Search results

AlgoSec’s latest product release provides organizations with enhanced application connectivity visibility, effective security, and continuous compliance with the most recent regulations across their multi-cloud environments. Ensure up to date compliance and tighten your hybrid network security posture with AlgoSec A32.60 AlgoSec’s latest product release provides organizations with enhanced application connectivity visibility, effective security, and continuous compliance with the most recent regulations across their multi-cloud environments. September 13, 2023 Speak to one of our experts RIDGEFIELD PARK, N.J., September 13, 2023 – AlgoSec, a global cybersecurity leader, introduces AlgoSec A32.60, the latest in application connectivity security and compliance. AlgoSec A32.60 provides an effective solution for organizations to secure application connectivity in their hybrid and multi-cloud estate. A32.60 integrates cloud security visibility into AlgoSec’s security management platform and enables organizations to ensure ongoing compliance with industry regulatory standards. The key benefits that AlgoSec A32.60 delivers to network and security experts include: Enhanced visibility and security of north-south network traffic: New integration with Palo Alto Prisma Access, now encompassing mobile user policies within the Prisma access fabric. New integration and support for SD-WAN Versa Networks, offering extended visibility into network connectivity and an intuitive topology map. Ensuring ongoing regulatory compliance: Enhanced ISO 27001 report with the latest 2022 standards, allowing organizations to ensure alignment with the most current regulations. Integration of a new ECB (European Central Bank) regulations report, allowing companies to confidently navigate evolving compliance requirements. Integrating cloud security visibility into network security policy management: Expanded integration with Microsoft Azure firewall enables centralized visibility across both cloud and traditional firewalls, all within a single, unified management solution. New automation support for Fully Qualified Domain Name (FQDN) objects in Palo Alto Panorama, Fortinet FortiManager, and Check Point. This allows users to efficiently manage and secure their network resources while embracing the flexibility of cloud environments. About AlgoSec AlgoSec, a global cybersecurity leader, empowers organizations to secure application connectivity by automating connectivity flows and security policy, anywhere. The AlgoSec platform enables the world’s most complex organizations to gain visibility, reduce risk, achieve compliance at the application-level and process changes at zero-touch across the hybrid network. AlgoSec’s patented application-centric view of the hybrid network enables business owners, application owners, and information security professionals to talk the same language, so organizations can deliver business applications faster while achieving a heightened security posture. Over 1,800 of the world’s leading organizations trust AlgoSec to help secure their most critical workloads across public cloud, private cloud, containers, and on-premises networks. See what securely accelerating your digital transformation, move-to-cloud, infrastructure modernization, or micro-segmentation initiatives looks like at www.algosec.com

AlgoSec & Check Point AlgoSec seamlessly integrates with Check Points NGFWs to automate application and user aware security policy management and ensure that Check Points’ devices are properly configured. AlgoSec supports the entire security policy management lifecycle — from application connectivity discovery, through ongoing management and compliance, to rule recertification and secure decommissioning. Solution brief Cloudguard datasheet How to Check Point Regulatory compliance Learn how to prepare your Check Point devices for a regulatory audit Check Point Risk Assessment Learn how assess risk on your Check Point devices with AlgoSec Mapping your Network Visualize your complex network, including your Check Point devices, with a dynamic network topology map See how Check Point Users Can Benefit from AlgoSec Schedule time with one of our experts

Previous Part of the analysis is available here. Next Part of the analysis is available here. Update from 19 December 2020: ‍Prevasio... Cloud Security Sunburst Backdoor, Part II: DGA & The List of Victims Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 12/17/20 Published Previous Part of the analysis is available here . Next Part of the analysis is available here . Update from 19 December 2020: Prevasio would like to thank Zetalytics for providing us with an updated (larger) list of passive (historic) DNS queries for the domains generated by the malware. As described in the first part of our analysis, the DGA (Domain Generation Algorithm) of the Sunburst backdoor produces a domain name that may look like: fivu4vjamve5vfrtn2huov[.]appsync-api.us-west-2[.]avsvmcloud[.]com The first part of the domain name (before the first dot) consists of a 16-character random string, appended with an encoded computer’s domain name. This is the domain in which the local computer is registered. From the example string above, we can conclude that the encoded computer’s domain starts from the 17th character and up until the dot (highlighted in yellow): fivu4vjamve5vfrt n2huov In order to encode a local computer’s domain name, the malware uses one of 2 simple methods: Method 1 : a substitution table, if the domain name consists of small letters, digits, or special characters ‘-‘, ‘_’, ‘.’ Method 2 : base64 with a custom alphabet, in case of capital letters present in the domain name Method 1 In our example, the encoded domain name is “n2huov” . As it does not have any capital letters, the malware encodes it with a substitution table “rq3gsalt6u1iyfzop572d49bnx8cvmkewhj” . For each character in the domain name, the encoder replaces it with a character located in the substitution table four characters right from the original character. In order to decode the name back, all we have to do is to replace each encoded character with another character, located in the substitution table four characters left from the original character. To illustrate this method, imagine that the original substitution table is printed on a paper strip and then covered with a card with 6 perforated windows. Above each window, there is a sticker note with a number on it, to reflect the order of characters in the word “n2huov” , where ‘n’ is #1, ‘2’ is #2, ‘h’ is #3 and so on: Once the paper strip is pulled by 4 characters right, the perforated windows will reveal a different word underneath the card: “domain” , where ‘d’ is #1, ‘o’ is #2, ‘m’ is #3, etc.: A special case is reserved for such characters as ‘0’ , ‘-‘ , ‘_’ , ‘.’ . These characters are encoded with ‘0’ , followed with a character from the substitution table. An index of that character in the substitution table, divided by 4, provides an index within the string “0_-.” . The following snippet in C# illustrates how an encoded string can be decoded: static string decode_domain( string s) { string table = "rq3gsalt6u1iyfzop572d49bnx8cvmkewhj" ; string result = "" ; for ( int i = 0 ; i < s.Length; i++) { if (s[i] != '0' ) { result += table[(table.IndexOf(s[i]) + table.Length - 4 ) % table.Length]; } else { if (i < s.Length - 1 ) { if (table.Contains(s[i + 1 ])) { result += "0_-." [table.IndexOf(s[i + 1 ]) % 4 ]; } else { break ; } } i++; } } return result; } Method 2 This method is a standard base64 encoder with a custom alphabet “ph2eifo3n5utg1j8d94qrvbmk0sal76c” . Here is a snippet in C# that provides a decoder: public static string FromBase32String( string str) { string table = "ph2eifo3n5utg1j8d94qrvbmk0sal76c" ; int numBytes = str.Length * 5 / 8 ; byte [] bytes = new Byte[numBytes]; int bit_buffer; int currentCharIndex; int bits_in_buffer; if (str.Length < 3 ) { bytes[ 0 ] = ( byte )(table.IndexOf(str[ 0 ]) | table.IndexOf(str[ 1 ]) << 5 ); return System.Text.Encoding.UTF8.GetString(bytes); } bit_buffer = (table.IndexOf(str[ 0 ]) | table.IndexOf(str[ 1 ]) << 5 ); bits_in_buffer = 10 ; currentCharIndex = 2 ; for ( int i = 0 ; i < bytes.Length; i++) { bytes[i] = ( byte )bit_buffer; bit_buffer >>= 8 ; bits_in_buffer -= 8 ; while (bits_in_buffer < 8 && currentCharIndex < str.Length) { bit_buffer |= table.IndexOf(str[currentCharIndex++]) << bits_in_buffer; bits_in_buffer += 5 ; } } return System.Text.Encoding.UTF8.GetString(bytes); } When the malware encodes a domain using Method 2, it prepends the encrypted string with a double zero character: “00” . Following that, extracting a domain part of an encoded domain name (long form) is as simple as: static string get_domain_part( string s) { int i = s.IndexOf( ".appsync-api" ); if (i > 0 ) { s = s.Substring( 0 , i); if (s.Length > 16 ) { return s.Substring( 16 ); } } return "" ; } Once the domain part is extracted, the decoded domain name can be obtained by using Method 1 or Method 2, as explained above: if (domain.StartsWith( "00" )) { decoded = FromBase32String(domain.Substring( 2 )); } else { decoded = decode_domain(domain); } Decrypting the Victims’ Domain Names To see the decoder in action, let’s select 2 lists: List #1 Bambenek Consulting has provided a list of observed hostnames for the DGA domain. List #2 The second list has surfaced in a Paste bin paste , allegedly sourced from Zetalytics / Zonecruncher . NOTE: This list is fairly ‘noisy’, as it has non-decodable domain names. By feeding both lists to our decoder, we can now obtain a list of decoded domains, that could have been generated by the victims of the Sunburst backdoor. DISCLAIMER: It is not clear if the provided lists contain valid domain names that indeed belong to the victims. It is quite possible that the encoded domain names were produced by third-party tools, sandboxes, or by researchers that investigated and analysed the backdoor. The decoded domain names are provided purely as a reverse engineering exercise. The resulting list was manually processed to eliminate noise, and to exclude duplicate entries. Following that, we have made an attempt to map the obtained domain names to the company names, using Google search. Reader’s discretion is advised as such mappings could be inaccurate. Decoded Domain Mapping (Could Be Inaccurate) hgvc.com Hilton Grand Vacations Amerisaf AMERISAFE, Inc. kcpl.com Kansas City Power and Light Company SFBALLET San Francisco Ballet scif.com State Compensation Insurance Fund LOGOSTEC Logostec Ventilação Industrial ARYZTA.C ARYZTA Food Solutions bmrn.com BioMarin Pharmaceutical Inc. AHCCCS.S Arizona Health Care Cost Containment System nnge.org Next Generation Global Education cree.com Cree, Inc (semiconductor products) calsb.org The State Bar of California rbe.sk.ca Regina Public Schools cisco.com Cisco Systems pcsco.com Professional Computer Systems barrie.ca City of Barrie ripta.com Rhode Island Public Transit Authority uncity.dk UN City (Building in Denmark) bisco.int Boambee Industrial Supplies (Bisco) haifa.edu University of Haifa smsnet.pl SMSNET, Poland fcmat.org Fiscal Crisis and Management Assistance Team wiley.com Wiley (publishing) ciena.com Ciena (networking systems) belkin.com Belkin spsd.sk.ca Saskatoon Public Schools pqcorp.com PQ Corporation ftfcu.corp First Tech Federal Credit Union bop.com.pk The Bank of Punjab nvidia.com NVidia insead.org INSEAD (non-profit, private university) usd373.org Newton Public Schools agloan.ads American AgCredit pageaz.gov City of Page jarvis.lab Erich Jarvis Lab ch2news.tv Channel 2 (Israeli TV channel) bgeltd.com Bradford / Hammacher Remote Support Software dsh.ca.gov California Department of State Hospitals dotcomm.org Douglas Omaha Technology Commission sc.pima.gov Arizona Superior Court in Pima County itps.uk.net IT Professional Services, UK moncton.loc City of Moncton acmedctr.ad Alameda Health System csci-va.com Computer Systems Center Incorporated keyano.local Keyano College uis.kent.edu Kent State University alm.brand.dk Sydbank Group (Banking, Denmark) ironform.com Ironform (metal fabrication) corp.ncr.com NCR Corporation ap.serco.com Serco Asia Pacific int.sap.corp SAP mmhs-fla.org Cleveland Clinic Martin Health nswhealth.net NSW Health mixonhill.com Mixon Hill (intelligent transportation systems) bcofsa.com.ar Banco de Formosa ci.dublin.ca. Dublin, City in California siskiyous.edu College of the Siskiyous weioffice.com Walton Family Foundation ecobank.group Ecobank Group (Africa) corp.sana.com Sana Biotechnology med.ds.osd.mi US Gov Information System wz.hasbro.com Hasbro (Toy company) its.iastate.ed Iowa State University amr.corp.intel Intel cds.capilanou. Capilano University e-idsolutions. IDSolutions (video conferencing) helixwater.org Helix Water District detmir-group.r Detsky Mir (Russian children’s retailer) int.lukoil-int LUKOIL (Oil and gas company, Russia) ad.azarthritis Arizona Arthritis and Rheumatology Associates net.vestfor.dk Vestforbrænding allegronet.co. Allegronet (Cloud based services, Israel) us.deloitte.co Deloitte central.pima.g Pima County Government city.kingston. City of Kingston staff.technion Technion – Israel Institute of Technology airquality.org Sacramento Metropolitan Air Quality Management District phabahamas.org Public Hospitals Authority, Caribbean parametrix.com Parametrix (Engineering) ad.checkpoint. Check Point corp.riotinto. Rio Tinto (Mining company, Australia) intra.rakuten. Rakuten us.rwbaird.com Robert W. Baird & Co. (Financial services) ville.terrebonn Ville de Terrebonne woodruff-sawyer Woodruff-Sawyer & Co., Inc. fisherbartoninc Fisher Barton Group banccentral.com BancCentral Financial Services Corp. taylorfarms.com Taylor Fresh Foods neophotonics.co NeoPhotonics (optoelectronic devices) gloucesterva.ne Gloucester County magnoliaisd.loc Magnolia Independent School District zippertubing.co Zippertubing (Manufacturing) milledgeville.l Milledgeville (City in Georgia) digitalreachinc Digital Reach, Inc. deniz.denizbank DenizBank thoughtspot.int ThoughtSpot (Business intelligence) lufkintexas.net Lufkin (City in Texas) digitalsense.co Digital Sense (Cloud Services) wrbaustralia.ad W. R. Berkley Insurance Australia christieclinic. Christie Clinic Telehealth signaturebank.l Signature Bank dufferincounty. Dufferin County mountsinai.hosp Mount Sinai Hospital securview.local Securview Victory (Video Interface technology) weber-kunststof Weber Kunststoftechniek parentpay.local ParentPay (Cashless Payments) europapier.inte Europapier International AG molsoncoors.com Molson Coors Beverage Company fujitsugeneral. Fujitsu General cityofsacramento City of Sacramento ninewellshospita Ninewells Hospital fortsmithlibrary Fort Smith Public Library dokkenengineerin Dokken Engineering vantagedatacente Vantage Data Centers friendshipstateb Friendship State Bank clinicasierravis Clinica Sierra Vista ftsillapachecasi Apache Casino Hotel voceracommunicat Vocera (clinical communications) mutualofomahabanMutual of Omaha Bank Schedule a demo Related Articles 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

AlgoSec simplifies, automates, and orchestrates security policy management for Cisco devices and platforms to accelerate application delivery while ensuring security and continuous compliance across the enterprise Secure application
connectivity anywhere
on your Cisco environment AlgoSec simplifies, automates, and orchestrates security policy management for Cisco devices and platforms to accelerate application delivery while ensuring security and continuous compliance across the enterprise. Schedule a demo Features of our Cisco integrations Provision application connectivity Securely provision, manage, and decommission application connectivity. AlgoSec maps application requirements to the underlying network/cloud, speeding up delivery, reducing outages, and ensuring security and compliance across hybrid environments. See and understand complex network security policies AlgoSec simplifies security operations by providing visibility and analysis across virtual, cloud, and physical environments. Teams can optimize Cisco firewalls, routers, and SDN solutions for security, compliance, and operational efficiency. Automate security policy changes AlgoSec automates security policy changes and delivers hands-free policy push for Cisco devices. Intelligent workflows save time, reduce manual errors, and minimize risk for operations and security teams. Get the most out of your ACI investment AlgoSec provides unified security policy management across legacy, cloud, WAN, and ACI fabric, with full visibility and automation. It enables zero-touch changes by automating ACI contracts and firewall policies for seamless, end-to-end security management. Micro-segmentation and policy enforcement AlgoSec leverages Cisco Secure Workload and other data sources to discover application flows, generate whitelist policies, and enforce east-west filtering. It ensures consistent end-to-end implementation of micro-segmentation policy across the network for enhanced security. Ease the migration to firepower AlgoSec simplifies firewall migration to Cisco Firepower by automatically mapping, cleaning, and translating rulesets for zero-touch deployment. It also provides what-if risk analysis and detailed documentation of changes to ensure a smooth and secure migration. Cisco and AlgoSec partnership highlights AlgoSec is a Solutions Plus Partner with Cisco Cisco’s Co-Sell Partner of the Year EMEA-2024 Cisco Meraki Marketplace Tech Partner of the Month- November 2024 AlgoSec products can be purchased directly from the Cisco GPL AlgoSec has developed integrations across many Cisco Products including: Watch the latest Cisco and AlgoSec webinar Key Cisco use cases Risk management and audit Cisco ACI Customers can quickly identify and mitigate policy risks while ensuring compliance with regulatory requirements Download > Network segmentation Customers achieve successful network segmentation within Cisco ACI and network security devices with AlgoSec Download > Intelligent automation With AlgoSec, customers achieve 80% reduction in time spent handling policy changes, and 100% reduction with zero-touch automation Download > See how Cisco ACl users benefit from AlgoSec Intelligent Automation for Cisco ACI contracts Policy migration example from VMWare NSX-T distributed firewall policies to Cisco ACI contracts Modernize your network and harness the power of nexus & Cisco ACI with AlgoSec Cisco baseline compliance AlgoSec's optimization of cisco firewall policies Cisco regulatory compliance Resource AlgoSec Security Management Solution for Cisco ACI and Cisco Nexus Dashboard Download the Cisco Solution Overview > Case Study-NCR Download it now > Product video- Policy portability with AlgoSec – enabling migration into CISCO ACI Watch it now > Schedule time with one of our experts Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Explore Algosec's customer success stories to see how organizations worldwide improve security, compliance, and efficiency with our solutions. Arcon Maintains Security Across Diverse Customer Networks With AlgoSec Organization ARCON Industry Financial Services Headquarters Rio de Janeiro, Brazil Download case study Share Customer
success stories "Using AlgoSec is a double benefit to us because we can reduce the cost and number of errors in our daily operation and also expand our offerings to our customers" Global Managed Services Company Optimizes Firewall Policies and Reduces Risks AlgoSec Business Impact • Improve security and assure compliance of its customers • Deliver comprehensive reports • Reduce costs and misconfiguration errors • Expand offerings to Arcon’s customers Background Founded in 1995, Arcon is the leading MSSP in Brazil. The company operates facilities in Rio de Janeiro, Sao Paulo, Brasília, Flórida, Salvador and Belém, managing the networks of many of Brazil’s top 100 companies, including banks, retailers, manufacturers and telecom companies. Arcon protectsmore than 600,000 users across five continents and processes more than one billion transactions each day. In addition to strategic management of IT security, Arcon protects data, servers, workstations and mobile devices and helps customers identify and control access to their systems. The company also evaluates risks in applications and provides technology infrastructure to support its customers’ businesses. Challenge Arcon provides security services to hundreds of other companies, including major retailers and banks, which require the tools that enable it to rapidly identify compliance issues and assess risks associated with network configurations. It must also be able to determine how to best optimize customers’ security policies and track changes made to firewall rules. With so many customers and service level agreements that require near immediate responses, Arcon needed visibility across the networks it manages and into reports allowing them to quickly find and fix issues and to counsel customers on changes that would improve their systems’ security. Solution Flavio Carvalho, the Security Management Services Director at Arcon, was charged with maintaining security across its own network, as well as diverse customers’ networks. Carvalho and his team selected the AlgoSec Security Management solution. “The combination of ease-of-use and the value add of AlgoSec’s reports, the ability to manage different technologies from multiple vendors, the cost per device managed, and the visibility across customer’s networks were key for us,” comments Carvalho.The quality of the AlgoSec’s reports clinched the deal. “With AlgoSec, we can quickly and easily provide PCI compliance reports to our customers, including banks and large retail stores. The excellent quality of the reports adds value to the services we manage for them,” says Carvalho. Results Arcon’s clients expect regular updates on the security of their networks — including recommendations for policy optimization, risk mitigation strategies, compliance verification and the impact of rule changes. “It would be impossible for us to deliver all of these in monthly reports without AlgoSec,” Carvalho notes. We have a big retail customer with SLAs of just one hour. “With AlgoSec we have been able to meet these SLAs much more easily than before. A report that previously took a day to generate can now be completed in a few minutes at the click of a button,” Carvalho notes.Shortly after implementation, Arcon’s experience with one large bank customer validated their decision to use AlgoSec — and made their customer very happy. “Our customer was under pressure because of high CPU utilization in their main firewall cluster,” explains Carvalho. “They needed us to investigate what was going on and to solve the issue as quickly and cost-effectively as possible. Using AlgoSec, we were able to easily identify a series of duplicate and poorly-written rules that were causing the trouble, and we solved the problem at no cost to the customer.”“Using AlgoSec is a double benefit to us because we can reduce the cost and number of errors in our daily operations and also expand our offerings to our customers,” adds Carvalho. “It’s easy to work with AlgoSec, as we have a direct contact and an excellent AlgoSec support team, which is always available to help us when necessary” concludes Carvalho. Schedule time with one of our experts

BSI Compliance German FINAL Download PDF Schedule time with one of our experts Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Sunburst Backdoor A deeper look into The SolarWinds’ Supply Chain Malware Download PDF Schedule time with one of our experts Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Learn how to move applications to the cloud seamlessly. Explore best practices for cloud migration, minimizing downtime, and optimizing your cloud environment Cloud migration: How to move applications to the cloud ---- ------- Schedule a Demo Select a size ----- Get the latest insights from the experts Choose a better way to manage your network

Palo Alto and AlgoSec Integration Guide Download PDF Schedule time with one of our experts Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Given the benefits of a micro segmentation strategy, it is worth understanding how to navigate these common challenges, and move towards a more consolidated, secure network Webinars Rescuing Your Network with Micro-Segmentation Cybersecurity has turned into a top priority as hackers grow more sophisticated. Micro-segmentation is a protective measure that allows you to put in gateways separating specific areas. This buffer can serve as a major deterrent keeping criminals from attacking sensitive data, and providing you with the ability to minimize the damage caused by unauthorized intrusions. It can also help with detection of weak points which expose your network to breaches. Join our panel of experts to learn how to plan and build your micro-segmentation strategy while avoiding common pitfalls along the way. In this session, we will discuss: The basics of micro-segmentation and it can help your network Why today’s environment has contributed to a greater need for micro-segmentation How to spot and avoid critical errors that can derail your micro-segmentation implementation July 5, 2021 Alex Hilton Chief Executive at Cloud Industry Forum (CIF) Prof. Avishai Wool CTO & Co Founder AlgoSec Relevant resources Building a Blueprint for a Successful Micro-segmentation Implementation Keep Reading Micro-Segmentation Implementation - Taking the Leap from Strategy to Execution Keep Reading Micro-segmentation – from strategy to execution Keep Reading Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Ensure your network security is up to par with a comprehensive firewall audit checklist. Review and optimize security policy rules to prevent vulnerabilities. Firewall audit checklist for security policy rules review ---- ------- Schedule a Demo Select a size ----- Get the latest insights from the experts Choose a better way to manage your network

Security policy management for the hybrid cloud environment Download PDF Schedule time with one of our experts Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue