Dr. Avishai Wool: When you can run a ‘what if’ simulation, you can check for potential problems and also evaluate how that migration might affect the network’s risk management profile.”Imagine a building with many entrances,” says Dr. Avishai Wool, founder …
He leans closer and his eyes widen. “But who is watching the guards? Who is making sure the guards are doing their jobs properly, making sure unwelcome intruders are kept outside, but those authorized may pass freely?”
In this scenario, he explains, the computer with the sensitive data is the building, the guards are the network firewalls, and AlgoSec software oversees, audits, logs and manages the entire network security process. It sounds simple and straightforward, but it’s crucial, and margins for error are slim. In a world that depends on networked computers working in sync, a single parameter out of alignment could create a major security breach, or, just as damaging, create costly service outages.
Like fastening your seatbelt in most jurisdictions, database security is not just a good idea: it’s also the law. Since the advent of the Internet age, numerous regulations and laws have been put on the books worldwide to require companies that handle sensitive data over a network to protect themselves at determined industry compliance standards.
The standards go by many mysterious and little-known names and forms: SOX, PCI-DSS, ISO 177799, ISO 27001, HIPAA, FISMA, IAVA, CIP, Basel II and NIST 800-41.
Not only must companies meet their applicable compliance standards at all times, over sprawling networks maintained by an ever-changing cast of IT professionals, they have to keep records to prove it.
For AlgoSec and its competitors, the challenges, says Wool, are numerous and complex. First of all, firewalls are not uniform and monolithic. They take different forms in their various incarnations from several leading manufacturers, such as the Israel-based Check Point, Cisco and Juniper Networks.
Second, the larger the network, the larger the headache. A large company may have a large number of firewalls employed, and every change to one firewall must be applied across the boards. Not only is that impractical to execute manually from a labor and time standpoint, Wool says, it also inevitably leads to mistakes created by human error, and these mistakes require even more time to diagnose and fix.
AlgoSec is the culmination of a research project initiated in 1998 by a Bell Labs’ team headed by Wool. The initial task of the project was to explore further ways to identify risks embedded in complex firewall policies. The team quickly realized that a large firewall’s rule set was maddeningly complex and theorized that once a firewall policy takes up more than one screen, the human brain can no longer understand the overall logic that is being applied to the firewall.
It became clear that a product that could analyze any type of traffic that the firewall encounters and highlights all the risks for that firewall policy, would be of significant help in locating security lapses and vulnerabilities. The large number of possible combinations of packets that constitute potential network penetration threats make it impossible to conduct a comprehensive analysis by scanning techniques. Wool’s team achieved a breakthrough, using a patented technique, which permits analysis of all penetration possibilities, usually within minutes.
AlgoSec’s newest product, the Firewall Analyzer for Server IP Migration, adds a new exclusive feature to the software soup: the ability to perform a hypothetical server migration, off-line, that enables technicians to unearth and repair potential errors before they ever see the light of day.
That, says Wool, will help those same technicians from having to be woken in the middle of the night to solve server migration problems.
“I’ve talked to innumerable IT technicians over the years and heard all the ‘war stories’. One person had to remain at work throughout the night when the server went down. Another one got called in from his vacation to correct a new problem that cropped up,” Wool told ISRAEL21c.
Emergencies such as these could have been avoided if the technology had been available to test new firewall configurations before they are taken on-line. Algosec now provides such technology, Wool says. The company calls it ‘what if?’
“When you can run a ‘what if’ simulation, you can check for potential problems and also evaluate how that migration might affect the network’s risk management profile,” he says.
Prior to co-founding AlgoSec, Wool co-founded Lumeta Corporation in 2000 where he was responsible for transforming the Firewall Analyzer technology from the Bell Labs research prototype he pioneered into a commercial product. Under his guidance, the technology was developed into providing support for the market-leading firewalls, and was used by Fortune 500 enterprises and security consultants to analyze their firewall configurations.
An associate professor in the School of Electrical Engineering at Tel Aviv University, Wool says firewalls have developed the reputation of having their own brand of “artificial intelligence,” in the way that they have come to be seen as notoriously unpredictable. “You can never tell how a firewall is going to respond to changes in settings and policies without actually running a simulation,” he says.
In a perfect world, Wool says, there would be no need for AlgoSec’s products. Multiple firewalls would be simple to adjust and maintain, provide infallible security and self-adjust themselves to new standards and industry practices.
However, in the real world, AlgoSec’s firewall utilities are invaluable tools for the industry. Without them, he says, management of multiple firewalls would soon become untenable, and it would be impossible to trace back errors to their source.
“Where there is today order and answerability, there would be chaos and a total lack of accountability.”