA means some flow log records are missing, usually due to internal capacity restraints or other errors. Going back to the example above, the flow log output shows that a user sent a command from a device with the IP address 203.0.113.12 to the network interface’s private IP address, which is 172.31.16.139. The security group’s inbound rules allowed the ICMP traffic to travel through, producing an ACCEPT record. However, the NACL did not let the ping response go through, because it is stateless. This generated the REJECT record that followed immediately after. If you configure your NACL to permit output ICMP traffic and run this test again, the second flow log record will change to ACCEPT. azon Web Services (AWS) is one of the most popular options for organizations looking to migrate their business applications to the cloud. It’s easy to see why: AWS offers high capacity, scalable and cost-effective storage, and a flexible, shared responsibility approach to security. Essentially, AWS secures the infrastructure, and you secure whatever you run on that infrastructure. However, this model does throw up some challenges. What exactly do you have control over? How can you customize your AWS infrastructure so that it isn’t just secure today, but will continue delivering robust, easily managed security in the future? The basics: security groups AWS offers virtual firewalls to organizations, for filtering traffic that crosses their cloud network segments. The AWS firewalls are managed using a concept called Security Groups. These are the policies, or lists of security rules, applied to an instance – a virtualized computer in the AWS estate. AWS Security Groups are not identical to traditional firewalls, and they have some unique characteristics and functionality that you should be aware of, and we’ve discussed them in detail in video lesson 1: the fundamentals of AWS Security Groups , but the crucial points to be aware of are as follows. First, security groups do not deny traffic – that is, all the rules in security groups are positive, and allow traffic. Second, while security group rules can be set to specify a traffic source, or a destination, they cannot specify both on the same rule. This is because AWS always sets the unspecified side (source or destination) as the instance to which the group is applied. Finally, single security groups can be applied to multiple instances, or multiple security groups can be applied to a single instance: AWS is very flexible. This flexibility is one of the unique benefits of AWS, allowing organizations to build bespoke security policies across different functions and even operating systems, mixing and matching them to suit their needs. Adding Network ACLs into the mix To further enhance and enrich its security filtering capabilities AWS also offers a feature called Network Access Control Lists (NACLs). Like security groups, each NACL is a list of rules, but there are two important differences between NACLs and security groups. The first difference is that NACLs are not directly tied to instances, but are tied with the subnet within your AWS virtual private cloud that contains the relevant instance. This means that the rules in a NACL apply to all of the instances within the subnet, in addition to all the rules from the security groups. So a specific instance inherits all the rules from the security groups associated with it, plus the rules associated with a NACL which is optionally associated with a subnet containing that instance. As a result NACLs have a broader reach, and affect more instances than a security group does. The second difference is that NACLs can be written to include an explicit action, so you can write ‘deny’ rules – for example to block traffic from a particular set of IP addresses which are known to be compromised. The ability to write ‘deny’ actions is a crucial part of NACL functionality. It’s all about the order As a consequence, when you have the ability to write both ‘allow’ rules and ‘deny’ rules, the order of the rules now becomes important. If you switch the order of the rules between a ‘deny’ and ‘allow’ rule, then you’re potentially changing your filtering policy quite dramatically. To manage this, AWS uses the concept of a ‘rule number’ within each NACL. By specifying the rule number, you can identify the correct order of the rules for your needs. You can choose which traffic you deny at the outset, and which you then actively allow. As such, with NACLs you can manage security tasks in a way that you cannot do with security groups alone. However, we did point out earlier that an instance inherits security rules from both the security groups, and from the NACLs – so how do these interact? The order by which rules are evaluated is this; For inbound traffic, AWS’s infrastructure first assesses the NACL rules. If traffic gets through the NACL, then all the security groups that are associated with that specific instance are evaluated, and the order in which this happens within and among the security groups is unimportant because they are all ‘allow’ rules. For outbound traffic, this order is reversed: the traffic is first evaluated against the security groups, and then finally against the NACL that is associated with the relevant subnet. You can see me explain this topic in person in my new whiteboard video: Schedule a demo Related Articles 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

The joint offering helps enterprises tighten their security posture, effectively mitigate Ransomware and other Cyberattacks and ensure long-term sustainability Deloitte and AlgoSec Partner to Establish a Joint Network Protection Transformation Solution for Enterprises The joint offering helps enterprises tighten their security posture, effectively mitigate Ransomware and other Cyberattacks and ensure long-term sustainability November 9, 2020 Speak to one of our experts RIDGEFIELD PARK, N.J., November 9, 2020 – The EMEA Telecom Engineering Centre of Excellence (TEE) of Deloitte (located in Portugal) and AlgoSec , the leading provider of business-driven network security management solutions, have entered into an alliance to establish a network protection transformation offer to safeguard clients against complex threats and attacks. The combined team will deliver, operate, and maintain a network protection offer with joint functions managed between Deloitte and AlgoSec. Deloitte TEE will focus on delivering business process transformation