Search results

With AlgoSec you will manage your network security confidently, no matter where your network lives Gain complete visibility, automate changes, and always be compliant Looking for a Firemon alternative? Switch To AlgoSec & Securely Accelerate Your Application Delivery Easily visualize and manage application connectivity and security policy across your entire hybrid network estate Schedule a demo See how AlgoSec stacks up against Firemon Key Capabilities Business App Vulnerability & FW Rules Firewall Automation Custom policy rule documentation Integration with SIEM systems Cloud Security Integration IaC Risk Analysis Bid Goodbye To Firemon & Get Started With AlgoSec Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue Trusted by over 2,200 organizations since 2004 Based on hundreds reviews on G2.com
Crowd & PeerSpot Reviews

Discover Prevasio by AlgoSec, the AI-driven cloud security platform offering visibility, automatic threat detection, and robust protection for cloud applications. Prevasio: Secure your cloud applications from every angle Schedule a demo Prevasio: Your application-first cloud security solution Cut through the noise and prioritize what matters most. Prevasio, AlgoSec's AI-powered platform automatically discovers, maps, and protects your cloud applications, delivering unparalleled visibility and actionable insights to secure your business in the digital age. Prevasio allows you to address specific needs within your cloud infrastructure: Deep dive into your multi-cloud environment, uncovering hidden misconfigurations, vulnerabilities, and dynamic threats across all your resources Prevasio prioritizes critical security alerts, so you can protect your most valuable applications and eliminate wasted effort Uncover every cloud resource, understand every cloud app Don't let misconfigurations compromise your cloud Prevasio offers an application-first approach to cloud security, covering various aspects of your cloud environment: Cloud security posture management (CSPM) Gain comprehensive cloud visibility Prevasio CSPM provides a holistic view of your cloud or multi-cloud environment (AWS, Azure, GCP), including assets, configurations, and potential security risks. For example, visualize your AWS security groups, Azure Network Security Groups, and GCP firewall rules in a single pane of glass, and identify misconfigurations like overly permissive access to S3 buckets or Azure storage accounts. Ensure compliance Stay ahead of ever-changing compliance regulations (e.g., PCI DSS, HIPAA) with automated compliance reporting and remediation. Prevasio automatically identifies violations and guides you through remediation steps, like enforcing encryption for sensitive data stored in AWS S3 or GCP Cloud Storage. Discover how Pervasio's CSPM capabilities can enhance your cloud security posture. Learn more Kubernetes container security Secure your containerized applications Prevasio offers dedicated security for your Kubernetes clusters and containerized applications, ensuring compliance with security best practices (e.g., CIS Benchmarks for Kubernetes). Enforce container security policies Define and enforce granular security policies to strengthen your container environment. For instance, control network access between pods, limit container privileges, and prevent the use of vulnerable images. Discover specific features and functionalities of Prevasio’s Kubernetes offering. Learn more Infrastructure as code (IaC) security scanning Shift left security Integrate Prevasio with your IaC pipelines to identify security misconfigurations early in the development process. For example, to detect insecure configurations before they are deployed. Prevent security issues Ensure your IaC templates and scripts are secure before deploying them to production. This helps prevent issues like exposing sensitive data or creating overly permissive access controls. Get detailed information about Prevasio’s IaC Security Scanning. Learn more Cloud network security Secure your cloud network Prevasio protects your cloud network by providing comprehensive visibility and control over network traffic flows within and between your cloud environments. Enforce network micro-segmentation Isolate your applications and resources to minimize the blast radius of potential attacks. For example, create micro-segmentation rules to restrict communication between different tiers of your application. Explore Prevasio‘s network security features. Learn more By leveraging the various modules within the Prevasio platform, you can establish a robust and multi-layered security posture for your cloud applications. Schedule time and secure your cloud Cloud native application protection platform (CNAPP) Protect Cloud-Native Applications Prevasio secures your cloud-native applications, including serverless functions and containerized workloads (e.g., Docker, Kubernetes). Identify and Address Vulnerabilities Proactively identify and remediate vulnerabilities in your cloud applications (including those in open-source libraries and dependencies) for enhanced security. Prevasio integrates with CI/CD pipelines to shift left security and prevent vulnerabilities from reaching production. Harness Prevasio’s CNAPP capabilities to strengthen the security of your cloud-native applications Learn more Schedule time and secure your cloud Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

AlgoSec automates simplifies security policy management across virtual, cloud physical environments to accelerate application delivery while ensuring security Leadership Yuval Baron Chairman and CEO Avishai Wool CTO and Co-Founder Ilan Erez CFO and General Manager Chris Thomas CRO Michal Chorev Chief Services Officer Rinat Cooper Chief People Officer Shay Weiss VP R&D David Geffen CMO Eran Shiff Chief Product Officer Marc-Henri Guy Regional VP Sales, EMEA Gary Fischer Regional VP Sales, Americas Apoorv Singh Regional VP Sales, APAC Simone Astuni VP Global Customer Success Contact sales Contact sales Work email* First name* Last name* Company* country* Select country... Short answer* Long answer Send message

Securely accelerate application delivery by automating application connectivity and security policy across the hybrid network estate. Solution de gestion
de sécurité AlgoSec Bienvenue! La gestion de votre politique de sécurité réseau sur les firewall à la demande et des paramètres de sécurité dans le cloud sont des exercices d'équilibriste délicats. D'un côté, vous devez réduire les risques en minimisant la surface d'attaque. De l'autre, vous devez encourager la productivité en assurant la connectivité des applications métiers essentielles. Toutefois, les processus de gestion de politique de sécurité réseau ont toujours été complexes, chronophages et criblés d'erreur. Ce n'est pas une fatalité. Que cela soit à la demande ou dans le cloud, AlgoSec facilite et automatise la gestion de politique de sécurité réseau afin de rendre votre entreprise plus agile, plus sécurisée et plus conforme et cela de façon constante. Une approche unique de la gestion du cycle de vie des politiques de sécurité AlgoSec est unique car il gère l'ensemble du cycle de vie des politiques de sécurité afin d'assurer une connectivité continue et sécurisée de vos applications métiers. Par le biais d’une interface unique, vous pouvez découvrir vous-même les exigences en matière de connectivité d'applications, analyser les risques de façon proactive, organiser et exécuter rapidement des modifications de sécurité réseau et déclasser des règles de firewall en toute sécurité, tout ceci sans intervention et orchestré de façon harmonieuse sur votre environnement hétérogène. Avec AlgoSec, vous pouvez Unifier votre gestion de politique de sécurité réseau sur des environnements Cloud et à la demande Assurer une conformité continue et réduire de façon drastique les efforts en matière de préparation d'audit de Firewall Assurer la connectivité d'applications de façon rapide et sécurisée et éviter des disfonctionnements liés au réseau Aligner les équipes de sécurité, de réseau et d'applications et encourager DevSecOps Automatiser la gestion de modification de Firewall et éliminer les mauvaises configurations Réduire le risque via une configuration de sécurité correcte et une segmentation réseau effective La solution de gestion de sécurité AlgoSec Analyse de réseau de politique de sécurité Plus d'informations Firewall Analyzer Automatisation des modifications de politique de sécurité Plus d'informations FireFlow Calculer votre ROI Livre Blanc AlgoSec Contact commercial Alexis Luc Bouchauveau Phone: +33 613 200 885
 Email: [email protected] Schedule time with one of our experts

Horizon ACE gives you complete visibility into your cloud applications, simplifies network security policy management, and automates compliance across your multi-cloud infrastructure. Horizon ACE Information Center Getting started Why Horizon ACE Horizon ACE access Horizon ACE videos Let’s connect Getting started Great news! As a valued AlgoSec Cloud customer, you now have extended access to AlgoSec Cloud Enterprise (Horizon ACE). We're so excited for you to experience the next level of cloud security, designed to give you unparalleled visibility and control. You're already doing great things with AlgoSec for network security. Now, Horizon ACE is here to help you do even more, providing deeper insights and comprehensive management across your entire multi-cloud environment. Important: To ensure you can see and use all the amazing features the app analyzer has to offer, you'll need to open the required permissions in your cloud environment. This is a crucial step that ensures the program can access all the data required to give you a complete picture. You can find detailed instructions and a list of the permissions needed for your specific cloud provider here: AWS: Horizon ACE Access AWS Azure: Horizon ACE Access Azure GCP: Horizon ACE Access GCP Why Horizon ACE? Horizon ACE gives you complete visibility into your cloud applications, simplifies network security policy management, and automates compliance across your multi-cloud infrastructure. Think of it as your new co-pilot for cloud security, helping you: One unified view: Seamlessly combine cloud posture management with your existing AlgoSec network security. Get a truly holistic perspective of your entire environment. With Horizon ACE, you can bridge the gap between your cloud and on-premise infrastructure to achieve unified hybrid security. With Horizon ACE you can: Gain a single, holistic view across both environments. Enforce consistent policies. Simplify change management. To get a clearer picture of how Horizon ACE can transform your security, download our one-pager. Deeper, actionable insights: Dive into advanced features that give you immediate, practical intelligence about your cloud security health. You'll know exactly what to do next. Amplified protection: Proactively discover and tackle risks across your entire cloud environment, strengthening the already solid foundation you have with AlgoSec. Horizon ACE access We're all about empowering you with the best cloud security tools available. This extended access to Horizon ACE is our way of providing you with: See everything (beyond the network!): Get a full, real-time inventory of all your cloud applications and infrastructure. No more blind spots – you'll see everything, far beyond traditional network boundaries. Spot risks before they're problems: Proactively find vulnerabilities and misconfigurations across your entire cloud setup. Horizon ACE helps you identify potential issues before they can impact your operations, building on your current security efforts. Keep compliance simple: Maintain strong and continuous compliance with industry standards and your internal policies. Horizon ACE brings you deeper, cloud-native insights to make compliance easier than ever. Streamline your day: Automate security workflows and policy enforcement. This means more time for you and consistent security across all your expanding cloud resources. Ready to explore your new Horizon ACE access? You've already been granted access! Look for a welcome email with simple instructions to confirm and get started. We'll be there to guide you through the initial steps, helping you quickly get comfortable with the Horizon ACE dashboard and all its powerful features. We've designed this to be a smooth, insightful, and incredibly valuable experience for you! Join the growing community of leading organizations who are transforming their cloud security with the unified power of AlgoSec. We're here to help you master your cloud security journey! Horizon ACE videos Horizon ACE Access Horizon ACE Overview Application Discovery Horizon ACE Dashboard Horizon ACEConfiguration & Compliance Container Security Let’s connect Have a question, need more information, or just want to say hello? We'd love to hear from you Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Elevate Kubernetes container security with AlgoSec s Prevasio Shield your deployments effortlessly Explore more now Kubernetes and container security Agentless zero-trust container analysis system Schedule a demo Watch a video Watch a video AI powered container applications discovery Never misplace a containerized focused application on your estate with new AI powered cloud application discovery. Identify your containerized business applications and their connection to other cloud resources. Comprehensive risk assessment Proactively secure your containers with in-depth vulnerability scanning and malware detection. Take control of your cloud security with clear, actionable remediation recommendations. Compliance Ensure compliance with industry benchmarks such as CIS benchmarks . Achieve and maintain cloud compliance effortlessly. Our platform verifies your Kubernetes , EKS, ECS, and ECR configurations against industry benchmarks, then prioritizes fixes based on the impact to your critical applications. for Kubernetes, EKS, ECS and ECR. Dynamic threat analysis Gain unprecedented visibility into your containerized environments . Prevasio's dynamic threat analysis exposes concealed entry points, detects potential supply chain threats, and empowers you with actionable insights to strengthen your security posture. Get the latest insights from the experts A Guide to Upskilling Your Cloud Architects & Security Teams in 2023 Learn more Securing Cloud-Native Environments: Containerized Applications, Serverless Architectures, and Microservices Learn more Understanding and Preventing Kubernetes Attacks and Threats Read more Schedule time and secure your cloud Schedule time and secure your cloud Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

The goal of the AlgoSec Professional Services Team is to partner with you and enable you to meet your budget, time and resource constraints AlgoSec professional services Service offerings We offer a variety of à la carte Professional Services to help you quickly benefit from your AlgoSec investment. AlgoSec JumpStart packages View detailed information Through our new JumpStart packages we will deploy your AlgoSec products quickly and cost-effectively within your environment, so that you can start generating value from your AlgoSec investment as soon as possible Basic deployment of the AlgoSec security management suite View detailed information This service includes installing your AlgoSec appliances with the most recent build of the AlgoSec Security Management Suite including AlgoSec Horizon Security Analyzer and/or AlgoSec Horizon FireFlow and/or AlgoSec BusinessFlow, then verifying connectivity and defining devices. We will also verify that the reporting functionality works properly for each deployed device, and will provide sufficient knowledge transfer to enable you to perform basic operations in your AlgoSec environment. AlgoSec technical audit View detailed information Get a technical audit of your running AlgoSec environment – remotely or on-premises. Make sure you are optimally configured to get the best performance and functionality. Identify critical issues, receive insights and actionable suggestions to help you improve your network, identify issues that may have arisen since deployment, as well as recommendations for architectural improvements and optimization. AlgoSec Technical Audit is recommended once a year, and at least 6 months following initial deployment. Integration with existing Change Management Systems (CMS) View detailed information We can seamlessly integrate with any existing CMS including ServiceNow, Remedy, ServiceDesk and others. We can integrate your CMS system with AlgoSec via a Web Services call, as well as import historical change requests into AlgoSec. Advanced configuration View detailed information Suitable for complex, enterprise environments, this service includes verifying requirements and designing the appropriate topology for: High-Availability or Disaster-Recovery modes Load Distribution mode Geographical Distribution or Central-Manager / Remote-Agent mode Develop custom reports View detailed information We can create custom risk profiles and baseline configuration reports to meet your unique needs. Develop custom change workflows View detailed information While AlgoSec includes several out-of-the-box workflows, we can develop custom workflows to meet your unique needs. Customization options include creating the different steps in a change process, managing the ticket lifecycle based on your processes, dynamically routing tickets to required approvers and changing request form fields and appearance. Project management and customer success management View detailed information We can provide on-going project management to support your AlgoSec implementation. We provide regular status updates and meetings to ensure that the project is on schedule and meets your requirements. Schedule time with one of our experts Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* Long answer Send message

As you may have heard already, the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) released a joint... Cloud Security Drovorub’s Ability to Conceal C2 Traffic And Its Implications For Docker Containers Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 8/15/20 Published As you may have heard already, the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory about previously undisclosed Russian malware called Drovorub. According to the report, the malware is designed for Linux systems as part of its cyber espionage operations. Drovorub is a Linux malware toolset that consists of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control (C2) server. The name Drovorub originates from the Russian language. It is a complex word that consists of 2 roots (not the full words): “drov” and “rub” . The “o” in between is used to join both roots together. The root “drov” forms a noun “drova” , which translates to “firewood” , or “wood” . The root “rub” /ˈruːb/ forms a verb “rubit” , which translates to “to fell” , or “to chop” . Hence, the original meaning of this word is indeed a “woodcutter” . What the report omits, however, is that apart from the classic interpretation, there is also slang. In the Russian computer slang, the word “drova” is widely used to denote “drivers” . The word “rubit” also has other meanings in Russian. It may mean to kill, to disable, to switch off. In the Russian slang, “rubit” also means to understand something very well, to be professional in a specific field. It resonates with the English word “sharp” – to be able to cut through the problem. Hence, we have 3 possible interpretations of ‘ Drovorub ‘: someone who chops wood – “дроворуб” someone who disables other kernel-mode drivers – “тот, кто отрубает / рубит драйвера” someone who understands kernel-mode drivers very well – “тот, кто (хорошо) рубит в драйверах” Given that Drovorub does not disable other drivers, the last interpretation could be the intended one. In that case, “Drovorub” could be a code name of the project or even someone’s nickname. Let’s put aside the intricacies of the Russian translations and get a closer look into the report. DISCLAIMER Before we dive into some of the Drovorub analysis aspects, we need to make clear that neither FBI nor NSA has shared any hashes or any samples of Drovorub. Without the samples, it’s impossible to conduct a full reverse engineering analysis of the malware. Netfilter Hiding According to the report, the Drovorub-kernel module registers a Netfilter hook. A network packet filter with a Netfilter hook ( NF_INET_LOCAL_IN and NF_INET_LOCAL_OUT ) is a common malware technique. It allows a backdoor to watch passively for certain magic packets or series of packets, to extract C2 traffic. What is interesting though, is that the driver also hooks the kernel’s nf_register_hook() function. The hook handler will register the original Netfilter hook, then un-register it, then re-register the kernel’s own Netfilter hook. According to the nf_register_hook() function in the Netfilter’s source , if two hooks have the same protocol family (e.g., PF_INET ), and the same hook identifier (e.g., NF_IP_INPUT ), the hook execution sequence is determined by priority. The hook list enumerator breaks at the position of an existing hook with a priority number elem->priority higher than the new hook’s priority number reg->priority : int nf_register_hook ( struct nf_hook_ops * reg) { struct nf_hook_ops * elem; int err; err = mutex_lock_interruptible( & nf_hook_mutex); if (err < 0 ) return err; list_for_each_entry(elem, & nf_hooks[reg -> pf][reg -> hooknum], list) { if (reg -> priority < elem -> priority) break ; } list_add_rcu( & reg -> list, elem -> list.prev); mutex_unlock( & nf_hook_mutex); ... return 0 ; } In that case, the new hook is inserted into the list, so that the higher-priority hook’s PREVIOUS link would point into the newly inserted hook. What happens if the new hook’s priority is also the same, such as NF_IP_PRI_FIRST – the maximum hook priority? In that case, the break condition will not be met, the list iterator list_for_each_entry will slide past the existing hook, and the new hook will be inserted after it as if the new hook’s priority was higher. By re-inserting its Netfilter hook in the hook handler of the nf_register_hook() function, the driver makes sure the Drovorub’s Netfilter hook will beat any other registered hook at the same hook number and with the same (maximum) priority. If the intercepted TCP packet does not belong to the hidden TCP connection, or if it’s destined to or originates from another process, hidden by Drovorub’s kernel-mode driver, the hook will return 5 ( NF_STOP ). Doing so will prevent other hooks from being called to process the same packet. Security Implications For Docker Containers Given that Drovorub toolset targets Linux and contains a port forwarding tool to route network traffic to other hosts on the compromised network, it would not be entirely unreasonable to assume that this toolset was detected in a client’s cloud infrastructure. According to Gartner’s prediction , in just two years, more than 75% of global organizations will be running cloud-native containerized applications in production, up from less than 30% today. Would the Drovorub toolset survive, if the client’s cloud infrastructure was running containerized applications? Would that facilitate the attack or would it disrupt it? Would it make the breach stealthier? To answer these questions, we have tested a different malicious toolset, CloudSnooper, reported earlier this year by Sophos. Just like Drovorub, CloudSnooper’s kernel-mode driver also relies on a Netfilter hook ( NF_INET_LOCAL_IN and NF_INET_LOCAL_OUT ) to extract C2 traffic from the intercepted TCP packets. As seen in the FBI/NSA report, the Volatility framework was used to carve the Drovorub kernel module out of the host, running CentOS. In our little lab experiment, let’s also use CentOS host. To build a new Docker container image, let’s construct the following Dockerfile: FROM scratch ADD centos-7.4.1708-docker.tar.xz / ADD rootkit.ko / CMD [“/bin/bash”] The new image, built from scratch, will have the CentOS 7.4 installed. The kernel-mode rootkit will be added to its root directory. Let’s build an image from our Dockerfile, and call it ‘test’: [root@localhost 1]# docker build . -t test Sending build context to Docker daemon 43.6MB Step 1/4 : FROM scratch —> Step 2/4 : ADD centos-7.4.1708-docker.tar.xz / —> 0c3c322f2e28 Step 3/4 : ADD rootkit.ko / —> 5aaa26212769 Step 4/4 : CMD [“/bin/bash”] —> Running in 8e34940342a2 Removing intermediate container 8e34940342a2 —> 575e3875cdab Successfully built 575e3875cdab Successfully tagged test:latest Next, let’s execute our image interactively (with pseudo-TTY and STDIN ): docker run -it test The executed image will be waiting for our commands: [root@8921e4c7d45e /]# Next, let’s try to load the malicious kernel module: [root@8921e4c7d45e /]# insmod rootkit.ko The output of this command is: insmod: ERROR: could not insert module rootkit.ko: Operation not permitted The reason why it failed is that by default, Docker containers are ‘unprivileged’. Loading a kernel module from a docker container requires a special privilege that allows it doing so. Let’s repeat our experiment. This time, let’s execute our image either in a fully privileged mode or by enabling only one capability – a capability to load and unload kernel modules ( SYS_MODULE ). docker run -it –privileged test or docker run -it –cap-add SYS_MODULE test Let’s load our driver again: [root@547451b8bf87 /]# insmod rootkit.ko This time, the command is executed silently. Running lsmod command allows us to enlist the driver and to prove it was loaded just fine. A little magic here is to quit the docker container and then delete its image: docker rmi -f test Next, let’s execute lsmod again, only this time on the host. The output produced by lsmod will confirm the rootkit module is loaded on the host even after the container image is fully unloaded from memory and deleted! Let’s see what ports are open on the host: [root@localhost 1]# netstat -tulpn Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1044/sshd With the SSH server running on port 22 , let’s send a C2 ‘ping’ command to the rootkit over port 22 : [root@localhost 1]# python client.py 127.0.0.1 22 8080 rrootkit-negotiation: hello The ‘hello’ response from the rootkit proves it’s fully operational. The Netfilter hook detects a command concealed in a TCP packet transferred over port 22 , even though the host runs SSH server on port 22 . How was it possible that a rootkit loaded from a docker container ended up loaded on the host? The answer is simple: a docker container is not a virtual machine. Despite the namespace and ‘control groups’ isolation, it still relies on the same kernel as the host. Therefore, a kernel-mode rootkit loaded from inside a Docker container instantly compromises the host, thus allowing the attackers to compromise other containers that reside on the same host. It is true that by default, a Docker container is ‘unprivileged’ and hence, may not load kernel-mode drivers. However, if a host is compromised, or if a trojanized container image detects the presence of the SYS_MODULE capability (as required by many legitimate Docker containers), loading a kernel-mode rootkit on a host from inside a container becomes a trivial task. Detecting the SYS_MODULE capability ( cap_sys_module ) from inside the container: [root@80402f9c2e4c /]# capsh –print Current: = cap_chown, … cap_sys_module, … Conclusion This post is drawing a parallel between the recently reported Drovorub rootkit and CloudSnooper, a rootkit reported earlier this year. Allegedly built by different teams, both of these Linux rootkits have one mechanism in common: a Netfilter hook ( NF_INET_LOCAL_IN and NF_INET_LOCAL_OUT ) and a toolset that enables tunneling of the traffic to other hosts within the same compromised cloud infrastructure. We are still hunting for the hashes and samples of Drovorub. Unfortunately, the YARA rules published by FBI/NSA cause False Positives. For example, the “Rule to detect Drovorub-server, Drovorub-agent, and Drovorub-client binaries based on unique strings and strings indicating statically linked libraries” enlists the following strings: “Poco” “Json” “OpenSSL” “clientid” “—–BEGIN” “—–END” “tunnel” The string “Poco” comes from the POCO C++ Libraries that are used for over 15 years. It is w-a-a-a-a-y too generic, even in combination with other generic strings. As a result, all these strings, along with the ELF header and a file size between 1MB and 10MB, produce a false hit on legitimate ARM libraries, such as a library used for GPS navigation on Android devices: f058ebb581f22882290b27725df94bb302b89504 56c36bfd4bbb1e3084e8e87657f02dbc4ba87755 Nevertheless, based on the information available today, our interest is naturally drawn to the security implications of these Linux rootkits for the Docker containers. Regardless of what security mechanisms may have been compromised, Docker containers contribute an additional attack surface, another opportunity for the attackers to compromise the hosts and other containers within the same organization. The scenario outlined in this post is purely hypothetical. There is no evidence that supports that Drovorub may have affected any containers. However, an increase in volume and sophistication of attacks against Linux-based cloud-native production environments, coupled with the increased proliferation of containers, suggests that such a scenario may, in fact, be plausible. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Before I became a Sale Engineer I started my career working in operations and I don’t remember the first time I heard the term zero trust... Zero Trust AlgoSec and Zero-Trust for Healthcare Adolfo Lopez 2 min read Adolfo Lopez Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 2/26/24 Published Before I became a Sale Engineer I started my career working in operations and I don’t remember the first time I heard the term zero trust but I all I knew is that it was very important and everyone was striving to get to that level of security. Today I’ll get into how AlgoSec can help achieve those goals, but first let’s have a quick recap on what zero trust is in the first place. There are countless whitepapers and frameworks that define zero trust much better than I can, but they are also multiple pages long, so I’ll do a quick recap. Traditionally when designing a network you may have different zones and each zone might have different levels of access. In many of these types of designs there is a lot of trust that is given once they are in a certain zone. For example, once someone gets to their workplace at the hospital, the nursing home, the dental center or any other medical office and does all the necessary authentication steps (proper company laptop, credentials, etc…) they potentially have free reign to everything. This is a very simple example and in a real-world scenario there would hopefully be many more safeguards in place. But what does happen in real world scenarios is that devices still manage to get trusted more than they should. And from my own experience and from working with customers this happens way too often. Especially in the healthcare industry this is becoming more and more important. These days there are many different types of medical devices, some that hold sensitive information, some scanning instruments, and some that might even be critical to patient support. More importantly many are connected to some type of network. Because of this level of connectivity, we do need to start shifting toward this idea of zero trust. In healthcare cybersecurity isn’t just a matter of maintaining the network, it’s about maintaining the critical operations of the hospitals running smoothly and patient data safe and secure. Maintaining security policies is critical to achieving zero trust. Below you can see some of the key features that AlgoSec has that can help achieve that goal. Feature Description Security Policy Analysis Analyze existing security policy sets across all parts of the network (on-premises and cloud) with various vendors. Policy Cleanup Identify and remove redundant rules, duplicate rules, and more from the first report. Specific Recommendations Over time, recommendations become more specific, such as identifying unnecessary rules (e.g., a printer talking to a medical device without actual use). Application Perspective Tie firewall rules to actual applications to understand the business function they support, leading to more targeted security policies. Granularity & Visibility Higher level of visibility and granularity in security policies, focusing on specific application flows rather than broad network access. Security Posture by Application View and assess security risks and vulnerabilities at the application level, improving overall security posture. One of my favorite aspects of the AlgoSec platform is that we not only help optimize your security policies, but we also start to look at security from an application perspective. Traditionally, firewall change requests come in and it’s just asking for very specific things, “Source A to Destination B using Protocol C.” But using AlgoSec we tie those rules to actual applications to see what business function this is supporting. By knowing the specific flows and tying them to a specific application this allows us to keep a closer eye on the actual security policies we need to create. This helps with that zero trust journey because having that higher level of visibility and granularity helps to keep the rules more specific. Instead of a change request coming in that is allowing wide open access between two subnets the application can be designed for only the access that is required. It also allows for an overall better view of the security posture. Zero trust, like many other ideas and frameworks in our industry might seem farfetched at first. We ask ourselves, how do we get there or how do we implement without it becoming so cumbersome that we give up on it. I think it’s normal to be a bit pessimistic about achieving the goal and it’s completely fine to look at some projects as moving targets that we might not have a hard deadline on. There usually isn’t a magic bullet that accomplish our goals, especially something like achieving zero trust. Multiple initiatives and projects are necessary. With AlgoSec’s expertise in application connectivity and policy management, we can be a key partner in that journey. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

With AlgoSec you will manage your network security confidently, no matter where your network lives Gain complete visibility, automate changes, and always be compliant Looking for a Skybox alternative? Easily visualize and manage application connectivity and security policy across your entire hybrid network estate. From security policy management to securely accelerating application delivery Schedule a demo Key Capabilities Request app connectivity in business terms Automatic association of firewall rules to relevant buiness application Custom policy rule documentation Integration with SIEM systems Unify & consolidated management of disparate cloud security groups Cloud policy cleanup IaC connectivity risk analysis See how AlgoSec stacks up against Skybox Bid Goodbye To Skybox & Get Started With AlgoSec Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue Trusted by over 2,200 organizations since 2004 Based on hundreds reviews on G2.com
Crowd & PeerSpot Reviews

Explore Algosec's products that simplify network security policy management, enhance compliance, and improve network visibility and control. Secure application connectivity.
Anywhere. Use automation to speed up and tighten your security policies Schedule a demo Learn more Watch the video Applications are at the core of digital transformation We currently are living through what we like to call the 100x revolution; networks are 100x more complex than ever, and the speed of application deployment and development has become a 100x faster. Speed and complexity are a dangerous combination for companies today and create increased risk. Frequent changes to applications in this fast, dynamic, and complex network can lead to downtime, security breaches, and compliance violations. A paradigm shift is required. Traditional policy management tools struggle with the complexity across larger hybrid networks and lack the necessary business application context. Application-centric security • Visualization of network and application connectivity • Application-aware vulnerability, risk and compliance • Adaptivity to application intent and traffic • Simplified application-focused of recertification Traditional NSPM • Visibility into network posture only • Risk and compliance detection • Reliant on policy rules • Labor-intehse rule recertification Our platform is the complete solution for delivering secure application connectivity and security policy. Explore what it’s made of! Take control of your application and security policy Horizon Security Analyzer See the whole picture Enable visibility across your hybrid network, optimize firewall rules, and prioritize risks. Firewall Analyzer solution FireFlow Automate and secure
policy changes Process security changes in a fraction of the time by automating the entire security policy change process FireFlow solution AppViz Optimize the discovery of applications and services Leverage advanced AI to identify your business applications and their network connectivity accurately AppViz solution AlgoSec Cloud Complet hybrid network security policy management Across cloud, SDN, on-premises, and anything in between - one platform to manage it all AlgoSec Cloud solution Move fast and deliver applications quickly Security threats are increasing, even as you need to deliver faster than ever before. The AlgoSec platform enables you to securely deliver applications – without compromising on security. Work Smoothly Don’t sacrifice security or agility with broken links in the chain. The AlgoSec platform helps ensure connectivity and security policy are a part of the entire application delivery pipeline. The AlgoSec technology partner ecosystem Centrally manage multi-vendor network security policies across your entire hybrid network. Manage AlgoSec sits at the heart of the security network and integrates with the leading network security, clouds, application-dependency vendors, and DevOps solutions. Seamlessly integrate with your existing orchestration systems, ITSM systems, SIEM/SOAR, vulnerability scanners, and more - all from a single platform. Integrate Schedule a demo See it in action Visualize your entire network Discover, identify, and map your business applications and security policies. Leverage advanced AI to intelligently analyze and discover application dependencies across your network. Instantly visualize your entire hybrid network security topology, including business-critical applications and their connectivity flows. The platform utilizes AI to provide a comprehensive view of your security policies and applications, whether they are in the cloud, across the SDN, on-premises, or anywhere in between. Zero-touch change management Automate application connectivity and security policy changes – from planning through risk analysis, implementation, and validation – to avoid misconfigurations. Accelerate security policy changes while maintaining control, ensuring accuracy, saving time, and preventing errors – with zero-touch. Always be compliant Understand which applications expose you to compliance violations and risk. Always be ready for audits with compliance reports covering leading global regulations and custom corporate policies including PCI DSS, SOX, HIPAA, and ISO/IEC 27001. The perfect balance of visibility
and comprehensive management Watch the video "The way AlgoSec provides the whole map of internal and cloud networks is outstanding, and to be able to apply the same policy on all your infrastructure is priceless" What they say about us IT Security Specisalist Equip yourself with the technical details to discuss with your team and managers Ready for a deep dive? Contact us today Got everything you need?
Here’s how you get started How to buy Download now Get the conversation started by sharing it with your team Solution brochure Browse now Take a deep breath.
You’re about to dive deep! Tech docs Get the latest insights from the experts The 100x Revolution, learn how to Future-Proof your business applications with Secure Application Connectivity. Anywhere. Download the eBook Case Study- Nationwide Testimonial - AlgoSec Watch it now Product introduction video- Learn the key capabilities of the AlgoSec Secure application connectivity platform. Watch it now Schedule time and let's talk about your applications Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue Schedule a call with an expert to start securing application connectivity today

Hybrid cloud computing enables organizations to deploy sensitive workloads on-premise or in a private cloud, while hosting less... DevSecOps Why organizations need to embrace new thinking in how they tackle hybrid cloud security challenges Prof. Avishai Wool 2 min read Prof. Avishai Wool Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 10/9/22 Published Hybrid cloud computing enables organizations to deploy sensitive workloads on-premise or in a private cloud, while hosting less business-critical resources on public clouds. But despite its many benefits, the hybrid environment also creates security concerns. AlgoSec’s co-founder and CTO, Prof. Avishai Wool shares his expert insights on these concerns and offers best practices to boost hybrid cloud security. Hybrid cloud computing combines on-premises infrastructure, private cloud services, and one or more public clouds. Going hybrid provides businesses with enhanced flexibility, agility, cost savings, and scalability to innovate, grow, and gain a competitive advantage. So, how can you simplify and strengthen security operations in the hybrid cloud? It all starts with visibility – you still can’t protect what you can’t see To protect their entire hybrid infrastructure, applications, workloads, and data, security teams need to know what these assets are and where they reside. They also need to see the entire hybrid estate and not just the individual elements. However, complete visibility is a serious hybrid cloud security challenge. Hybrid environments are highly complex, which can create security blind spots, which then prevent teams from identifying, evaluating, and most importantly, mitigating risk. Another hybrid cloud security concern is that you cannot implement a fragmented security approach to control the entire network. With thousands of integrated and inter-dependent resources and data flowing between them, vulnerabilities crop up, increasing the risk of cyberattacks or breaches. For complete hybrid cloud security, you need a holistic approach that can help you control the entire network. Is DevSecOps the panacea? Not quite In many organizations, DevSecOps teams manage cloud security because they have visibility into what’s happening inside the cloud. However, in the hybrid cloud, many applications have servers or clients existing outside the cloud, which DevSecOps may not have visibility into. Also, the protection of data flowing into and out of the cloud is not always under their remit. To make up for these gaps, other teams are required to manage security operations and minimize hybrid cloud risks. These additional processes and team members must be coordinated to ensure continuous security across the entire hybrid network environment. But this is easier said than done. Using IaC to balance automation with oversight is key, but here’s why you shouldn’t solely rely on it Infrastructure as code (IaC) will help you automatically deploy security controls in the hybrid cloud to prevent misconfiguration errors, non-compliance, and violations while in the production stage and pre application testing. With IaC-based security, you can define security best practices in template files, which will minimize risks and enhance your security posture. But there’s an inherent risk in putting all your eggs in the automation and IaC basket. Due to the fact that all the controls are on the operational side, it can create serious hybrid cloud security issues. And without human attention and action, vulnerabilities may remain unaddressed and open the door to cyberattacks. Since security professionals who are not on the operational side must oversee the cloud environment, it could easily open the door to miscommunication and human errors – a very costly proposition for organizations. For this very reason, you should also implement a process to regularly deploy automatic updates without requiring time-consuming approvals that slow down workflows and weaken security. Strive for 95% automated changes and only involve a person for the remaining 5% that requires human input. Hybrid cloud security best practices – start early, start strong When migrating from on-prem to the cloud, you can choose a greenfield migration or a lift-and-shift migration. Greenfield means rolling out a brand-new application. In this case, ensure that security considerations are “baked in” from the beginning and across all processes. This “shift left” approach helps build an environment that’s secure from the get-go. This ensures that all team members adhere to a unified set of security policy rules to minimize vulnerabilities and reduce security risks within the hybrid cloud environment. If you lift-and-shift on-prem applications to the cloud, note any security assumptions made when they were designed. This is important because they were not built for the cloud and may incorporate protocols that increase security risks. Next, implement appropriate measures during migration planning. For example, implement an Application Load Balancer if applications leverage plaintext protocols, and use sidecars to encrypt applications without having to modify the original codebase. You can also leverage hybrid cloud security solutions to detect and mitigate security problems in real-time. Matching your cloud security with application structure is no longer optional Before moving to a hybrid cloud, map the business logic, application structure, and application ownership into the hybrid cloud estate’s networking structure. To simplify this process, here are some tried and proven ways to consider. Break up your environment into a virtual private cloud (VPC) or virtual network. With the VPC, you can monitor connections, screen traffic, create multiple subnets, and also restrict instance access to improve security posture. Use networking constructs to segregate applications into different functional and networking areas in the cloud. This way, you can deploy network controls to segment your cloud estate and ensure that only authorized users can access sensitive data and resources. Tag all resources based on their operating system, business unit, and geographical area. Tags with descriptive metadata can help to identify resources. They also establish ownership and accountability, provide visibility into cloud consumption, and help with the deployment of security policies. Conclusion In today’s fast-paced business environment, hybrid cloud computing can benefit your organization in many ways. But to capture these benefits, you should make an effort to boost hybrid cloud security. Incorporate the best practices discussed here to improve security and take full advantage of your hybrid environment. To learn more about hybrid cloud security, listen to our Lessons in Cybersecurity podcast episode or head to our hybrid cloud resource hub here . Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call