Search results

In this webinar, our experts show how application centric automation can help secure connectivity Webinars Secure Application Connectivity with Automation In this webinar, our experts show how application centric automation can help secure connectivity. How can a high degree of application connectivity be achieved when your data is widely distributed? Efficient cloud management helps simplify today’s complex network environment, allowing you to secure application connectivity anywhere. But it can be hard to achieve sufficient visibility when your data is dispersed across numerous public clouds, private clouds, and on-premises devices. Today it is easier than ever to speed up application delivery across a hybrid cloud environment while maintaining a high level of security. In this webinar, we’ll discuss: – The basics of managing multiple workloads in the cloud – How to create a successful enterprise-level security management program – The structure of effective hybrid cloud management March 22, 2022 Asher Benbenisty Director of product marketing Relevant resources Best Practices for Incorporating Security Automation into the DevOps Lifecycle Watch Video Avoiding the Security/Agility Tradeoff with Network Security Policy Automation Keep Reading Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Best practices for network security governance in AWS and hybrid network environments Webinars Cessation of Misconfigurations: Common Network Misconfiguration Risks & How to Avoid Them Avivi Siman-Tov, AlgoSec’s Director of Product | February 18, 2020 Misconfigurations aren’t simply inconvenient mistakes but serious security threats. According to Gartner, 99% of all firewall breaches will be caused by misconfigurations by 2020 and misconfigurations made OWASP’s list of Top 10 most critical web application security risks. A single change to a network device can have far-reaching effects on your business and create security holes for cybercriminals, impact your audits, and cause costly outages that bring your business to a standstill. In this webinar, Avivi Siman-Tov, AlgoSec’s Director of Product, will show examples of common misconfigurations, including device changes, business application connectivity changes, and data center migrations. He will also reveal specific techniques to help you avoid them. Watch the webinar to learn how to: Understand and map your entire network before you make a change Proactively assess the impact of a change to ensure it does not break connectivity, affect compliance or create a security hole and understand the impact of changes to your entire network Maximize the capabilities of network management automation to avoid common misconfigurations Avoid common mistakes when making changes to your network security devices February 18, 2020 Avivi Siman Tov Director of Product Relevant resources Firewall Rule Recertification - An Application-Centric Approach Keep Reading Securing & managing hybrid network security See Documentation Application first cloud security See Documentation Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Learn how NCR improved network security and agility through automation and optimization with Algosec's solutions. Webinars A Customer Story: The NCR journey to effective and agile network security Managing security in a multi-billion-dollar enterprise poses many challenges, as well as opportunities. Go inside an S&P 500 company and hear how they manage their network security. Join Scott Theriault, Global Manager, Network Perimeter Security at NCR Corporation as he shares his real-world experience managing security in a global organization with Yitzy Tannenbaum, Product Marketing Manager at AlgoSec. Get insights on: Key factors managing network security in complex organizations The benefits of network policy optimization Importance of maintaining and demonstrating compliance Change management and automation in large, complex networks Driving alignment of cloud and on-premises security December 17, 2020 Yitzy Tannenbaum Product Marketing Manager Scott Theriault Global Manager, Network Perimeter Security at NCR Corporation Relevant resources AlgoSec Case Study: BT Watch Video Discovery Case Study Keep Reading Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Webinars Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires The growing body of regulations and standards forces enterprises to put considerable emphasis on compliance verified by ad hoc and regular auditing of security policies and controls. While regulatory and internal audits entail a wide range of security checks, network firewalls are featured prominently as they are the first line of defense of the enterprise network. Typical networks might include tens or hundreds of firewalls from multiple vendors running thousands of rules. Auditing firewalls for compliance is becoming more complex and demanding all the time. Documentation of current rules and their evolution of changes is lacking Time and resources required to find, organize and inspect all the firewall rules to determine the level of compliance is exorbitant and growing It’s time to adopt auditing’s best practices to maintain continuous compliance. Join us in this webinar to discover the Firewall Audit Checklist, the 6 best practices that will ensure successful audits and full compliance. By adopting these best practices, security teams will significantly improve their network’s security posture and reduce the pain of ensuring compliance with regulations, industry standards and corporate policies. Tal Dayan AlgoSec security expert Relevant resources Firewall audit checklist for security policy rules review Firewall audit checklist for security policy rules review See Documentation AlgoSec AppViz - Application visibility for AlgoSec Firewall Analyzer See Documentation Firewall policy management Automate firewall rule changes See Documentation Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Webinars Network Security Vision with Application Visibility | Live discussion and demo You’re always making changes to your network, commissioning and decommissioning servers, moving data to and from the cloud, revising application connectivity settings and policies, and/or adding and removing business applications. But how do you make sure that you are not running blind and making network configuration mistakes that may lead to outages? Are you leaving firewall openings for unused applications, making your network vulnerable to insider threats or outside attackers? Stop running blind. Expand your vision with application visibility. With application visibility, you associate your traffic flows to the related business applications, enhance network visibility, improve troubleshooting, gain enhanced compliance reports, and even save time while improving security on your network. In this webinar, Avishai Wool, AlgoSec’s co-founder and CTO, and Yoni Geva, AlgoSec’s Product Manager, will demonstrate – in a live demo – how to overcome these challenges and ensure business continuity through application visibility. Join the webinar and learn how to: Associate your business applications with your security policy rules. Identify the network traffic relevant for each application. Identify hidden risks and vulnerabilities in your applications. Associate compliance violations with relevant business applications. Improve troubleshooting by identifying affected applications. Better document the applications on your network. March 5, 2020 Prof. Avishai Wool CTO & Co Founder AlgoSec Yoni Geva Product Manager Relevant resources Adopting an application-centric approach to security management: getting business leaders interested Keep Reading The Need for Application-Centric Security Policy Management Keep Reading Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

In this webinar, Omer Ganot, AlgoSec’s Cloud Security Product Manager, and Stuti Deshpande s, Amazon Web Service’s Partner Solutions Architect, will share security challenges in the hybrid cloud and provide tips to protect your AWS and hybrid environment Webinars Overcoming hybrid environment management challenges | AWS & AlgoSec Webinar Public clouds such as Amazon Web Services (AWS) are a critical part of your hybrid network. It is important to keep out the bad guys (including untrusted insiders) and proactively secure your entire hybrid network. Securing your network is both the responsibility of the cloud providers, as well as your organization’s IT and CISOs – the shared responsibility model. As a result, your organization needs visibility into what needs to be protected, as well as an understanding of the tools that are available to keep them secure. In this webinar, Omer Ganot, AlgoSec’s Cloud Security Product Manager, and Stuti Deshpande’s, Amazon Web Service’s Partner Solutions Architect, will share security challenges in the hybrid cloud and provide tips to protect your AWS and hybrid environment, including how to: Securely migrate workloads from on-prem to public cloud Gain unified visibility into your network topology and traffic flows, including both public cloud and on-premises assets, from a single console. Manage/orchestrate multiple layers of security controls and proactively detect misconfigurations Protect your data, accounts, and workloads from misconfiguration risks Protect web applications in AWS by filtering traffic and blocking common attack patterns, such as SQL injection or cross-site scripting Gain a unified view of your compliance status and achieve continuous compliance September 30, 2020 Stuti Deshpande Partner Solution Architect, AWS Omer Ganot Product Manager Relevant resources Migrating Business Applications to AWS? Tips on Where to Start Keep Reading Tips for auditing your AWS security policies, the right way Keep Reading Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Like all modern cloud providers, Amazon adopts the shared responsibility model for cloud security. Amazon guarantees secure... AWS NACL best practices: How to combine security groups with network ACLs effectively Prof. Avishai Wool 2 min read Prof. Avishai Wool Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 8/28/23 Published Like all modern cloud providers, Amazon adopts the shared responsibility model for cloud security. Amazon guarantees secure infrastructure for Amazon Web Services, while AWS users are responsible for maintaining secure configurations. That requires using multiple AWS services and tools to manage traffic. You’ll need to develop a set of inbound rules for incoming connections between your Amazon Virtual Private Cloud (VPC) and all of its Elastic Compute (EC2) instances and the rest of the Internet. You’ll also need to manage outbound traffic with a series of outbound rules. Your Amazon VPC provides you with several tools to do this. The two most important ones are security groups and Network Access Control Lists (NACLs). Security groups are stateful firewalls that secure inbound traffic for individual EC2 instances. Network ACLs are stateless firewalls that secure inbound and outbound traffic for VPC subnets. Managing AWS VPC security requires configuring both of these tools appropriately for your unique security risk profile. This means planning your security architecture carefully to align it the rest of your security framework. For example, your firewall rules impact the way Amazon Identity Access Management (IAM) handles user permissions. Some (but not all) IAM features can be implemented at the network firewall layer of security. Before you can manage AWS network security effectively , you must familiarize yourself with how AWS security tools work and what sets them apart. Everything you need to know about security groups vs NACLs AWS security groups explained: Every AWS account has a single default security group assigned to the default VPC in every Region. It is configured to allow inbound traffic from network interfaces assigned to the same group, using any protocol and any port. It also allows all outbound traffic using any protocol and any port. Your default security group will also allow all outbound IPv6 traffic once your VPC is associated with an IPv6 CIDR block. You can’t delete the default security group, but you can create new security groups and assign them to AWS EC2 instances. Each security group can only contain up to 60 rules, but you can set up to 2500 security groups per Region. You can associate many different security groups to a single instance, potentially combining hundreds of rules. These are all allow rules that allow traffic to flow according the ports and protocols specified. For example, you might set up a rule that authorizes inbound traffic over IPv6 for linux SSH commands and sends it to a specific destination. This could be different from the destination you set for other TCP traffic. Security groups are stateful, which means that requests sent from your instance will be allowed to flow regardless of inbound traffic rules. Similarly, VPC security groups automatically responses to inbound traffic to flow out regardless of outbound rules. However, since security groups do not support deny rules, you can’t use them to block a specific IP address from connecting with your EC2 instance. Be aware that Amazon EC2 automatically blocks email traffic on port 25 by default – but this is not included as a specific rule in your default security group. AWS NACLs explained: Your VPC comes with a default NACL configured to automatically allow all inbound and outbound network traffic. Unlike security groups, NACLs filter traffic at the subnet level. That means that Network ACL rules apply to every EC2 instance in the subnet, allowing users to manage AWS resources more efficiently. Every subnet in your VPC must be associated with a Network ACL. Any single Network ACL can be associated with multiple subnets, but each subnet can only be assigned to one Network ACL at a time. Every rule has its own rule number, and Amazon evaluates rules in ascending order. The most important characteristic of NACL rules is that they can deny traffic. Amazon evaluates these rules when traffic enters or leaves the subnet – not while it moves within the subnet. You can access more granular data on data flows using VPC flow logs. Since Amazon evaluates NACL rules in ascending order, make sure that you place deny rules earlier in the