capabilities, business and technical advisory and project management to ensure reliability and sustainability on the proposed capabilities, while AlgoSec will provide technical support to customize, deploy and operate the tool to accelerate and automate the network security management, and ensure the offer is aligned with the business’ requirements. The Deloitte and AlgoSec joint offering provides a business-centric approach to network security management across the entire hybrid and multi-vendor environment. The solution offers comprehensive visibility across the network security environment and business applications, agile and secure policy change management via zero touch automation, and continuous compliance assurance. The offering also includes a Network Security Hardening Service, which begins to understand the Client’s network level of exposure, current vulnerabilities and the potential impact of network threats, before performing a transformation strategy to strengthen current capabilities and remediate network risks and vulnerabilities, followed by a Network Security Managed Service to monitor and guarantee long-term sustainability. Deloitte TEE will also become a reselling partner to support AlgoSec in the global market, using a structured offer model with advantages for the partnership and the client. Jade Kahn, AlgoSec CMO said: “Network protection should be a priority for companies to mitigate the damage caused by an increasing number of complex cyber threats. With an appropriate strategy in place, they can identify and contain threats before they are able to move freely across the network. We look forward to working alongside Deloitte and delivering value to its clients.” Pedro Tavares, Partner of Deloitte Portugal and responsible for the EMEA Telecom Engineering Centre of Excellence (TEE): “TEE focus is on delivering high value telecoms engineering consultancy services towards our customers, and under the ongoing digitalization wave and in the advent of 5G, setting up a Network Protection offer to ensure that this improvement in the connectivity, communication and user experience do not bring substantial business risks is a key stepping stone towards this strategy. We expect with this combined offer to support our clients in improving their network security, mitigating their network risks and enhancing their key Capabilities to ensure a sustainable transformation of their business”. About AlgoSec The leading provider of business-driven network security management solutions, AlgoSec helps the world’s largest organizations align security with their mission-critical business processes. With AlgoSec, users can discover, map and migrate business application connectivity, proactively analyze risk from the business perspective, tie cyber-attacks to business processes and intelligently automate network security changes with zero touch – across their cloud, SDN and on-premise networks. Over 1,800 enterprises, including 20 of the Fortune 50, have utilized AlgoSec’s solutions to make their organizations more agile, more secure and more compliant – all the time. Since 2005, AlgoSec has shown its commitment to customer satisfaction with the industry’s only money-back guarantee . All product and company names herein may be trademarks of their registered owners. Media Contacts:Tsippi Dach [email protected] Craig Coward Context Public [email protected] +44 (0)1625 511 966 Olga Neves Media Relations & External CommunicationsDeloitte PortugalTlm: (+351) 918 985 [email protected] About Deloitte Deloitte, us, we and our refer to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more.Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our global network of member firms and related entities in more than 150 countries and territories (collectively, the “Deloitte organization”) serves four out of five Fortune Global 500® companies. Learn how Deloitte’s more than 330,000 people make an impact that matters at www.deloitte.com . About EMEA Telecom Engineering Centre of Excellence (TEE) The EMEA Telecom Engineering Centre of Excellence (TEE) is an operational area specialized in telecom engineering services, managed by Deloitte Portugal, that offers engineering services for mobile, fixed and convergent telecom networks, service platforms and operating support systems (“OSS”) for the Europe, Middle East, Africa region (“EMEA”).

Level Up Your Security Game: Time for a Mindset Reset! Hey everyone, and welcome! If you're involved in keeping your organization safe online these days, you're in the right place. For years, security felt like building a super strong castle with thick walls and a deep moat, hoping the bad guys would just stay outside. But let's be real, in our multi-cloud world, that castle is starting to look a little... outdated. Think about it: your apps and data aren't neatly tucked away in one place... 5 mindset shifts security teams must adopt to master multi-cloud security Iris Stein 2 min read Iris Stein Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 4/9/25 Published Level Up Your Security Game: Time for a Mindset Reset! Hey everyone, and welcome! If you're involved in keeping your organization safe online these days, you're in the right place. For years, security felt like building a super strong castle with thick walls and a deep moat, hoping the bad guys would just stay outside. But let's be real, in our multi-cloud world, that castle is starting to look a little... outdated. Think about it: your apps and data aren't neatly tucked away in one place anymore. They're bouncing around on AWS, Azure, GCP, all sorts of platforms – practically everywhere! Trying to handle that with old-school security is like trying to catch smoke with a fishing net. Not gonna work, right? That's why we're chatting today. Gal Yosef, Head of Product Management in the U.S., gets it. He's helped us dive into some crucial mindset shifts – basically, new ways of thinking – that are essential for navigating the craziness of modern security. We gotta ditch the old ways and get ready to be more agile, work together better, and ultimately, be way more effective. Mindset Shift #1: From "Our Stuff is Safe Inside This Box" to "Trust Nothing, Verify Everything" Remember the good old days? We built a perimeter – firewalls, VPNs – thinking that everything inside was safe and sound (danger!). Security was all about guarding that edge. The Problem: Well, guess what? That world is gone! Multi-cloud environments have