End-to-end Security Management for the Next-generation Data Center with Cisco ACI and AlgoSec
Guest blogger: AlgoSec Exec Anner Kushnir, VP Technology, AlgoSec
This blog is authored by Anner Kushnir, AlgoSec. Anner Kushnir has over 20 years of experience in various research, development and executive management positions. Anner joined AlgoSec in 2006 as head of R&D, leading the research, design, architecture and software development of the AlgoSec product suite.
Introduction: The heart of the data center, today’s business applications are highly dynamic with connectivity between the various application components that are constantly changing to support business continuity and digital transformation initiatives. This constant state of flux increases the organization’s attack surface and creates gaps in the security infrastructure, which network and security operations teams are struggling to plug.
To address these challenges, we need a solution that supports visibility, agility, automation and extensibility, while not compromising on tight security and compliance requirements.
Solution: Cisco’s industry-leading software-defined networking (SDN) solution, ACI (Application Centric Infrastructure) makes the network agile by automating IT work flows and securing data centers through whitelist model, policy enforcement and micro-segmentation. It puts the business application in the center, providing a centralized platform to manage application policies across physical and virtual workloads, thereby enabling customers build agile and secure next generation data centers.
But if we take a step back – we realize that firewalls are often used within the data center to perform stateful inspection and provide an additional layer of security for east-west traffic. Also, All these security policies, alongside the Cisco ACI contracts, must be consistent and in sync to enable an end-to-end automation process. In addition, today’s complex data centers require us to manage security in a hybrid cloud environment and ensure continuous compliance and adherence to organizational and regulatory standards.
So, when designing such an end-to-end automation process, there are some additional considerations:
- Visibility must be end-to-end across the entire network –for troubleshooting and operational activities, as well as for risk and compliance.
- Automation must cover all security devices and policies – in the data center, at its perimeter, across the rest of the network and in the cloud (if it’s not 100% automated, it’s not really automated).
- Security and compliance must be baked into the process, or else agility will come at the expense of security.
Understanding these challenges, we, at AlgoSec, a long-time Cisco technology partner, decided to join forces and provide a joint solution that extends Cisco ACI’s rich capabilities build a secure, compliant and agile data center.
The partnership is natural – AlgoSec and Cisco ACI have a lot in common.
Both solutions share a similar approach of focusing on application policies; both solutions provide automation capabilities and support agile application delivery; and of course, they are built for the large enterprises and service providers.
With AlgoSec, Cisco ACI customers can extend visibility and policy change automation to the entire network – inside the data center, its perimeter, and outside. In addition to Cisco ACI, AlgoSec seamlessly integrates with Cisco firewalls (ASA, and now also Firepower!), routers (IOS and Nexus), as well as leading 3rd party firewalls and load balancers and cloud security groups. This creates a single source of truth for the application connectivity policy across the entire network, and eliminates inconsistencies and tedious troubleshooting.
AlgoSec also adds risk and compliance analysis – for Cisco ACI contracts, firewalls, as well as the perimeter and cloud. This includes risk and compliance reports – out-of-the-box reports for multiple regulatory compliance standards such as PCI, SOX, NERC, HIPAA and others, which saves hours in preparations for audits. It also includes a “what-if” risk check baked into the change workflow, and automatically escalates potentially risky changes to the security team – before they are actually implemented – to insure compliance is continuously maintained. And, of course, AlgoSec provides full documentation and an audit trail of every change.
AlgoSec firewall provisioning solution enables ACI customers to automate the configuration and management of security policies across their data center, including ACI contracts, firewalls on the ACI fabric that secure the east-west traffic as well as perimeter firewalls and cloud security groups. This allows customers to achieve a greater degree of automation, while giving them a flexibility to have tighter control over their security policies through approval based work-flow model.
And as part of the tight integration, AlgoSec also offers a unique ‘Connectivity and Compliance’ App available on Cisco ACI App Center. This App allows easy access to the main AlgoSec capabilities from the comfort of your Cisco APIC UI.
How do these capabilities help you secure your ACI fabric?
- Get visibility into the Cisco ACI security environment and extend Cisco ACI policy-based automation across the enterprise network
- Proactively assess risk for the Cisco ACI fabric and recommend changes to eliminate misconfigurations and compliance violations
- Automatically configure security devices on the ACI fabric
- Automatically generate audit-ready regulatory compliance reports for the entire Cisco ACI fabric
Are you keen see about how AlgoSec for ACI can help you achieve continuous compliance and secure your data center? Please visit AlgoSec portal to download the software and get an evaluation key to try AlgoSec’s ACI integration in your data center.
We live in exciting times. Applications are undergoing constant change due to Continuous Development and Integration models (CI/CD). Agile application delivery is becoming the norm. Cisco ACI is a foundation for this trend. AlgoSec is very excited about the new capabilities offered by Cisco ACI 3.0. We look forward to continue supporting Cisco ACI customers on their digital transformation journey, helping them ensure their data centers remain secure and compliant.
For more details: