fire flow is the operational glue that
ties the suite together providing
end-to-end intelligent orchestration and
workflow within this workflow is where
algo SEC adds unique intelligence which
you'll see during this demonstration in
and above this fire flow rounds out the
device policy lifecycle with native
search by rule and traffic
recertification capabilities you've just
seen the submission of a request via the
direct integration with business flow
fire flow also exposes request templates
for web based submission
industry-leading rich AP is allowing
third-party ticketing integration and
email and XLS parsing capabilities to
handle bulk submissions traditionally
the majority of algo site customers will
integrate fire flow with third-party
ticketing solutions to avoid duplicate
submission efforts regardless of which
change request submission process is
used all requests must first pass
through the initial plan the purpose of
the initial plan is to automate a
significant portion of the work effort
associated with processing a new change
request we can observe for this example
that fire flow has automatically
detected a change is required on a
checkpoint device a Juniper device and
an AWS security group in the cloud if a
network analysts processing this change
request wishes to understand how al goes
like fire Flo has selected the devices
requiring a change they can review the
results by clicking explore traffic
routes by clicking explore traffic
routes we are presented with the results
of the algo site traffic simulation for
this particular change request we can
see the requested traffic is actually
permitted through the Nexus core
switches in the data center and blocked
on all devices onwards including inside
the AWS security group in the Amazon
Cloud as we've just observed the traffic
is already permitted on the Nexus core
switches algo sex built in already works
connectivity check will automatically
close changes where connectivity is
already functioning in your environment
for all devices in the path this reduces
processing of unnecessary change
requests and eliminates the potential
for Policy bloat on devices typically
large customers will see a 15 to 20
percent reduction in change processing
simply due to changes marked as already
works let's proceed forward by clicking
confirmed devices
on to the next intelligent automation
step the risk check the risk check
enables alga sex customers to
proactively prevent net new risk from
entering the environment the risk check
automatically compares the traffic plan
for implementation against the defined
risk profiles for this relevant devices
risk profiles which support the risk
check can be tailored to your
organization's specific network security
guidance allowing for infinite
combinations of required security
governance traditionally the risk check
is also the first area customers will
begin to adopt algo sex zero-touch
strategy alga sex zero touch
functionality allows any intelligent
step in this workflow to occur without
human interaction if desired drastically
speeding up change delivery for business
owners for example if your organization
is processing a hundred trains requests
a week
it makes far more sense to follow deeply
on the 10% which introduced tangible
risk versus all 100 less thoroughly
thereby the risk check can be configured
in a zero touch manner to automatically
move changes forward where no risk is
introduced let's move forward to the
next intelligent step the work order the
work order is where alga select-fire
flow begins to translate our requested
traffic into security policies to be
implemented on devices the work order
aims to design the most efficient method
of implementing policies this may
involve reuse of existing objects
modification of existing rules or
creating new rules and objects this
logic maintains the overall policy
optimization of the device and factors
in least privileged access as we now
have to find policy to be implemented on
each device
Alco select active change technology can
take over and implement these policies
on devices requiring a change active
change technology is unique to algo SEC
and allows us to provide end-to-end zero
touch automation if your organization
desires customers can choose to stage or
fully commit policy changes to devices
depending on their comfort level and
goals for automation a single action can
implement policy across multiple devices
which may be entirely different brands
of devices active change can also be
configured to push policy during
specific device change windows if
desired
now that the policies have been
implemented on devices we can move
forward to smart validation smarter
validation should be
as automated peer review allowing
implementation engineers to be confident
that their changes are implemented and
the business can proceed without delay
under normal circumstances smart
validation occurs entirely without human
interaction and implementation engineers
are notified only if there is an issue
but for the purposes of our demo today I
will show you the granularity of this
feature in detail we can observe the
policy was successfully implemented on
our checkpoint device but failed
elsewhere this information can quickly
allow an implementation engineer to make
the necessary Corrections before the
change window ends driving change faster
for the business by clicking resolve the
change request is completed and now
auditable in fire flow let's continue by
reviewing search by rule which supports
the next key tenant of the change
lifecycle audit
