Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Computing
Conference & Expo
November 2-4, 2009 NYC
Register Today and SAVE !..

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
In many cases, the end of the year gives you time to step back and take stock of the last 12 months. This is when many of us take a hard look at what worked and what did not, complete performance reviews, and formulate plans for the coming year. For me, it is all of those things plus a time when I u...
SYS-CON.TV
Network Security 101: Automating for Continuous Compliance
With automation, organizations discover dangerous configuration changes before the business is exposed to security incidents

Managing access to confidential information and application resources via firewalls is the foundation of network security, and firewall audits are central to any mature network security process. However, relying on security and network experts to review rules across multiple firewall zones and different firewall products is proving to be costly and ineffective. Few will dispute that when it comes to network security, automating best practices to reduce operating costs, complexity, human error, and streamline processes is a good thing. However, in what we call the age of Continuous Compliance - brought on by the reality that point-in-time audits done hastily to meet reporting deadlines rarely - if ever - deliver any security or compliance benefits once that point in time has passed, automation becomes more than just good.  It becomes essential.

Case in point: a November 2011 survey from Tufin Technologies of 100 firewall managers revealed that only 1.3% of configuration changes that cause network downtime or pose a security breach are identified during the quarterly audit, yet almost a third of the respondents spent 3 to 7 days per quarter of valuable network security team time on firewall audits (Disclosure: I work for Tufin). Organizations receive precious few benefits for the level of resource spent on manual firewall audits - it is proving to be an inefficient approach to maintaining a secure network and if you do the math, an extremely inefficient use of skilled security personnel.

In general, what constitutes best practices in security are mandated in standards such as the PCI-DSS, DISA Information Assurance Support Environment, or health care's HIPAA. Most if not all of these regulations, and many others, either specifically mandate or implicitly require firewall audits.

The best practices of firewall audits are based on expert reviews of changes made by network and security administrators. In theory, errors are caught, corrections are made, and compliance is re-established as a result of the audit. In practice, errors are seldom caught and operational costs climb, in great part because audit teams discover security issues in firewall protection from manual audits at a very low rate.

As the discipline of IT security continues to evolve, knowing where and when to automate can make or break a CISO's career - not to mention the morale and effectiveness of their compliance and IT operations teams. One of the important ways security teams gain efficiencies is to apply technology to evolve audit processes from disruptive quarterly or yearly events to daily standard operating procedures. The technology exists today to automatically verify compliance as firewall rules changes are implemented - ensuring continuous compliance with tight security and fewer calls to the security service desk.

The complexities of modern networks are often simply too much for a human to decipher without assistance. Not only do the best security experts have to interpret rules languages across vendors such as Check Point, Cisco, and Juniper Networks but they must also translate application-based rules from next-generation firewalls (such as those from Palo Alto, Check Point, SonicWALL, SourceFire) to ensure compliance with security policies across the organization. The concept of independent validation of firewall configurations is a good one - the best practice is now to have a security expert craft the new rules and then automate the impact on firewalls to ensure continuous compliance.

Seeking continuous compliance via automation of firewall management has the additional benefit of preserving the valuable time of security experts. Instead of expending critical resources conducting manual reviews of firewall rules that are unlikely to result in improved security or enhancements to compliance, security teams are able to contribute to the business in more productive activities. Too much time - the 3 to 7 days per quarter mentioned in the survey builds up to more than one month per year - is spent conducting ineffective audits and producing documentation for compliance reports. As with many IT disciplines, finding ways to automate activity is the key to freeing time for skilled resources to be more effective. Automating the best practices of firewall compliance returns direct cost savings to the organization.

With automation, organizations discover dangerous configuration changes before the business is exposed to security incidents, generate compliance reports whenever required by the regulations, and shift audit approaches to expert reviews of the security strategy more than manual reviews of firewall rules. Seeking continuous compliance moves the business closer to the goal of integrating security into business operations with fewer deviations from compliance that can put the business at risk. Spending significant security resources to find security problems only 1.3% of the time doesn't make sense - if that is your ratio, then automating firewall management is a no brainer.

About Shaul Efraim
Shaul Efraim is Vice President of Marketing and Business Development at Tufin Technologies. He brings more than 18 years of results-oriented industry experience in key sales and marketing management roles. He has driven Tufin’s message through the creation of powerful channel, customer relations and marketing programs, highlighting the company’s unmatched expertise in firewall change management solutions and dedication to technical excellence.

Previously, Shaul held positions as various product management and technical marketing roles at Check Point Software, as well as PortAuthority Technologies and Eastronics Company. With a rich technical and marketing background, he holds a degree in Industrial Engineering from Tel Aviv University.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

SOA World Latest Stories
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus ...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one l...
Consumer-driven contracts are an essential part of a mature microservice testing portfolio enabling independent service deployments. In this presentation we'll provide an overview of the tools, patterns and pain points we've seen when implementing contract testing in large development ...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portabil...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand usin...
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is founda...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021


SYS-CON Featured Whitepapers
ADS BY GOOGLE