Sharing Network Security Information with the Wider IT Community With Team Collaboration Tools

Prof Wool: Firewall Management 201 | Sharing Network Security Information with the Wider IT Community With Team Collaboration Tools Subscribe

Firewall Management 201: Lesson 18

Collaboration tools such as Slack provide a convenient way to have group discussions and complete collaborative business tasks. Now, these automated chatbots can be used for answering questions and handling tasks for development, IT and infosecurity teams.

For example, enterprises can use chatbots to automate information-sharing across silos, such as between IT and application owners. So rather than having to call somebody and ask them “Is that system up? What happened to my security change request?” and so on, tracking helpdesk issues and the status of help requests can become much more accessible and responsive. Chatbots also make access to siloed resources more democratic and more widely available across the organization (subject, of course to the necessary access rights).

In this video, Prof. Wool discusses how automated chatbots can be used to help a wide range of users for their security policy management tasks – thereby improving service to stakeholders and helping to accelerate security policy change processes across the enterprise.

Learn more about AlgoSec at http://www.algosec.com and read Professor Wool's blog posts at http://blog.algosec.com

View transcript

hello I'm professor wool today we'll discuss how to share Network security information with a wider IT community using team collaboration tools so imagine we have an organization that has a sophisticated network security policy management system and an SPM that is connected to the security infrastructure it connects to the routers firewalls and is able to simulate the traffic and respond to queries such as is traffic allowed from point A to point B using some protocol and the system would simulate the traffic and provide the answer where the traffic is allowed or not this this type of system is usually owned by people with the appropriate credentials typically in the security organization and so they have access to this type of capability however there are other people in the organization that might have might benefit from the access imagine you have a team collaboration tool at your disposal and the IT operations people use it to troubleshoot problems in a network so imagine user Jayne logging on to this channel and saying the training system is down I bet it's the firewall a typical suspicion maybe somebody missed configure the firewall and broke something so user David jumps in and says let me check how would they would check well David is not part of the security team David does not have access to this system so he needs to contact his colleagues that do have access so he would either send them an email call him on the phone and ask is is this traffic allowed or not assuming he can get the right person to respond quickly that person would use the NS p.m. use the user interface type in the requested query the system comes back the answer let's say that the traffic is allowed and then David reports back to his colleagues and moves on and this is all fine and good except that there are two humans in the loop here and it might take them a little bit of time to react maybe they're not at their desk who knows so the process can be streamlined well user Jill jumps in and says well it's 2018 never mind all those old phone technologies and types in the question hey bot is HTTP allowed from this address to that address what's this bot thing well a good and SPM exposes an API that is able to run these queries automatically and provide the answers in machine readable form and it's possible to build a bot that runs inside the channel an automatic bot that responds to this English language question uses the API to run the traffic simulation query we get the result back and format the output inside the channel in clearly understandable terms here it says yes traffic is allowed so user Jane our suspicious user to begin with can say ok so it's not the firewalls fault it's something else maybe it's the database maybe it's something else and so the troubleshooting scenario continues to resolution what what is the point here the point is that using this API and exposing the capabilities of the NSP m2 box running inside the collaboration channel the same information that was retrieved using manual human reliant methods is now made available through an API call almost instantaneously without waiting for the person on the other end to react so the whole procedure of troubleshooting becomes much much faster and I leave it to your imagination to think about other types of scenarios in such a channel you will benefit from having access to such Network simulation capabilities to achieve some other tasks that a team needs to address thank you for your attention

Videos

Prof Wool: Firewall Management 201 | Sharing Network Security Information with the Wider IT Community With Team Collaboration Tools Subscribe

Related videos

Lesson 15: How to Synchronize Object Management with a CMDB

Lesson 16: How to Take Control of a Firewall Migration...

Lesson 14: Synchronized Object Management in a...

Lesson 12: Managing Your Security Policy for Disaster...