Policies are created on the fly in case of a new server is added to the existing application landscape. AutoNSX picks it up apply the necessary tag or membership belonging to a parent group. This approach gave truly synchronized automated micro-segmentation.
This is a very good step of creating and updating policies, but how the application owner will know what exactly is enforced and how an application that is part of their responsibility is segmented? With AutoNSX human errors are reduced to zero but what if they identified small errors or holes during the implementation and hackers can use those breaching.
The AutoNSX solution gives the ability to application owner to be in control:
- Dedicated view/ dashboard with all rules and security groups applied
- Dedicated view on how many interactions of segmentation happened
- Dedicated view on the last updates or changes in the application security module
- Dedicated view on who and when the last update happened
- Dedicated option of adding /rules that do not conflict with globally defined security modelling (Under technical verification)
Application security self-healing, is that possible?
A new application is deployed and CMDB is updated. AutoNSX can automatically detect new applications or track changes in the application landscape and provision required firewall rules in a controlled fashion. Where user can defined desired behaviour of updates, including: alarm an update but not implement changes, implement changes in the period of time, immediately implement changes