Search results

Explore Algosec's customer success stories to see how organizations worldwide improve security, compliance, and efficiency with our solutions. Nationwide Organization Nationwide Industry Financial Services Headquarters Columbus Ohio, USA Download case study Share Customer
success stories AlgoSec delivers an application-centric solution to meet the network security challenges of one of the top financial services firms in the US. To learn more, go to https://algosec.com/ Schedule time with one of our experts

Webinars Beyond Connectivity: A Masterclass in Network Security with Meraki & AlgoSec Learn details of how to overcome common network security challenges, how to streamline your security management, and how to boost your security effectiveness with AlgoSec and Cisco Meraki’s enhanced integration. This webinar highlights real-world examples of organizations that have successfully implemented AlgoSec and Cisco Meraki solutions. January 18, 2024 Relevant resources Cisco Meraki – Visibility, Risk & Compliance Demo Watch Video 5 ways to enrich your Cisco security posture with AlgoSec Watch Video Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Security Policy Management with Professor Wool Advanced Cyber Threat and Incident Management Advanced Cyber Threat and Incident Management is a whiteboard-style series of lessons that examine some of the challenges and provide technical tips for helping organizations detect and quickly respond to cyber-attacks while minimizing the impact on the business. Lesson 1 SIEM solutions collect and analyze logs generated by the technology infrastructure, security systems and business applications. The Security Operations Center (SOC) team uses this information to identify and flag suspicious activity for further investigation. In this lesson, Professor Wool explains why it’s important to connect the information collected by the SIEM with other databases that provide information on application connectivity, in order to make informed decisions on the level of risk to the business, and the steps the SOC needs to take to neutralize the attack. How to bring business context into incident response Watch Lesson 2 In this lesson Professor Wool discusses the need for reachability analysis in order to assess the severity of the threat and potential impact of an incident. Professor Wool explains how to use traffic simulations to map connectivity paths to/from compromised servers and to/from the internet. By mapping the potential lateral movement paths of an attacker across the network, the SOC team can, for example, proactively take action to prevent data exfiltration or block incoming communications with Command and Control servers. Bringing reachability analysis into incident response Watch Have a Question for Professor Wool? Ask him now Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Tsippi Dach, Director of Communications at AlgoSec, explores what happened during this past summer’s Fastly outage, and explores how your... Application Connectivity Management The great Fastly outage Tsippi Dach 2 min read Tsippi Dach Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 9/29/21 Published Tsippi Dach, Director of Communications at AlgoSec, explores what happened during this past summer’s Fastly outage, and explores how your business can protect itself in the future. The odds are that before June 8th you probably hadn’t heard of Fastly unless you were a customer. It was only when swathes of the internet went down with the 503: Service Unavailable error message that the edge cloud provider started to make headlines . For almost an hour, sites like Amazon and eBay were inaccessible, costing millions of dollars’ worth of revenue. PayPal, which processed roughly $106 million worth of transactions per hour throughout 2020, was also impacted, and disruption at Shopify left thousands of online retail businesses unable to serve customers. While the true cost of losing a significant portion of the internet for almost one hour is yet to be tallied, we do know what caused it. What is Fastly and why did it break the internet? Fastly is a US-based content distribution network (CDN), sometimes referred to as an ‘edge cloud provider.’ CDNs relieve the load on a website’s servers and ostensibly improve performance for end-users by caching copies of web pages on a distributed network of servers that are geographically closer to them. The downside is that when a CDN goes down – due to a configuration error in Fastly’s case – it reveals just how vulnerable businesses are to forces outside of their control. Many websites, perhaps even yours, are heavily dependent on a handful of cloud-based providers. When these providers experience difficulties, the consequences for your business are amplified ten-fold. Not only do you run the risk of long-term and costly disruption, but these weak links can also provide a golden opportunity for bad actors to target your business with malicious software that can move laterally across your network and cause untold damage. How micro-segmentation can help The security and operational risks caused by these outages can be easily mitigated by implementing plans that should already be part of an organization’s cyber resilience strategy. One aspect of this is micro-segmentation , which is regarded as one of the most effective methods to limit the damage of an intrusion or attack and therefore limit large-scale downtime from configuration misfires and cyberattacks. Micro-segmentation is the act of creating secure “zones” in data centers and cloud deployments that allow your company to isolate workloads from one another. In effect, this makes your network security more compartmentalized, so that if a bad actor takes advantage of an outage in order to breach your organization’s network, or user error causes a system malfunction, you can isolate the incident and prevent lateral impact. Simplifying micro-segmentation with AlgoSec Security Management Suite