totally shattered that perimeter. Trying to just secure the network edge leaves your real treasures – your applications, users, and data – vulnerable as they roam across different clouds. It's like locking the front door but leaving all the windows wide open! The New Way: Distributed Trust. Security needs to follow your assets, wherever they go. Instead of just focusing on the infrastructure (the pipes and wires), we need to embrace Zero-Trust principles . Think of it like this: never assume anyone or anything is trustworthy, even if they're "inside." We need identity-based, adaptive security policies that constantly validate trust, rather than just assuming it based on location. Security becomes built into applications and workloads, not just bolted onto the network. Think of it this way: Instead of one big, guarded gate, you have individual, smart locks on every valuable asset. You're constantly checking who's accessing what, no matter where they are. It's like having a personal bodyguard for each of your important things, always making sure they have the right ID. Mindset Shift #2: From "My Team Handles Network Security, Their Team Handles Cloud Security" to "Let's All Be Security Buddies!" Ever feel like your network security team speaks a different language than your cloud security team? You're not alone! Traditionally, these have been separate worlds, with network teams focused on firewalls and cloud teams on security groups. The Problem: These separate silos are a recipe for confusion and fragmented security policies. Attackers? They love this! It's like having cracks in your armor. They aren't always going to bash down the front door; they're often slipping through the gaps created by this lack of communication. The New Way: Cross-functional collaboration. We need to tear down those walls! Network and cloud security teams need to work together, speaking a shared security language. Unified visibility and consistent policies across all your environments are key. Think of it like a superhero team – everyone has their own skills, but they work together seamlessly to fight the bad guys. Regular communication, shared tools, and a common understanding of the risks are crucial. Mindset Shift #3: From "Reacting When Something Breaks" to "Always Watching and Fixing Things Before They Do" Remember the old days of waiting for an alert to pop up saying something was wrong? That's like waiting for your car to break down before you even think about checking the oil. Not the smartest move, right? The Problem: In the fast-paced world of the cloud, waiting for things to go wrong is a recipe for disaster. Attacks can happen super quickly, and by the time you react, the damage might already be done. Plus, manually checking everything all the time? Forget about it – it's just not scalable when you've got stuff spread across multiple clouds. The New Way: Continuous & Automated Enforcement. We need to shift to a mindset of constant monitoring and automated security actions. Think of it like having a security system that's always on, always learning, and can automatically respond to threats in real-time. This means using tools and processes that continuously check for vulnerabilities, enforce security policies automatically, and even predict potential problems before they happen. It's like having a proactive security guard who not only watches for trouble but can also automatically lock doors and sound alarms the moment something looks fishy. Mindset Shift #4: From "Locking Everything Down Tight" to "Finding the Right Balance with Flexible Rules" We used to think the best security was the strictest security – lock everything down, say "no" to everything. But let's be honest, that can make it super hard for people to actually do their jobs! It's like putting so many locks on a door that nobody can actually get through it. The Problem: Overly restrictive security can stifle innovation and slow things down. Developers can get frustrated, and the business can't move as quickly as it needs to. Plus, sometimes those super strict rules can even create workarounds that actually make things less secure in the long run. The New Way: Flexible Guardrails. We need to move towards security that provides clear boundaries (the "guardrails") but also allows for agility and flexibility. Think of it like setting clear traffic laws – you know what's allowed and what's not, but you can still drive where you need to go. This means defining security policies that are adaptable to different cloud environments and business needs. It's about enabling secure innovation, not blocking it. We need to find that sweet spot where security empowers the business instead of hindering it. Mindset Shift #5: From "Security is a Cost Center" to "Security is a Business Enabler" Sometimes, security gets seen as just an expense, something we have to do but doesn't really add value. It's like thinking of insurance as just another bill. The Problem: When security is viewed as just a cost, it often gets underfunded or seen as a roadblock. This can lead to cutting corners and ultimately increasing risk. It's like trying to save money by neglecting the brakes on your car – it might seem cheaper in the short term, but it can have disastrous consequences later. The New Way: Security as a Business Enabler. We need to flip this thinking! Strong security isn't just about preventing bad things from happening; it's about building trust with customers, enabling new business opportunities, and ensuring the long-term resilience of the organization. Think of it like a strong foundation for a building – without it, you can't build anything lasting. By building security into our processes and products from the start, we can actually accelerate innovation and gain a competitive advantage. It's about showing our customers that we take their data seriously and that they can trust us. Wrapping Up: Moving to a multi-cloud world is exciting, but it definitely throws some curveballs at how we think about security. By adopting these five new mindsets, we can ditch the outdated castle mentality and build a more agile, collaborative, and ultimately more secure future for our organizations. It's not about being perfect overnight, but about starting to shift our thinking and embracing these new approaches. So, let's level up our security game together! Schedule a demo Related Articles 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Convergence has been claimed. Security orgs merged their teams, aligned their titles, and drew the new boxes on the whiteboard. The... Convergence didn’t fail, compliance did. Adel Osta Dadan 2 min read Adel Osta Dadan Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 6/17/25 Published Convergence has been claimed. Security orgs merged their teams, aligned their titles, and drew the new boxes on the whiteboard. The result: security teams are now responsible for both cloud and on-premises network environments. But for many of those teams, compliance is still running on fumes. The reporting lines changed. The responsibilities increased. The oversight? Still patchy. The systems? Still fragmented. And the ability to demonstrate consistent policy enforcement across hybrid environments—where compliance lives or dies—has never been more at risk. This isn’t an edge case. It’s structural. And it’s quietly putting every converged team in a bind. The illusion of control If convergence was supposed to simplify compliance, most teams missed the memo. Cloud-native controls don’t sync with on-prem rule sets. Application deployments move faster than the audits tracking them. Policies drift. Risk assessments stall out. And when the next audit comes knocking, security teams are left reconciling evidence after the fact—manually stitching together logs, policies, and screenshots across tools that don’t talk to each other. The result? Ownership without visibility. Policy without context. Responsibility without control. Compliance at the application layer—or nowhere Security and compliance are often treated as parallel tracks. But in hybrid environments, they’re the same problem. The more distributed your network, the more fragmented your enforcement—and the harder it becomes to map controls to real business risk. What matters isn’t whether a port is open. It’s whether the application behind it should be reachable from that region, that VPC, or that user. That requires context. And today, context lives at the application layer. This is where AlgoSec Horizon changes the equation. AlgoSec Horizon is the first platform built to secure application connectivity across hybrid networks—with compliance embedded by design. Horizon: compliance that knows what it’s looking at With Horizon, compliance isn’t an add-on. It’s the outcome of deep visibility and policy awareness at the level that actually matters: the business application. Our customers are using Horizon to: Automatically discover and map every business application—including shadow IT and unapproved flows Simulate rule changes in advance, avoiding deployment errors that compromise compliance Track and enforce policies in context, with real-time validation against compliance frameworks Generate audit-ready reports across hybrid networks without assembling data by hand It’s compliance without the swivel chair. And it’s already helping converged teams move faster—without giving up control. Compliance can’t be an after-thought. Security convergence wasn’t the mistake. Stopping at structure was. When compliance is left behind, the risk isn’t just audit failure—it’s operational drag. Policy friction. Delays in application delivery. Missed SLAs. Because the real impact of compliance gaps isn’t found in the SOC—it’s found in the business outcomes that stall because security couldn’t keep pace. Horizon closes that gap. Because in a world of converged teams and hybrid environments, security has to operate with complete visibility—and compliance has to work at the speed of the application. Schedule a demo Related Articles 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

AlgoSec’s incident response integration extends collaboration to add critical business context to incident information and automates threat remediation AlgoSec Introduces New Integration with IBM Resilient to Accelerate Incident Response AlgoSec’s incident response integration extends collaboration to add critical business context to incident information and automates threat remediation February 28, 2019 Speak to one of our experts Ridgefield Park, NJ (February 28, 2019) – AlgoSec , the leading provider of business-driven network security management solutions, today announced a new integration with the IBM® Resilient® Incident Response Platform (IRP), enabling organizations to tie security incidents and attacks directly to the business processes that could be impacted. AlgoSec’s integration provides security analysts with the ability to enrich the Resilient IRP with critical business and network context to immediately assess an incident’s potential business impact, and to prioritize and automate remediation efforts accordingly. Leveraging Resilient’s open application programming interfaces (API), the AlgoSec integration with Resilient allows joint users to: Quickly highlight in the Resilient dashboard which applications are impacted by an incident, and how business-critical those applications are Automatically associate security incidents with the applications, servers, network connectivity flows and security devices impacted by an attack Identify network connectivity to and from compromised servers, such as connectivity to the internet or to sensitive networks Automatically implement change requests to quickly isolate compromised servers from the rest of the network and the public Internet Get key insights to assist with cyber-threat forensics and compliance reporting With this new integration, security analysts can quickly reduce the impact of attacks on the business. The AlgoSec integration for the Resilient IRP helps block attempts at data exfiltration and makes it more difficult for hackers to move laterally within the network from affected servers. The integration helps organizations to streamline and accelerate their IR processes by automating time-consuming security changes and proactively analysing business risk. “SOC teams need to quickly sift through the volumes of complex alerts they receive each day, to identify the attacks that could affect key business processes and take action before they cause disruption and damage,” said Anner Kushnir, VP of Technology at AlgoSec. “The new AlgoSec integration with IBM Resilient enables joint customers to link cyber-attacks directly to the business applications that are being targeted, and then prioritize and automate their remediation efforts based on the attack’s severity and risk to the business –aligning incident response processes with the overall business strategy.” As part of this integration, AlgoSec has extended their offerings on the IBM Security App Exchange , a marketplace where developers across the industry can share applications based on IBM Security technologies. As threats are evolving faster than ever, collaborative development amongst the cyber community will help organizations adapt quickly and speed innovation in the fight against cybercrime. About AlgoSec The leading provider of business-driven network security management solutions, AlgoSec helps the world’s largest organizations align security with their mission-critical business processes. With AlgoSec, users can discover, map and migrate business application connectivity, proactively analyze risk from the business perspective, tie cyber-attacks to business processes and intelligently automate network security changes with zero touch – across their cloud, SDN and on-premise networks. Over 1,800 enterprises , including 20 of the Fortune 50, have utilized AlgoSec’s solutions to make their organizations more agile, more secure and more compliant – all the time. Since 2005, AlgoSec has shown its commitment to customer satisfaction with the industry’s only money-back guarantee. All product and company names herein may be trademarks of their registered owners. *** Media Contacts:Tsippi [email protected] Craig CowardContext Public [email protected] +44 (0)1625 511 966

The research found that organizations are prioritizing security, seamless integration, and compliance in hybrid cloud environments with Cisco, Palo Alto Networks, AWS and Microsoft Azure among the leaders The 2024 State of Network Security Report Reveals a Shift Towards Multi-Cloud Environments, with a 47% Increase in SD-WAN and 25% Uptick in SASE Adoption The research found that organizations are prioritizing security, seamless integration, and compliance in hybrid cloud environments with Cisco, Palo Alto Networks, AWS and Microsoft Azure among the leaders June 27, 2024 Speak to one of our experts RIDGEFIELD PARK, NJ, June 27, 2024 – Global cybersecurity leader AlgoSec has released its annual ‘The State of Network Security Report’ providing a broad view of network security in hybrid cloud environments, identifying the most popular strategies adopted by security professionals. The report sheds light on key market trends and highlights the solutions and technologies that are in demand and why, helping organizations to navigate the complexities of modern network security. Based on two comparative surveys conducted in H2 of 2022 and 2023, AlgoSec’s research evaluated market leaders including AWS, Microsoft Azure, Check Point, Palo Alto Networks, Cisco and more, identifying significant shifts in cloud platform adoption, deployment of firewalls and Software-Defined Wide Area Network (SD-WAN), as well as Secure Access Service Edge (SASE) implementation. Key findings from the report include: ● Security, continuity, and compliance driving cloud platform selection – When selecting a cloud platform, organizations prioritize seamless integration, compliance, and robust security features. While the overall adoption of cloud platforms has grown, the ranking of different vendors has remained relatively stable. Azure continues to be the most widely used platform, closely followed by AWS, which has shown the fastest pace of growth. ● The growing adoption of SD-WAN – The move towards remote working and cloud computing has been the catalyst for the increased deployment of SD-WAN, ensuring secure and reliable connections across multiple locations. That is reflected in the report, with a steep decline in the number of organizations that had no SD-WAN solution from 55.2% in 2022 to 34% in 2023. ● The rise in SASE adoption – With network infrastructures becoming more complex, SASE has become a popular solution for organizations, consolidating multiple security functions into a single, unified, cloud service. The report found the rate of SASE adoption has increased year-on-year, with notable growth of Zscaler implementation from 21.9% in 2022 to 37% in 2023, and Prisma access implementation from 16.2% in 2022 to 22.8% in 2023. ● The increasing importance of firewalls in cloud estates – With more businesses looking to secure corporate resources across complex cloud networks, firewall implementation has increased as a result, providing organizations with the means to safeguard against external threats. The rate of adoption has risen significantly, with only 7.1% of respondents saying they had no firewalls deployed in 2023 - a sharp drop from the 28.4% recorded in 2022. ● The persistence of hybrid networks – Despite the general shift towards cloud adoption, on-premise data centers and device rollouts remain a significant feature of the network landscape. “According to our research there has been greater adoption of cloud-based network security solutions across the board”, said Eran Shiff, VP Product of AlgoSec. “However, there is still progress to be made in the SD-WAN and SASE space. By identifying the key trends and the most popular solutions on the market, we can provide some much-needed clarity into the complex world of network security.” The full report can be accessed here . About AlgoSec AlgoSec, a global cybersecurity leader, empowers organizations to secure application connectivity and cloud-native applications throughout their multi-cloud and hybrid network. Trusted by more than 1,800 of the world’s leading organizations, AlgoSec’s application-centric approach enables secure acceleration of business application deployment by centrally managing application connectivity and security policies across the public clouds, private clouds, containers, and on-premises networks. Using its unique vendor-agnostic deep algorithm for intelligent change management automation, AlgoSec enables the acceleration of digital transformation projects, helps prevent business application downtime and substantially reduces manual work and exposure to security risks. AlgoSec’s policy management and CNAPP platforms provide a single source for visibility into security and compliance issues within cloud-native applications as well as across the hybrid network environment, to ensure ongoing adherence to internet security standards, industry, and internal regulations. Learn how AlgoSec enables application owners, information security experts, DevSecOps and cloud security teams to deploy business applications up to 10 times faster while maintaining security at https://www.algosec.com . 

Webinars Micro-Segmentation Implementation – Taking the Leap from Strategy to Execution Micro-segmentation helps protect the enterprise network against the lateral movement of malware and insider threats. Maybe you’re in the process of developing a micro-segmentation strategy or just about to start a micro-segmentation project, but don’t know where to begin and concerned about mistakes along the way. In this practical webinar, Professor Avishai Wool, AlgoSec CTO and co-founder, will walk you through each step of your micro-segmentation project – from developing the right micro-segmentation strategy to successfully implementing and maintaining your micro-segmented network. Join our live webinar to learn: Why micro-segmentation is a critical part of your network security posture. Common pitfalls in micro-segmentation projects and how to avoid them. The stages of a successful micro-segmentation project. How to monitor and maintain your micro-segmented network. The role of policy management, change management, and automation in micro-segmentation. Prof. Avishai Wool CTO & Co Founder AlgoSec Relevant resources How to Structure Network Objects to Plan for Future Policy Growth Watch Video Data Center Segmentation Best Practices Watch Video Microsegmentation - Ongoing Maintenance Watch Video Create & Manage a Micro-Segmented Data Center – Best Practices Keep Reading Microsegmentation for Network Security – AlgoSec / SANS Webinar Keep Reading Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

A ZeroTrust network architecture mitigates risk by only providing the minimally required access to your network resources But implementing it is easier said than done Webinars Micro-segmentation – from Strategy to Execution Organizations heavily invest in security solutions to keep their networks safe, but still struggle to close the security gaps. Micro-segmentation helps protect against the lateral movement of malware and minimizes the risk of insider threats. Micro-segmentation has received lots of attention as a possible solution, but many IT security professionals aren’t sure where to begin or what approach to take. In this practical webinar, Prof. Avishai Wool, AlgoSec’s CTO and co-founder will guide you through each stage of a micro-segmentation project – from developing the correct micro-segmentation strategy to effectively implementing it and continually maintaining your micro-segmented network. Register now for this live webinar and get a practical blueprint to creating your micro-segmentation policy: What is micro-segmentation. Common pitfalls in micro-segmentation projects and how to avoid them. The stages of a successful micro-segmentation project. The role of policy change management and automation in micro-segmentation. Don’t forget to also click on the links in the Attachments tab. July 7, 2020 Prof. Avishai Wool CTO & Co Founder AlgoSec Relevant resources Microsegmentation Defining Logical Segments Watch Video Micro-Segmentation based Network Security Strategies Keep Reading Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

NAT Network Security I came across some discussions regarding Network Address Translation (NAT) and its impact on security and the... Firewall Change Management To NAT or not to NAT – It’s not really a question Prof. Avishai Wool 2 min read Prof. Avishai Wool Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 11/26/13 Published NAT Network Security I came across some discussions regarding Network Address Translation (NAT) and its impact on security and the network. Specifically the premise that “ NAT does not add any real security to a network while it breaks almost any good concepts of a structured network design ” is what I’d like to address. When it comes to security, yes, NAT is a very poor protection mechanism and can be circumvented in many ways. It causes headaches to network administrators. So now that we’ve quickly summarized all that’s bad about NAT, let’s address the realization that most organizations use NAT because they HAVE to, not because it’s so wonderful. The alternative to using NAT has a prohibitive cost and is possibly impossible. To dig into what I mean, let’s walk through the following scenario… Imagine you have N devices in your network that need an IP address (every computer, printer, tablet, smartphone, IP phone, etc. that belongs to your organization and its guests). Without NAT you would have to purchase N routable IP addresses from your ISP. The costs would skyrocket! At AlgoSec we run a 120+ employee company in numerous countries around the globe. We probably use 1000 IP addresses. We pay for maybe 3 routable IP addresses and NAT away the rest. Without NAT the operational cost of our IP infrastructure would go up by a factor of x300. NAT Security With regards to NAT’s impact on security, just because NAT is no replacement for a proper firewall doesn’t mean it’s useless. Locking your front door also provides very low-grade security – people still do it, since it’s a lot better than not locking your front door. Schedule a demo Related Articles 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

AlgoSec enhances the effectiveness and efficiency of network security in Cisco environments by providing application-centric security, automation, and compliance capabilities AlgoSec Heads to Cisco Live to Empower Organizations to Effectively Secure Application Connectivity across Multi-Cloud and Hybrid networks AlgoSec enhances the effectiveness and efficiency of network security in Cisco environments by providing application-centric security, automation, and compliance capabilities February 2, 2024 Speak to one of our experts RIDGEFIELD PARK, NJ, February 2, 2024 – Global cybersecurity leader AlgoSec will demonstrate the quality of its application-centric hybrid network solutions at this year’s Cisco Live in Amsterdam. AlgoSec will illustrate how its range of value-added product integrations enables organizations to support their business-critical applications while minimizing security risks and ensuring compliance. AlgoSec operates deep at the business application level, allowing organizations to monitor traffic patterns, identify anomalies, and prioritize security incidents. This profound application-level understanding enables network and cloud security professionals to optimize their Cisco environments and minimize the attack surface and risk of unauthorized access. As a SolutionsPlus partner, AlgoSec have fostered a strong relationship with Cisco that enables us to effectively address the needs of their customers, which have changed over time with the increasing adoption of hybrid cloud networks. The integration of Cisco and AlgoSec’s solutions delivers