table than rules that allow traffic to multiple ports. You will also have to create specific rules for IPv4 and IPv6 traffic – AWS treats these as two distinct types of traffic, so rules that apply to one do not automatically apply to the other. Once you start customizing NACLs, you will have to take into account the way they interact with other AWS services. For example, Elastic Load Balancing won’t work if your NACL contains a deny rule excluding traffic from 0.0.0.0/0 or the subnet’s CIDR. You should create specific inclusions for services like Elastic Load Balancing, AWS Lambda, and AWS CloudWatch. You may need to set up specific inclusions for third-party APIs, as well. You can create these inclusions by specifying ephemeral port ranges that correspond to the services you want to allow. For example, NAT gateways use ports 1024 to 65535. This is the same range covered by AWS Lambda functions, but it’s different than the range used by Windows operating systems. When creating these rules, remember that unlike security groups, NACLs are stateless. That means that when responses to allowed traffic are generated, those responses are subject to NACL rules. Misconfigured NACLs deny traffic responses that should be allowed, leading to errors, reduced visibility, and potential security vulnerabilities . How to configure and map NACL associations A major part of optimizing NACL architecture involves mapping the associations between security groups and NACLs. Ideally, you want to enforce a specific set of rules at the subnet level using NACLs, and a different set of instance-specific rules at the security group level. Keeping these rulesets separate will prevent you from setting inconsistent rules and accidentally causing unpredictable performance problems. The first step in mapping NACL associations is using the Amazon VPC console to find out which NACL is associated with a particular subnet. Since NACLs can be associated with multiple subnets, you will want to create a comprehensive list of every association and the rules they contain. To find out which NACL is associated with a subnet: Open the Amazon VPC console . Select Subnets in the navigation pane. Select the subnet you want to inspect. The Network ACL tab will display the ID of the ACL associated with that network, and the rules it contains. To find out which subnets are associated with a NACL: Open the Amazon VPC console . Select Network ACLS in the navigation pane. Click over to the column entitled Associated With. Select a Network ACL from the list. Look for Subnet associations on the details pane and click on it. The pane will show you all subnets associated with the selected Network ACL. Now that you know how the difference between security groups and NACLs and you can map the associations between your subnets and NACLs, you’re ready to implement some security best practices that will help you strengthen and simplify your network architecture. 5 best practices for AWS NACL management Pay close attention to default NACLs, especially at the beginning Since every VPC comes with a default NACL, many AWS users jump straight into configuring their VPC and creating subnets, leaving NACL configuration for later. The problem here is that every subnet associated with your VPC will inherit the default NACL. This allows all traffic to flow into and out of the network. Going back and building a working security policy framework will be difficult and complicated – especially if adjustments are still being made to your subnet-level architecture. Taking time to create custom NACLs and assign them to the appropriate subnets as you go will make it much easier to keep track of changes to your security posture as you modify your VPC moving forward. Implement a two-tiered system where NACLs and security groups complement one another Security groups and NACLs are designed to complement one another, yet not every AWS VPC user configures their security policies accordingly. Mapping out your assets can help you identify exactly what kind of rules need to be put in place, and may help you determine which tool is the best one for each particular case. For example, imagine you have a two-tiered web application with web servers in one security group and a database in another. You could establish inbound NACL rules that allow external connections to your web servers from anywhere in the world (enabling port 443 connections) while strictly limiting access to your database (by only allowing port 3306 connections for MySQL). Look out for ineffective, redundant, and misconfigured deny rules Amazon recommends placing deny rules first in the sequential list of rules that your NACL enforces. Since you’re likely to enforce multiple deny rules per NACL (and multiple NACLs throughout your VPC), you’ll want to pay close attention to the order of those rules, looking for conflicts and misconfigurations that will impact your security posture. Similarly, you should pay close attention to the way security group rules interact with your NACLs. Even misconfigurations that are harmless from a security perspective may end up impacting the performance of your instance, or causing other problems. Regularly reviewing your rules is a good way to prevent these mistakes from occurring. Limit outbound traffic to the required ports or port ranges When creating a new NACL, you have the ability to apply inbound or outbound restrictions. There may be cases where you want to set outbound rules that allow traffic from all ports. Be careful, though. This may introduce vulnerabilities into your security posture. It’s better to limit access to the required ports, or to specify the corresponding port range for outbound rules. This establishes the principle of least privilege to outbound traffic and limits the risk of unauthorized access that may occur at the subnet level. Test your security posture frequently and verify the results How do you know if your particular combination of security groups and NACLs is optimal? Testing your architecture is a vital step towards making sure you haven’t left out any glaring vulnerabilities. It also gives you a good opportunity to address misconfiguration risks. This doesn’t always mean actively running penetration tests with experienced red team consultants, although that’s a valuable way to ensure best-in-class security. It also means taking time to validate your rules by running small tests with an external device. Consider using AWS flow logs to trace the way your rules direct traffic and using that data to improve your work. How to diagnose security group rules and NACL rules with flow logs Flow logs allow you to verify whether your firewall rules follow security best practices effectively. You can follow data ingress and egress and observe how data interacts with your AWS security rule architecture at each step along the way. This gives you clear visibility into how efficient your route tables are, and may help you configure your internet gateways for optimal performance. Before you can use the Flow Log CLI, you will need to create an IAM role that includes a policy granting users the permission to create, configure, and delete flow logs. Flow logs are available at three distinct levels, each accessible through its own console: Network interfaces VPCs Subnets You can use the ping command from an external device to test the way your instance’s security group and NACLs interact. Your security group rules (which are stateful) will allow the response ping from your instance to go through. Your NACL rules (which are stateless) will not allow the outbound ping response to travel back to your device. You can look for this activity through a flow log query. Here is a quick tutorial on how to create a flow log query to check your AWS security policies. First you’ll need to create a flow log in the AWS CLI. This is an example of a flow log query that captures all rejected traffic for a specified network interface. It delivers the flow logs to a CloudWatch log group with permissions specified in the IAM role: aws ec2 create-flow-logs \ –resource-type NetworkInterface \ –resource-ids eni-1235b8ca123456789 \ –traffic-type ALL \ –log-group-name my-flow-logs \ –deliver-logs-permission-arn arn:aws:iam::123456789101:role/publishFlowLogs Assuming your test pings represent the only traffic flowing between your external device and EC2 instance, you’ll get two records that look like this: 2 123456789010 eni-1235b8ca123456789 203.0.113.12 172.31.16.139 0 0 1 4 336 1432917027 1432917142 ACCEPT OK 2 123456789010 eni-1235b8ca123456789 172.31.16.139 203.0.113.12 0 0 1 4 336 1432917094 1432917142 REJECT OK To parse this data, you’ll need to familiarize yourself with flow log syntax. Default flow log records contain 14 arguments, although you can also expand custom queries to return more than double that number: Version tells you the version currently in use. Default flow logs requests use Version 2. Expanded custom requests may use Version 3 or 4. Account-id tells you the account ID of the owner of the network interface that traffic is traveling through. The record may display as unknown if the network interface is part of an AWS service like a Network Load Balancer. Interface-id shows the unique ID of the network interface for the traffic currently under inspection. Srcaddr shows the source of incoming traffic, or the address of the network interface for outgoing traffic. In the case of IPv4 addresses for network interfaces, it is always its private IPv4 address. Dstaddr shows the destination of outgoing traffic, or the address of the network interface for incoming traffic. In the case of IPv4 addresses for network interfaces, it is always its private IPv4 address. Srcport is the source port for the traffic under inspection. Dstport is the destination port for the traffic under inspection. Protocol refers to the corresponding IANA traffic protocol number . Packets describes the number of packets transferred. Bytes describes the number of bytes transferred. Start shows the start time when the first data packet was received. This could be up to one minute after the network interface transmitted or received the packet. End shows the time when the last data packet was received. This can be up to one minutes after the network interface transmitted or received the data packet. Action describes what happened to the traffic under inspection: ACCEPT means that traffic was allowed to pass. REJECT means the traffic was blocked, typically by security groups or NACLs. Log-status confirms the status of the flow log: OK means data is logging normally. NODATA means no network traffic to or from the network interface was detected during the specified interval. SKIPDATA means some flow log records are missing, usually due to internal capacity restraints or other errors. Going back to the example above, the flow log output shows that a user sent a command from a device with the IP address 203.0.113.12 to the network interface’s private IP address, which is 172.31.16.139. The security group’s inbound rules allowed the ICMP traffic to travel through, producing an ACCEPT record. However, the NACL did not let the ping response go through, because it is stateless. This generated the REJECT record that followed immediately after. If you configure your NACL to permit output ICMP traffic and run this test again, the second flow log record will change to ACCEPT. azon Web Services (AWS) is one of the most popular options for organizations looking to migrate their business applications to the cloud. It’s easy to see why: AWS offers high capacity, scalable and cost-effective storage, and a flexible, shared responsibility approach to security. Essentially, AWS secures the infrastructure, and you secure whatever you run on that infrastructure. However, this model does throw up some challenges. What exactly do you have control over? How can you customize your AWS infrastructure so that it isn’t just secure today, but will continue delivering robust, easily managed security in the future? The basics: security groups AWS offers virtual firewalls to organizations, for filtering traffic that crosses their cloud network segments. The AWS firewalls are managed using a concept called Security Groups. These are the policies, or lists of security rules, applied to an instance – a virtualized computer in the AWS estate. AWS Security Groups are not identical to traditional firewalls, and they have some unique characteristics and functionality that you should be aware of, and we’ve discussed them in detail in video lesson 1: the fundamentals of AWS Security Groups , but the crucial points to be aware of are as follows. First, security groups do not deny traffic – that is, all the rules in security groups are positive, and allow traffic. Second, while security group rules can be set to specify a traffic source, or a destination, they cannot specify both on the same rule. This is because AWS always sets the unspecified side (source or destination) as the instance to which the group is applied. Finally, single security groups can be applied to multiple instances, or multiple security groups can be applied to a single instance: AWS is very flexible. This flexibility is one of the unique benefits of AWS, allowing organizations to build bespoke security policies across different functions and even operating systems, mixing and matching them to suit their needs. Adding Network ACLs into the mix To further enhance and enrich its security filtering capabilities AWS also offers a feature called Network Access Control Lists (NACLs). Like security groups, each NACL is a list of rules, but there are two important differences between NACLs and security groups. The first difference is that NACLs are not directly tied to instances, but are tied with the subnet within your AWS virtual private cloud that contains the relevant instance. This means that the rules in a NACL apply to all of the instances within the subnet, in addition to all the rules from the security groups. So a specific instance inherits all the rules from the security groups associated with it, plus the rules associated with a NACL which is optionally associated with a subnet containing that instance. As a result NACLs have a broader reach, and affect more instances than a security group does. The second difference is that NACLs can be written to include an explicit action, so you can write ‘deny’ rules – for example to block traffic from a particular set of IP addresses which are known to be compromised. The ability to write ‘deny’ actions is a crucial part of NACL functionality. It’s all about the order As a consequence, when you have the ability to write both ‘allow’ rules and ‘deny’ rules, the order of the rules now becomes important. If you switch the order of the rules between a ‘deny’ and ‘allow’ rule, then you’re potentially changing your filtering policy quite dramatically. To manage this, AWS uses the concept of a ‘rule number’ within each NACL. By specifying the rule number, you can identify the correct order of the rules for your needs. You can choose which traffic you deny at the outset, and which you then actively allow. As such, with NACLs you can manage security tasks in a way that you cannot do with security groups alone. However, we did point out earlier that an instance inherits security rules from both the security groups, and from the NACLs – so how do these interact? The order by which rules are evaluated is this; For inbound traffic, AWS’s infrastructure first assesses the NACL rules. If traffic gets through the NACL, then all the security groups that are associated with that specific instance are evaluated, and the order in which this happens within and among the security groups is unimportant because they are all ‘allow’ rules. For outbound traffic, this order is reversed: the traffic is first evaluated against the security groups, and then finally against the NACL that is associated with the relevant subnet. You can see me explain this topic in person in my new whiteboard video: Schedule a demo Related Articles 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

The joint offering helps enterprises tighten their security posture, effectively mitigate Ransomware and other Cyberattacks and ensure long-term sustainability Deloitte and AlgoSec Partner to Establish a Joint Network Protection Transformation Solution for Enterprises The joint offering helps enterprises tighten their security posture, effectively mitigate Ransomware and other Cyberattacks and ensure long-term sustainability November 9, 2020 Speak to one of our experts RIDGEFIELD PARK, N.J., November 9, 2020 – The EMEA Telecom Engineering Centre of Excellence (TEE) of Deloitte (located in Portugal) and AlgoSec , the leading provider of business-driven network security management solutions, have entered into an alliance to establish a network protection transformation offer to safeguard clients against complex threats and attacks. The combined team will deliver, operate, and maintain a network protection offer with joint functions managed between Deloitte and AlgoSec. Deloitte TEE will focus on delivering business process transformation capabilities, business and technical advisory and project management to ensure reliability and sustainability on the proposed capabilities, while AlgoSec will provide technical support to customize, deploy and operate the tool to accelerate and automate the network security management, and ensure the offer is aligned with the business’ requirements. The Deloitte and AlgoSec joint offering provides a business-centric approach to network security management across the entire hybrid and multi-vendor environment. The solution offers comprehensive visibility across the network security environment and business applications, agile and secure policy change management via zero touch automation, and continuous compliance assurance. The offering also includes a Network Security Hardening Service, which begins to understand the Client’s network level of exposure, current vulnerabilities and the potential impact of network threats, before performing a transformation strategy to strengthen current capabilities and remediate network risks and vulnerabilities, followed by a Network Security Managed Service to monitor and guarantee long-term sustainability. Deloitte TEE will also become a reselling partner to support AlgoSec in the global market, using a structured offer model with advantages for the partnership and the client. Jade Kahn, AlgoSec CMO said: “Network protection should be a priority for companies to mitigate the damage caused by an increasing number of complex cyber threats. With an appropriate strategy in place, they can identify and contain threats before they are able to move freely across the network. We look forward to working alongside Deloitte and delivering value to its clients.” Pedro Tavares, Partner of Deloitte Portugal and responsible for the EMEA Telecom Engineering Centre of Excellence (TEE): “TEE focus is on delivering high value telecoms engineering consultancy services towards our customers, and under the ongoing digitalization wave and in the advent of 5G, setting up a Network Protection offer to ensure that this improvement in the connectivity, communication and user experience do not bring substantial business risks is a key stepping stone towards this strategy. We expect with this combined offer to support our clients in improving their network security, mitigating their network risks and enhancing their key Capabilities to ensure a sustainable transformation of their business”. About AlgoSec The leading provider of business-driven network security management solutions, AlgoSec helps the world’s largest organizations align security with their mission-critical business processes. With AlgoSec, users can discover, map and migrate business application connectivity, proactively analyze risk from the business perspective, tie cyber-attacks to business processes and intelligently automate network security changes with zero touch – across their cloud, SDN and on-premise networks. Over 1,800 enterprises, including 20 of the Fortune 50, have utilized AlgoSec’s solutions to make their organizations more agile, more secure and more compliant – all the time. Since 2005, AlgoSec has shown its commitment to customer satisfaction with the industry’s only money-back guarantee . All product and company names herein may be trademarks of their registered owners. Media Contacts:Tsippi Dach [email protected] Craig Coward Context Public [email protected] +44 (0)1625 511 966 Olga Neves Media Relations & External CommunicationsDeloitte PortugalTlm: (+351) 918 985 [email protected] About Deloitte Deloitte, us, we and our refer to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more.Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our global network of member firms and related entities in more than 150 countries and territories (collectively, the “Deloitte organization”) serves four out of five Fortune Global 500® companies. Learn how Deloitte’s more than 330,000 people make an impact that matters at www.deloitte.com . About EMEA Telecom Engineering Centre of Excellence (TEE) The EMEA Telecom Engineering Centre of Excellence (TEE) is an operational area specialized in telecom engineering services, managed by Deloitte Portugal, that offers engineering services for mobile, fixed and convergent telecom networks, service platforms and operating support systems (“OSS”) for the Europe, Middle East, Africa region (“EMEA”).

Level Up Your Security Game: Time for a Mindset Reset! Hey everyone, and welcome! If you're involved in keeping your organization safe online these days, you're in the right place. For years, security felt like building a super strong castle with thick walls and a deep moat, hoping the bad guys would just stay outside. But let's be real, in our multi-cloud world, that castle is starting to look a little... outdated. Think about it: your apps and data aren't neatly tucked away in one place... 5 mindset shifts security teams must adopt to master multi-cloud security Iris Stein 2 min read Iris Stein Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 4/9/25 Published Level Up Your Security Game: Time for a Mindset Reset! Hey everyone, and welcome! If you're involved in keeping your organization safe online these days, you're in the right place. For years, security felt like building a super strong castle with thick walls and a deep moat, hoping the bad guys would just stay outside. But let's be real, in our multi-cloud world, that castle is starting to look a little... outdated. Think about it: your apps and data aren't neatly tucked away in one place anymore. They're bouncing around on AWS, Azure, GCP, all sorts of platforms – practically everywhere! Trying to handle that with old-school security is like trying to catch smoke with a fishing net. Not gonna work, right? That's why we're chatting today. Gal Yosef, Head of Product Management in the U.S., gets it. He's helped us dive into some crucial mindset shifts – basically, new ways of thinking – that are essential for navigating the craziness of modern security. We gotta ditch the old ways and get ready to be more agile, work together better, and ultimately, be way more effective. Mindset Shift #1: From "Our Stuff is Safe Inside This Box" to "Trust Nothing, Verify Everything" Remember the good old days? We built a perimeter – firewalls, VPNs – thinking that everything inside was safe and sound (danger!). Security was all about guarding that edge. The Problem: Well, guess what? That world is gone! Multi-cloud environments have totally shattered that perimeter. Trying to just secure the network edge leaves your real treasures – your applications, users, and data – vulnerable as they roam across different clouds. It's like locking the front door but leaving all the windows wide open! The New Way: Distributed Trust. Security needs to follow your assets, wherever they go. Instead of just focusing on the infrastructure (the pipes and wires), we need to embrace Zero-Trust principles . Think of it like this: never assume anyone or anything is trustworthy, even if they're "inside." We need identity-based, adaptive security policies that constantly validate trust, rather than just assuming it based on location. Security becomes built into applications and workloads, not just bolted onto the network. Think of it this way: Instead of one big, guarded gate, you have individual, smart locks on every valuable asset. You're constantly checking who's accessing what, no matter where they are. It's like having a personal bodyguard for each of your important things, always making sure they have the right ID. Mindset Shift #2: From "My Team Handles Network Security, Their Team Handles Cloud Security" to "Let's All Be Security Buddies!" Ever feel like your network security team speaks a different language than your cloud security team? You're not alone! Traditionally, these have been separate worlds, with network teams focused on firewalls and cloud teams on security groups. The Problem: These separate silos are a recipe for confusion and fragmented security policies. Attackers? They love this! It's like having cracks in your armor. They aren't always going to bash down the front door; they're often slipping through the gaps created by this lack of communication. The New Way: Cross-functional collaboration. We need to tear down those walls! Network and cloud security teams need to work together, speaking a shared security language. Unified visibility and consistent policies across all your environments are key. Think of it like a superhero team – everyone has their own skills, but they work together seamlessly to fight the bad guys. Regular communication, shared tools, and a common understanding of the risks are crucial. Mindset Shift #3: From "Reacting When Something Breaks" to "Always Watching and Fixing Things Before They Do" Remember the old days of waiting for an alert to pop up saying something was wrong? That's like waiting for your car to break down before you even think about checking the oil. Not the smartest move, right? The Problem: In the fast-paced world of the cloud, waiting for things to go wrong is a recipe for disaster. Attacks can happen super quickly, and by the time you react, the damage might already be done. Plus, manually checking everything all the time? Forget about it – it's just not scalable when you've got stuff spread across multiple clouds. The New Way: Continuous & Automated Enforcement. We need to shift to a mindset of constant monitoring and automated security actions. Think of it like having a security system that's always on, always learning, and can automatically respond to threats in real-time. This means using tools and processes that continuously check for vulnerabilities, enforce security policies automatically, and even predict potential problems before they happen. It's like having a proactive security guard who not only watches for trouble but can also automatically lock doors and sound alarms the moment something looks fishy. Mindset Shift #4: From "Locking Everything Down Tight" to "Finding the Right Balance with Flexible Rules" We used to think the best security was the strictest security – lock everything down, say "no" to everything. But let's be honest, that can make it super hard for people to actually do their jobs! It's like putting so many locks on a door that nobody can actually get through it. The Problem: Overly restrictive security can stifle innovation and slow things down. Developers can get frustrated, and the business can't move as quickly as it needs to. Plus, sometimes those super strict rules can even create workarounds that actually make things less secure in the long run. The New Way: Flexible Guardrails. We need to move towards security that provides clear boundaries (the "guardrails") but also allows for agility and flexibility. Think of it like setting clear traffic laws – you know what's allowed and what's not, but you can still drive where you need to go. This means defining security policies that are adaptable to different cloud environments and business needs. It's about enabling secure innovation, not blocking it. We need to find that sweet spot where security empowers the business instead of hindering it. Mindset Shift #5: From "Security is a Cost Center" to "Security is a Business Enabler" Sometimes, security gets seen as just an expense, something we have to do but doesn't really add value. It's like thinking of insurance as just another bill. The Problem: When security is viewed as just a cost, it often gets underfunded or seen as a roadblock. This can lead to cutting corners and ultimately increasing risk. It's like trying to save money by neglecting the brakes on your car – it might seem cheaper in the short term, but it can have disastrous consequences later. The New Way: Security as a Business Enabler. We need to flip this thinking! Strong security isn't just about preventing bad things from happening; it's about building trust with customers, enabling new business opportunities, and ensuring the long-term resilience of the organization. Think of it like a strong foundation for a building – without it, you can't build anything lasting. By building security into our processes and products from the start, we can actually accelerate innovation and gain a competitive advantage. It's about showing our customers that we take their data seriously and that they can trust us. Wrapping Up: Moving to a multi-cloud world is exciting, but it definitely throws some curveballs at how we think about security. By adopting these five new mindsets, we can ditch the outdated castle mentality and build a more agile, collaborative, and ultimately more secure future for our organizations. It's not about being perfect overnight, but about starting to shift our thinking and embracing these new approaches. So, let's level up our security game together! Schedule a demo Related Articles 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Convergence has been claimed. Security orgs merged their teams, aligned their titles, and drew the new boxes on the whiteboard. The... Convergence didn’t fail, compliance did. Adel Osta Dadan 2 min read Adel Osta Dadan Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 6/17/25 Published Convergence has been claimed. Security orgs merged their teams, aligned their titles, and drew the new boxes on the whiteboard. The result: security teams are now responsible for both cloud and on-premises network environments. But for many of those teams, compliance is still running on fumes. The reporting lines changed. The responsibilities increased. The oversight? Still patchy. The systems? Still fragmented. And the ability to demonstrate consistent policy enforcement across hybrid environments—where compliance lives or dies—has never been more at risk. This isn’t an edge case. It’s structural. And it’s quietly putting every converged team in a bind. The illusion of control If convergence was supposed to simplify compliance, most teams missed the memo. Cloud-native controls don’t sync with on-prem rule sets. Application deployments move faster than the audits tracking them. Policies drift. Risk assessments stall out. And when the next audit comes knocking, security teams are left reconciling evidence after the fact—manually stitching together logs, policies, and screenshots across tools that don’t talk to each other. The result? Ownership without visibility. Policy without context. Responsibility without control. Compliance at the application layer—or nowhere Security and compliance are often treated as parallel tracks. But in hybrid environments, they’re the same problem. The more distributed your network, the more fragmented your enforcement—and the harder it becomes to map controls to real business risk. What matters isn’t whether a port is open. It’s whether the application behind it should be reachable from that region, that VPC, or that user. That requires context. And today, context lives at the application layer. This is where AlgoSec Horizon changes the equation. AlgoSec Horizon is the first platform built to secure application connectivity across hybrid networks—with compliance embedded by design. Horizon: compliance that knows what it’s looking at With Horizon, compliance isn’t an add-on. It’s the outcome of deep visibility and policy awareness at the level that actually matters: the business application. Our customers are using Horizon to: Automatically discover and map every business application—including shadow IT and unapproved flows Simulate rule changes in advance, avoiding deployment errors that compromise compliance Track and enforce policies in context, with real-time validation against compliance frameworks Generate audit-ready reports across hybrid networks without assembling data by hand It’s compliance without the swivel chair. And it’s already helping converged teams move faster—without giving up control. Compliance can’t be an after-thought. Security convergence wasn’t the mistake. Stopping at structure was. When compliance is left behind, the risk isn’t just audit failure—it’s operational drag. Policy friction. Delays in application delivery. Missed SLAs. Because the real impact of compliance gaps isn’t found in the SOC—it’s found in the business outcomes that stall because security couldn’t keep pace. Horizon closes that gap. Because in a world of converged teams and hybrid environments, security has to operate with complete visibility—and compliance has to work at the speed of the application. Schedule a demo Related Articles 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

AlgoSec’s incident response integration extends collaboration to add critical business context to incident information and automates threat remediation AlgoSec Introduces New Integration with IBM Resilient to Accelerate Incident Response AlgoSec’s incident response integration extends collaboration to add critical business context to incident information and automates threat remediation February 28, 2019 Speak to one of our experts Ridgefield Park, NJ (February 28, 2019) – AlgoSec , the leading provider of business-driven network security management solutions, today announced a new integration with the IBM® Resilient® Incident Response Platform (IRP), enabling organizations to tie security incidents and attacks directly to the business processes that could be impacted. AlgoSec’s integration provides security analysts with the ability to enrich the Resilient IRP with critical business and network context to immediately assess an incident’s potential business impact, and to prioritize and automate remediation efforts accordingly. Leveraging Resilient’s open application programming interfaces (API), the AlgoSec integration with Resilient allows joint users to: Quickly highlight in the Resilient dashboard which applications are impacted by an incident, and how business-critical those applications are Automatically associate security incidents with the applications, servers, network connectivity flows and security devices impacted by an attack Identify network connectivity to and from compromised servers, such as connectivity to the internet or to sensitive networks Automatically implement change requests to quickly isolate compromised servers from the rest of the network and the public Internet Get key insights to assist with cyber-threat forensics and compliance reporting With this new integration, security analysts can quickly reduce the impact of attacks on the business. The AlgoSec integration for the Resilient IRP helps block attempts at data exfiltration and makes it more difficult for hackers to move laterally within the network from affected servers. The integration helps organizations to streamline and accelerate their IR processes by automating time-consuming security changes and proactively analysing business risk. “SOC teams need to quickly sift through the volumes of complex alerts they receive each day, to identify the attacks that could affect key business processes and take action before they cause disruption and damage,” said Anner Kushnir, VP of Technology at AlgoSec. “The new AlgoSec integration with IBM Resilient enables joint customers to link cyber-attacks directly to the business applications that are being targeted, and then prioritize and automate their remediation efforts based on the attack’s severity and risk to the business –aligning incident response processes with the overall business strategy.” As part of this integration, AlgoSec has extended their offerings on the IBM Security App Exchange , a marketplace where developers across the industry can share applications based on IBM Security technologies. As threats are evolving faster than ever, collaborative development amongst the cyber community will help organizations adapt quickly and speed innovation in the fight against cybercrime. About AlgoSec The leading provider of business-driven network security management solutions, AlgoSec helps the world’s largest organizations align security with their mission-critical business processes. With AlgoSec, users can discover, map and migrate business application connectivity, proactively analyze risk from the business perspective, tie cyber-attacks to business processes and intelligently automate network security changes with zero touch – across their cloud, SDN and on-premise networks. Over 1,800 enterprises , including 20 of the Fortune 50, have utilized AlgoSec’s solutions to make their organizations more agile, more secure and more compliant – all the time. Since 2005, AlgoSec has shown its commitment to customer satisfaction with the industry’s only money-back guarantee. All product and company names herein may be trademarks of their registered owners. *** Media Contacts:Tsippi [email protected] Craig CowardContext Public [email protected] +44 (0)1625 511 966

The research found that organizations are prioritizing security, seamless integration, and compliance in hybrid cloud environments with Cisco, Palo Alto Networks, AWS and Microsoft Azure among the leaders The 2024 State of Network Security Report Reveals a Shift Towards Multi-Cloud Environments, with a 47% Increase in SD-WAN and 25% Uptick in SASE Adoption The research found that organizations are prioritizing security, seamless integration, and compliance in hybrid cloud environments with Cisco, Palo Alto Networks, AWS and Microsoft Azure among the leaders June 27, 2024 Speak to one of our experts RIDGEFIELD PARK, NJ, June 27, 2024 – Global cybersecurity leader AlgoSec has released its annual ‘The State of Network Security Report’ providing a broad view of network security in hybrid cloud environments, identifying the most popular strategies adopted by security professionals. The report sheds light on key market trends and highlights the solutions and technologies that are in demand and why, helping organizations to navigate the complexities of modern network security. Based on two comparative surveys conducted in H2 of 2022 and 2023, AlgoSec’s research evaluated market leaders including AWS, Microsoft Azure, Check Point, Palo Alto Networks, Cisco and more, identifying significant shifts in cloud platform adoption, deployment of firewalls and Software-Defined Wide Area Network (SD-WAN), as well as Secure Access Service Edge (SASE) implementation. Key findings from the report include: ● Security, continuity, and compliance driving cloud platform selection – When selecting a cloud platform, organizations prioritize seamless integration, compliance, and robust security features. While the overall adoption of cloud platforms has grown, the ranking of different vendors has remained relatively stable. Azure continues to be the most widely used platform, closely followed by AWS, which has shown the fastest pace of growth. ● The growing adoption of SD-WAN – The move towards remote working and cloud computing has been the catalyst for the increased deployment of SD-WAN, ensuring secure and reliable connections across multiple locations. That is reflected in the report, with a steep decline in the number of organizations that had no SD-WAN solution from 55.2% in 2022 to 34% in 2023. ● The rise in SASE adoption – With network infrastructures becoming more complex, SASE has become a popular solution for organizations, consolidating multiple security functions into a single, unified, cloud service. The report found the rate of SASE adoption has increased year-on-year, with notable growth of Zscaler implementation from 21.9% in 2022 to 37% in 2023, and Prisma access implementation from 16.2% in 2022 to 22.8% in 2023. ● The increasing importance of firewalls in cloud estates – With more businesses looking to secure corporate resources across complex cloud networks, firewall implementation has increased as a result, providing organizations with the means to safeguard against external threats. The rate of adoption has risen significantly, with only 7.1% of respondents saying they had no firewalls deployed in 2023 - a sharp drop from the 28.4% recorded in 2022. ● The persistence of hybrid networks – Despite the general shift towards cloud adoption, on-premise data centers and device rollouts remain a significant feature of the network landscape. “According to our research there has been greater adoption of cloud-based network security solutions across the board”, said Eran Shiff, VP Product of AlgoSec. “However, there is still progress to be made in the SD-WAN and SASE space. By identifying the key trends and the most popular solutions on the market, we can provide some much-needed clarity into the complex world of network security.” The full report can be accessed here . About AlgoSec AlgoSec, a global cybersecurity leader, empowers organizations to secure application connectivity and cloud-native applications throughout their multi-cloud and hybrid network. Trusted by more than 1,800 of the world’s leading organizations, AlgoSec’s application-centric approach enables secure acceleration of business application deployment by centrally managing application connectivity and security policies across the public clouds, private clouds, containers, and on-premises networks. Using its unique vendor-agnostic deep algorithm for intelligent change management automation, AlgoSec enables the acceleration of digital transformation projects, helps prevent business application downtime and substantially reduces manual work and exposure to security risks. AlgoSec’s policy management and CNAPP platforms provide a single source for visibility into security and compliance issues within cloud-native applications as well as across the hybrid network environment, to ensure ongoing adherence to internet security standards, industry, and internal regulations. Learn how AlgoSec enables application owners, information security experts, DevSecOps and cloud security teams to deploy business applications up to 10 times faster while maintaining security at https://www.algosec.com .