The AlgoSec Security Management Suite employs the power of automation to make it easy for businesses to define and enforce their micro-segmentation strategy, ensuring that it does not block critical business services, and also meets compliance requirements. AlgoSec supports micro-segmentation by: Mapping the applications and traffic flows across your hybrid network Identifying unprotected network flows that do not cross any firewall and are not filtered for an application Automatically identifying changes that will violate the micro-segmentation strategy Ensuring easy management of network security policies across your hybrid network Automatically implementing network security policy changes Automatically validating changes Generating a custom report on compliance with the micro-segmentation policy Find out more about how micro-segmentation can help you boost your security posture, or request your personal demo . Schedule a demo Related Articles Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Convergence didn’t fail, compliance did. Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Devopsifying Network Security Download PDF Schedule time with one of our experts Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Application Segmentation with Cisco Secure Workload and AlgoSec Download PDF Schedule time with one of our experts Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Learn how to move applications to the cloud seamlessly. Explore best practices for cloud migration, minimizing downtime, and optimizing your cloud environment Cloud migration: How to move applications to the cloud Introduction Responsiveness to the ever-growing demand coming from the business is redefining IT processes and technologies. One way IT can improve responsiveness and business agility is by moving business applications to the cloud. In the cloud, businesses increase their agility while reducing costs. But in the process of migrating applications to the cloud, network security is often neglected. When this happens, applications are deployed in the cloud with inadequate security and compliance measures, or, conversely, the security team steps in and halts the migration process. This puts the company at risk. On the one hand, inadequate security makes it easier for hackers to access the network and mount an attack against the company – exposing the company to financial losses and legal repercussions. On the other hand, if the business is unable to respond to market demands in a timely fashion, there are clear financial implications. In this paper, we take a deep dive into the process that enterprise organizations take when approaching a migration project. We look at the challenges associated with migration projects and discuss a systematic process that organizations should embrace when approaching these types of projects. Schedule a Demo Advantages and security challenges of the cloud There are multiple advantages to adopting a cloud architecture and migrating applications to it, but there are also security concerns that need to be taken into consideration. Below are the top four advantages and the security challenge that accompanies each. Security and data protection When adopting public cloud computing, data itself is much more accessible, no matter where it is located. Users can access the data they need from any location and device. An additional benefit relates to disaster recovery processes that include out-of-the-box backup and restore functionality. In the cloud, there is a need to maintain additional servers in a remote location. However, these advantages do not come without a cost. Once the data is no longer kept on-premises, security must be tightened. The closed garden we had when data resided on servers protected by firewalls in our facilities, is gone. Additional security controls must be employed. Special consideration should be given to upholding regulatory requirements regarding the data itself. There are best practices to uphold, as well as financial penalties if organizations do not comply with them. Business agility Spinning up a server in the cloud is a matter of minutes. Cloud computing is considered an enabler for digital transformation, as businesses work to be more agile and accommodating to their customers’ needs. All you need is a credit card. No hardware is required to be purchased, shipped or connected to your data center. The ease of spinning up a new cloud server makes shadow IT possible. But this is also a security problem. It is hard to control the security aspect of each cloud server if you are unaware of it. Therefore, visibility and strong prefrail security measures such as identity management and cloud firewalls that protect access from the internet, are needed. For each cloud server, you need to set an allowed connectivity baseline and incorporate it into the sever creation process. Financial benefits The cloud offers zero maintenance costs and zero capital costs. Additional financial gains should be taken into consideration such as the reduction in IT support costs and the flexibility offered by cloud server usage of paying only for what you consume. This means you don’t have to purchase expensive hardware needed during peak times only. Of course, there are also hidden costs when migrating to the cloud. Usage needs to be monitored and optimized and your cloud assets need to be monitored and maintained. Additional security measures need to be put in place. This includes purchasing additional software as well as hiring additional personnel proficient in securing a cloud architecture. Faster time to market The cloud, coupled with DevOps practices and tools, delivers a flexible framework that enables companies to deliver innovations faster to market. However, there are lingering questions about the impact on security. With multiple functional teams collaborating on development, and so many moving parts in the process, security is often not incorporated into the release process. Rather it’s tacked on at the end. And this is where you need a security policy automation that supports the DevOps methodology. The solution needs to be able to automatically copy the firewall rules and then make the necessary modifications to map rules to the new objects – for each new environment in the DevOps lifecycle. With the right automation solution, security can be baked into the release process. Get a Demo Schedule a Demo The shared responsibility model Public cloud security is the responsibility of both the cloud vendor and cloud customers. This joint ownership of security is often called the shared responsibility model. On one side you have security of the cloud infrastructure itself. Security OF the cloud The cloud vendor is responsible for securing the infrastructure that runs all the services offered in the cloud. This includes both software-related services such as compute, storage, database, and networking as well as hardware services. The cloud vendor is also responsible for securing the physical facilities themselves. On the other side, you have security within the cloud accounts. Security IN the cloud Cloud customers are responsible for the security of the services they consume. For example, when using Amazon Elastic Compute Cloud (Amazon EC2) the customer needs to perform all the necessary security configuration and management tasks. Any software or utility that the customer installs should be followed by configuring all relevant security controls, including security groups, third-party firewalls and other necessary security configurations. Cloud customers are responsible for managing and securing the data that resides in the consumed cloud service. Figure 1: Shared responsibility model Schedule a Demo Cloud network security controls Data center network security is already quite complex. Customers generally utilize multiple vendors to manage their network security, including SDNs, such as Cisco ACI and VMWare NSX. Adding cloud network security controls to the mix raises the complexity up several notches. Cloud network security consists of multi-layered security controls. You have the cloud vendor infrastructure controls spanning across asset types, such as instances, databases, storage, and accounts; and across configuration types, such as deployment location, security groups, and more. You also have cloud providers’ security products, such as Azure Firewall and AWS WAF. And on top all of that, third-party vendors have not left the cloud network security controls ring and are providing dedicated firewalls for the cloud, such as CloudGuard by Check Point, V-Series by Palo Alto Networks and more. When migrating an application to the cloud it is important to determine how you are going to guard your cloud assets. What mix of security controls are you going to utilize to secure your data? Schedule a Demo Visibility into what you have is key for cloud migration Gain visibility into which applications your organization has Obtaining an inventory of applications is the foundation of your security and essential for your cloud migration. The process of discovering all the applications used by your business is not a trivial task. Most businesses have two types of applications – enterprise and departmental. Enterprise applications, which are the more complex applications in your data center, usually serve many business units and can span multiple geographies and even company subsidiaries. In most cases, the IT team is well-aware of them. While documentation of these applications and their connectivity requirements may not be perfect, that is a good starting point for the migration process. Note that there may still be a need to update the documentation. Many departments or business units purchase their department applications such as Business Intelligence solutions or project management tools. Some of these applications may be SaaS while others are installed on corporate servers. For these types of applications, it is likely that documentation never existed. Fortunately, in most cases, their architecture isn’t complex. It should be relatively easy to obtain the necessary connectivity information needed to migrate them to the cloud. The key here is to know that these applications exist. There are two ways to generate a list of applications. The first requires using consultants to conduct thorough interviews with the various stakeholders in each department and each geography. A second, more cost-effective and efficient way, is to use visibility and automation solutions such as AlgoSec’s AppViz and AppChange. Tools like AlgoSec’s AppViz help discover, identify, and map business applications on your network. Once the list of applications – the foundation – is in place, you can move onto the next stage in the process of closing the security gap as you migrate to the cloud: understanding each application’s attributes, such as the number of servers, the associated business processes and the network connectivity requirements. These attributes help determine the complexity involved in migrating applications. Gain visibility into your current network and its security elements Several attributes can affect the complexity of migrating an application to the cloud, including the application’s network connectivity requirements and the firewall rules that allow/deny that connectivity. A mapping of the network connectivity yields a deeper understanding of network traffic complexity which, in turn, provides insight into the flows you will need to migrate and maintain with the application in the cloud (see Figure 2). Additionally, this information will tell you how many applications are dependent on a specific server. The more applications a server serves, the harder it is to migrate one of them. It may be necessary to migrate the server itself or to migrate multiple applications at the same time. Mapping the firewall rules provides insight into the security measures you will need to put in place once the application has been migrated to the cloud. As a rule of thumb, the more firewall rules are required, the greater the complexity. A mapping of the firewall rules enables you to identify and decommission firewall rules that are no longer necessary post-migration. How do you generate documentation of application connectivity? The obvious choice is to employ a solution that automatically maps the various network traffic flows, servers and firewall rules for each application. If you do not have access to such an automation solution, then manual documenting, however tedious, will provide the necessary information. Schedule a Demo Which applications should I move first? Applications that store data about personal information When an application holds sensitive data such as personal information it is worth thinking twice before moving it to the cloud. In most cases, data privacy laws mandate where personal data should be stored, and when the information can be collected, processed, or communicated. Over 80 countries and territories have adopted comprehensive data protection laws. Most of Europe has already adopted comprehensive data protection laws such as GDPR. Many Latin American, Asian, and African countries have done so as well. Many US states also have data protection regulations such as the California Consumer Privacy Act and the New York SHIELD Act. It is worthwhile checking what is legally allowed before moving such an application to a cloud, as well as considering the cloud’s geographical location. Highly-regulated applications An additional issue to look out for is whether the application is subject to regulatory requirements such as HIPPA or requires PCI DSS compliance. If the answer is yes, you must find out the security compliance status of that application and whether moving it to the cloud would violate that status. HIPPA, for example, requires accountability practices on all LANs, WANs, and for users accessing the network remotely through a Virtual Private Network (VPN). PCI compliance requires, for example, a firewall at each internet connection and between any DMZ and the internal network zone. Applications subject to these and similar regulations are not the best candidates, to say the least, for migration to the cloud. Applications already exposed to the internet On the other hand, if an application has elements that are already exposed to the internet, such as the web server in Figure 2 below, that’s a good indication that maybe some of it, if not all, can be moved to the cloud for the elasticity and cost savings gain. For these applications, you have most probably already implemented strong security inside the application server, backed with strong security limitations in front of and behind the web-facing interface. Adopting these strong limitations also when moving the workload to the cloud will ensure the security of the server and of the internal network behind it. Using network segmentation as a guide Finally, if you manage your network segmentation correctly, the servers and applications that reside in the less isolated zones are the best candidates for moving to the more open cloud. For example, applications and servers in a zone with only one firewall that acts as a barrier between the zone and the internet are good candidates for migration. Whereas entities in protected zones such as server group 1 in Figure 2, which reside behind several firewalls, should remain in your on-premise data center. Figure 2: Network segmentation Schedule a Demo Migration is only the beginning Whether you move all your applications to the cloud or just a few of them, and whether you use one or multiple cloud vendors, you now need to manage and maintain security and compliance in the cloud just as you did in your on-premise network over which you have complete control. Establishing a route from a server in the cloud to a server on the on-premise network requires an intimate understanding of both the cloud security controls and the on-premise security devices. If there are separate cloud and on-premise network security teams, as is the norm in many businesses, collaboration between the teams is needed which, of course, adds its own complexity. Once applications are deployed in the cloud, you will likely want to be able to move between cloud providers ‘at the speed of the cloud’ to avoid vendor lock-in and to minimize costs. While you might be led to believe that this is a simple requirement, in reality each cloud provider has its own unique network security controls with which you need to familiarize yourself. There are several ways to manage security across the hybrid cloud environment. You can manage the environment manually, which is slow, time-consuming, and error-prone. You can use the cloud provider’s native controls to manage the cloud network security in addition to the existing tools and methodology you currently use for your on-premise environment. However, bear in mind that cloud security controls do not provide a holistic view of security across your entire estate and their limited capabilities may not sufficiently support your business’s security posture. Alternatively, there are third party automated network security policy management solutions that span the entire hybrid environment, which can assist in managing your entire network security. Schedule a Demo Migrate with AlgoSec The AlgoSec platform makes it easy to support your cloud migration journey, ensuring that migration does not block critical business services while meeting compliance requirements. AlgoSec’s powerful Application Discovery capabilities help you understand the network flows in your organization. You can effectively connect the recognized traffic flows to the business applications that use them. AlgoSec manages the network security policy across your hybrid network estate and proactively checks every proposed firewall rule change request against your network security strategy to ensure that the change doesn’t