innovation to the market and offers greater value to our joint prospects and existing customers. AlgoSec integrates seamlessly with Cisco networking and security solutions, including Cisco Firepower and Cisco ACI (Application Centric Infrastructure). This integration ensures consistent policy enforcement and centralized management, helping organizations to better secure their networks while reducing operational overhead and complexity. AlgoSec has recently introduced early availability for Nexus Dashboard Orchestrator (NDO) support, underscoring a commitment to providing continuity and support for customers navigating transitions in their network infrastructure. As evidence of the company’s commitment and efforts, AlgoSec was recently recognized as one of the “Meraki Picks” companies on the Meraki Marketplace. This showcases partners based on their proven track record with customers, highlighting AlgoSec’s exceptional performance in Network Security and Network Automation. AlgoSec is inviting customers and partners to visit them at Booth E10 at Cisco Live from February 5-8th. For the latest information and to set up a meeting at the show, please visit the event portal . About AlgoSec AlgoSec, a global cybersecurity leader, empowers organizations to secure application connectivity and cloud-native applications throughout their multi-cloud and hybrid network. Trusted by more than 1,800 of the world’s leading organizations, AlgoSec’s application-centric approach enables to securely accelerate business application deployment by centrally managing application connectivity and security policies across the public clouds, private clouds, containers, and on-premises networks. Using its unique vendor-agnostic deep algorithm for intelligent change management automation, AlgoSec enables acceleration of digital transformation projects, helps prevent business application downtime and substantially reduces manual work and exposure to security risks. AlgoSec’s policy management and CNAPP platforms provide a single source for visibility into security and compliance issues within cloud-native applications as well as across the hybrid network environment, to ensure ongoing adherence to internet security standards, industry, and internal regulations. Learn how AlgoSec enables application owners, information security experts, DevSecOps and cloud security teams to deploy business applications up to 10 times faster while maintaining security at https://www.algosec.com .

The Digital Operational Resilience Act (DORA) is set to transform how financial institutions across the European Union manage and... Network Security Navigating DORA: How to ensure your network security and compliance strategy is resilient Joseph Hallman 2 min read Joseph Hallman Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 12/19/24 Published The Digital Operational Resilience Act (DORA) is set to transform how financial institutions across the European Union manage and mitigate ICT (Information and Communications Technology) risks. With the official compliance deadline in January 2025, organizations are under pressure to ensure their systems can withstand and recover from disruptions—an urgent priority in an increasingly digitized financial ecosystem. DORA introduces strict requirements for ICT risk management, incident reporting, and third-party oversight, aiming to bolster the operational resilience of financial firms. But what are the key deadlines and penalties, and how can organizations ensure they stay compliant? Key Timelines and Penalties Under DORA Compliance deadline: January 2025 – Financial firms and third-party ICT providers must have operational resilience frameworks in place by this deadline. Regular testing requirements – Companies will need to conduct resilience testing regularly, with critical institutions potentially facing enhanced testing requirements. Penalties for non-compliance – Fines for failing to comply with DORA’s mandates can be substantial. Non-compliance could lead to penalties of up to 2% of annual turnover, and repeated breaches could result in even higher sanctions or operational restrictions. Additionally, firms face reputational risks if they fail to meet incident reporting and recovery expectations. Long term effect- DORA increases senior management's responsibility for ICT risk oversight, driving stronger internal controls and accountability. Executives may face liability for failing to manage risks, reinforcing the focus on compliance and governance. These regulations create a dynamic challenge, as organizations not only need to meet the initial requirements by 2025, but also adapt to the changes as the standards continue to evolve over time. Firewall rule recertification The Digital Operational Resilience Act (DORA) emphasizes the need for financial institutions in the EU to ensure operational resilience in the face of technological risks. While DORA does not explicitly mandate firewall rule recertification , several of its broader requirements apply to the management and oversight of firewall rules and the overall security infrastructure, which would include periodic firewall rule recertification as part of maintaining a robust security posture. A few of the key areas relevant to firewall rules and the necessity for frequent recertification are highlighted below. ICT Risk Management Framework- Article 6 requires financial institutions to implement a comprehensive ICT (Information and Communication Technology) risk management framework. This includes identifying, managing, and regularly testing security policies, which would encompass firewall rules as they are a critical part of network security. Regular rule recertification helps to ensure that firewall configurations are up-to-date and aligned with security policies. Detection Solutions- Article 10 mandates that financial entities must implement effective detection solutions to identify anomalies, incidents, and cyberattacks. These solutions are required to have multiple layers of control, including defined alert thresholds that trigger incident response processes. Regular testing of these detection mechanisms is also essential to ensure their effectiveness, underscoring the need for ongoing evaluations of firewall configurations and rules ICT Business Continuity Policy- Article 11 emphasizes the importance of establishing a comprehensive ICT business continuity policy. This policy should include strategic approaches to risk management, particularly focusing on the security of ICT third-party providers. The requirement for regular testing of ICT business continuity plans, as stipulated in Article 11(6), indirectly highlights the need for frequent recertification of firewall rules. Organizations must document and test their plans at least once a year, ensuring that security measures, including firewalls, are up-to-date and effective against current threats. Backup, Restoration, and Recovery- Article 12 outlines the procedures for backup, restoration, and recovery, necessitating that these processes are tested periodically. Entities must ensure that their backup and recovery systems are segregated and effective, further supporting the requirement for regular recertification of security measures like firewalls to protect backup systems against cyber threats. Crisis Communication Plans- Article 14 details the obligations regarding communication during incidents, emphasizing that organizations must have plans in place to manage and communicate risks related to the security of their networks. This includes ensuring that firewall configurations are current and aligned with incident response protocols, necessitating regular reviews and recertifications to adapt to new threats and changes in the operational environment. In summary, firewall rule recertification supports the broader DORA requirements for maintaining ICT security, managing risks, and ensuring network resilience through regular oversight and updates of critical security configurations. How AlgoSec helps meet regulatory requirements AlgoSec provides the tools, intelligence, and automation necessary to help organizations comply with DORA and other regulatory requirements while streamlining ongoing risk management and security operations. Here’s how: 1. Comprehensive network visibility AlgoSec offers full visibility into your network, including detailed insights into the application connectivity that each firewall rule supports. This application-centric approach allows you to easily identify security gaps or vulnerabilities that could lead to non-compliance. With AlgoSec, you can maintain continuous alignment with regulatory requirements like DORA by ensuring every firewall rule is tied to an active, relevant application. This helps ensure compliance with DORA's ICT risk management framework, including continuous identification and management of security policies (Article 6). Benefit : With this deep visibility, you remain audit-ready with minimal effort, eliminating manual tracking of firewall rules and reducing the risk of errors. 2. Automated risk and compliance reports AlgoSec automates compliance checks across multiple regulations, continuously analyzing your security policies for misconfigurations or risks that may violate regulatory requirements. This includes automated recertification of firewall rules, ensuring your organization stays compliant with frameworks like DORA's ICT Risk Management (Article 6). Benefit : AlgoSec saves your team significant time and reduces the likelihood of costly mistakes, while automatically generating audit-ready reports that simplify your compliance efforts. 3. Incident reporting and response DORA mandates rapid detection, reporting, and recovery during incidents. AlgoSec’s intelligent platform enhances incident detection and response by automatically identifying firewall rules that may be outdated or insecure and aligning security policies with incident response protocols. This helps ensure compliance with DORA's Detection Solutions (Article 10) and Crisis Communication Plans (Article 14). Benefit : By accelerating response times and ensuring up-to-date firewall configurations, AlgoSec helps you meet reporting deadlines and mitigate breaches before they escalate. 4. Firewall policy management AlgoSec simplifies firewall management by taking an application-centric approach to recertifying firewall rules. Instead of manually reviewing outdated rules, AlgoSec ties each firewall rule to the specific application it serves, allowing for quick identification of redundant or risky rules. This ensures compliance with DORA’s requirement for regular rule recertification in both ICT risk management and continuity planning (Articles 6 and 11). Benefit : Continuous optimization of security policies ensures that only necessary and secure rules are in place, reducing network risk and maintaining compliance. 5. Managing third-party risk DORA emphasizes the need to oversee third-party ICT providers as part of a broader risk management framework. AlgoSec integrates seamlessly with other security tools, providing unified visibility into third-party risks across your hybrid environment. With its automated recertification processes, AlgoSec ensures that security policies governing third-party access are regularly reviewed and aligned with business needs. Benefit : This proactive management of third-party risks helps prevent potential breaches and ensures compliance with DORA’s ICT Business Continuity requirements (Article 11). 6. Backup, Restoration, and Recovery AlgoSec helps secure backup and recovery systems by recertifying firewall rules that protect critical assets and applications. DORA’s Backup, Restoration, and Recovery (Article 12) requirements emphasize that security controls must be periodically tested. AlgoSec automates these tests, ensuring your firewall rules support secure, segregated backup systems. Benefit : Automated recertification prevents outdated or insecure rules from jeopardizing your backup processes, ensuring you meet regulatory demands. Stay ahead of compliance with AlgoSec Meeting evolving regulations like DORA requires more than a one-time adjustment—it demands a dynamic, proactive approach to security and compliance. AlgoSec’s application-centric platform is designed to evolve with your business, continuously aligning firewall rules with active applications and automating the process of policy recertification and compliance reporting. By automating key processes such as risk assessments, firewall rule management, and policy recertification, AlgoSec ensures that your organization is always prepared for audits. Continuous monitoring and real-time alerts keep your security posture compliant with DORA and other regulations, while automated reports simplify audit preparation—minimizing the time spent on compliance and reducing human error. With AlgoSec, businesses not only meet compliance regulations but also enhance operational efficiency, improve security, and maintain alignment with global standards. As DORA and other regulatory frameworks evolve, AlgoSec helps you ensure that compliance is an integral, seamless part of your operations. Read our latest whitepaper and watch a short video to learn more about our application-centric approach to firewall rule recertification Schedule a demo Related Articles 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call