Home Industries Save time with Dynamic Attributes for Cisco Secure Firewall

Save time with Dynamic Attributes for Cisco Secure Firewall


With cloud comes complexity

As organizations accelerate their transition to hybrid cloud, multicloud, and other dynamic environments, static security controls are no longer adequate. The shift of applications and the associated security controls within dynamic cloud environments create challenges for firewall teams to keep up with security requirements. Workloads spin up and down faster than traditional security policy change management can accommodate, straining NetOps and SecOps teams with the rapid pace of change and continuous adjustments in a constantly changing environment.

Firewall teams must leverage an open framework that connects dynamic environments and pulls mappings in real-time to keep security policies up-to-date without human intervention.

Policy enforcement as dynamic as your environment

Secure Firewall Threat Defense 7.0 now connects into these dynamic environments, ingesting attributes when added, deleted, and updated, and creates dynamics objects that enforce access control policy. Utilizing a dynamic attribute within a security policy keeps the policy current (near-real-time) without redeploying to reduce the SecOps team’s operational overhead dramatically. Less time is spent scheduling change windows, getting approvals, checking and double-checking object changes, troubleshooting deployments, or worse, spending nights and weekends resolving critical failures.

Introducing the Cisco Secure Dynamic Attributes Connector

As the list of dynamic environments grows to span public and private clouds, running SaaS applications, homegrown apps, and everywhere in between, it increases the complexity and upkeep for organizations. The new Cisco Secure Dynamic Attributes Connector utility addresses the complexity by making API calls to popular environments such as AWS, Azure, VMware NSX-T, and Office 365.

Let’s take a simple example of limiting your development team’s AWS instances access. You can grant them access, but then how do you limit their access to specific workloads? How do you keep up with virtual machines being spun up and down in AWS? With dynamic attributes and our integration utility, Secure Dynamic Attributes Connector, the Firewall Management Center (FMC) can connect directly using the AWS public APIs. This integration enables you to pull down the service tags and categories to populate a dynamic attribute to deploy an IP address, network, or additional fields (port and protocol in the future) within the access control policy. Then, just like a well-known rotisserie from years ago, you set it and forget it.

Dynamic attributes architecture overview

We will continue to expand on integration capabilities and would love to hear your feedback on what to add. Don’t see a dynamic attribute you need today? Have a propriety application that could leverage a dynamic attribute? If so, you are in luck! Cisco built dynamic attributes using a Push and Pull REST API framework so customers and partners can build integrators without being tied to the firewall release cycle.

To learn more about Cisco Secure Dynamic Attributes Connector and dynamic attributes for Cisco Secure Firewall, please see the additional resource section below.

Additional resources

Cisco Secure Dynamic Attributes Connector

Dynamic Objects Configuration Guide for Firewall Management Center (FMC)

API Guide


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Share:





Source link

RELATED ARTICLES

Cisco Talos Intelligence Group – Comprehensive Threat Intelligence: Threat Roundup for October 15 to October 22

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 15 and Oct. 22. As with previous roundups, this post...

CIS CSAT Pro v1.7: CIS Controls v8 Assessment and More

The CIS Controls Self Assessment Tool (CIS CSAT) allows organizations to perform assessments on their implementation of the CIS Critical Security Controls (CIS...

Most Popular

‘Critical Severity’ Warning for Malware Embedded in Popular JavaScript Library

Security responders are scrambling this weekend to assess the damage from crypto-mining malware embedded in an npm package (JavaScript library) that counts close...

Popular NPM Package Hijacked to Publish Crypto-mining Malware

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining malware embedded in "UAParser.js," a popular JavaScript NPM library with over...

Recent Comments