introduce risk or violate compliance requirements. Schedule a Demo About AlgoSec AlgoSec, a global cybersecurity leader, empowers organizations to secure application connectivity and cloud-native applications throughout their multi-cloud and hybrid network. Trusted by more than 1,800 of the world’s leading organizations, AlgoSec’s application-centric approach enables to securely accelerate business application deployment by centrally managing application connectivity and security policies across the public clouds, private clouds, containers, and on-premises networks. Using its unique vendor-agnostic deep algorithm for intelligent change management automation, AlgoSec enables acceleration of digital transformation projects, helps prevent business application downtime and substantially reduces manual work and exposure to security risks. AlgoSec’s policy management and CNAPP platforms provide a single source for visibility into security and compliance issues within cloud-native applications as well as across the hybrid network environment, to ensure ongoing adherence to internet security standards, industry, and internal regulations. Learn how AlgoSec enables application owners, information security experts, DevSecOps and cloud security teams to deploy business applications up to 10 times faster while maintaining security at www.algosec.com . Let's start your journey to our business-centric network security. Schedule a Demo Select a size Introduction Advantages and security challenges of the cloud The shared responsibility model Cloud network security controls Visibility into what you have is key for cloud migration Which applications should I move first? Migration is only the beginning Migrate with AlgoSec About AlgoSec Get the latest insights from the experts Choose a better way to manage your network

In our previous post we have provided some details about a new fork of Kinsing malware, a Linux malware that propagates across... Cloud Security Router Honeypot for an IRC Bot Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. glibc_2 Tags Share this article 9/13/20 Published In our previous post we have provided some details about a new fork of Kinsing malware, a Linux malware that propagates across misconfigured Docker platforms and compromises them with a coinminer. Several days ago, the attackers behind this malware have uploaded a new ELF executable b_armv7l into the compromised server dockerupdate[.]anondns[.]net . The executable b_armv7l is based on a known source of Tsunami (also known as Kaiten), and is built using uClibc toolchain: $ file b_armv7l b_armv7l: ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, with debug_info, not stripped Unlike glibc , the C library normally used with Linux distributions, uClibc is smaller and is designed for embedded Linux systems, such as IoT. Therefore, the malicious b_armv7l was built with a clear intention to install it on such devices as routers, firewalls, gateways, network cameras, NAS servers, etc. Some of the binary’s strings are encrypted. With the help of the HexRays decompiler , one could clearly see how they are decrypted: memcpy ( &key, "xm@_;w,B-Z*j?nvE|sq1o$3\"7zKC4ihgfe6cba~&5Dk2d!8+9Uy:" , 0x40u ) ; memcpy ( &alphabet, "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ. " , 0x40u ) ; for ( i = 0; i < = 64; ++i ){ if ( encoded [ j ] == key [ i ]) { if ( psw_or_srv ) decodedpsw [ k ] = alphabet [ i ] ; else decodedsrv [ k ] = alphabet [ i ] ; ++k; }} The string decryption routine is trivial — it simply replaces each encrypted string’s character found in the array key with a character at the same position, located in the array alphabet. Using this trick, the critical strings can be decrypted as: Variable Name Encoded String Decoded String decodedpsw $7|3vfaa~8 logmeINNOW decodedsrv $7?*$s7

Best practices for network security governance in AWS and hybrid network environments Webinars Achieving Visibility and Security in AWS and across the Hybrid Network | AWS & AlgoSec Joint Webinar As enterprises rapidly migrate data and applications to public clouds such as Amazon Web Services (AWS), they achieve many benefits, including advanced security capabilities, but also face new security challenges. AWS lets organizations operate applications in a hybrid deployment mode by providing multiple networking capabilities. To maintain an effective security posture while deploying applications across complex hybrid network environments, security professionals need a holistic view and control from a single source. Yet, security isn’t just the responsibility of the cloud providers alone. Organizations need to understand the shared responsibility model and their role in maintaining a secure deployment. While AWS’s cloud framework is secured by AWS, the challenge of using the cloud securely is the responsibility of your organization’s IT and CISOs. As multiple DevOps and IT personnel make frequent configuration changes, the shared responsibility model helps achieve visibility and maintain cloud security. In this webinar, Yonatan Klein, AlgoSec’s Director of Product, and Ram Dileepan, Amazon Web Service’s Partner Solutions Architect, will share best practices for network security governance in AWS and hybrid network environments. January 22, 2020 Yonatan Klein irector of Product Management Relevant resources Migrating Business Applications to AWS? Tips on Where to Start Keep Reading Extending Network Security Visibility and Control into AWS Keep Reading Combining Security Groups and Network ACLs to Bypass AWS Capacity Limitations Watch Video Change Management, Auditing and Compliance in an AWS Hybrid Environment Watch Video Advanced Security, Visibility & Management For Aws Clouds Read Document AWS Security Fundamentals: Dos and Don’ts Keep Reading Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Migrate Application Connectivity to the Cloud Download PDF Schedule time with one of our experts Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue