What's New in ASMS A32.20

Release date: May 2022

 

Welcome to AlgoSec Security Management Suite (ASMS) version A32.20. This latest release further extends application connectivity visibility into the multicloud and across the entire hybrid environment.

Highlights of A32.20 include support for new devices like PAN Prisma Access (in EA) , risks for GCP, and extended support for NSX-T in AWS (in EA) .

There are also some nice new features for PAN Panorama devices: Support for URL Categories and now you can push rules to all Device Group levels.

We've also updated these compliance reports:

  • MAS-TRM
  • NIST 800-53v5

Application Connectivity

AppViz | Application flows: Enhanced filtering capabilities

Now you can define additional fields to filter application flows like Custom Fields and Network Application and Network User filters. See Filtering Flows.

Security Estate Visibility

Advanced Policy Search

New simplified syntax allows complex queries using OR and NOT operators. The search can include object content too. see Advanced Policy Search.

TSQ | Query Visualizer

The Query Visualizer helps you to better understand your network routing. You can set the TSQ map to show additional paths that were found, but disqualified. See Query Visualizer.

Policy & Compliance

We’ve updated these compliance reports:

  • Monetary Authority of Singapore-Technology Risk Management (MAS-TRM) Compliance update (Revision Jan 2021).
  • NIST 800-53v5 Compliance update (security and privacy controls for all US Federal information).

Cloud

GCP | Risk

ASMS now supports GCP Project policy visibility and risks for Google Cloud added in AlgoSec Cloud. See GCP (Google Cloud Platform) projects in AFA.

Microsoft Azure | Visibility of Policies with no VMs

AWS | Visibility of Polices with no EC2s

Enterprise Grade

ASMS Integration with AlgoSec Cloud and ObjectFlow via Proxy

New connectivity through a proxy improves ASMS integration with: AlgoSec Cloud, ObjectFlow, ASMS integration to SaaS services.

New APIs in A32.20

URL Category APIs (for Panorama devices)

Advanced policy search APIs

Bulk update keys of AWS cloud accounts

Devices & Orchestration

Check Point R8X Layers Now GA

Now in A32.20, ASMS supports Risk analysis and Traffic Simulation Query for Inline and Ordered Layers. Also, FireFlow supports ActiveChange for Inline and Ordered Layers. See Check Point layers behavior.

Cisco Firepower

Applications support

ASMS now supports application visibility and changes. We've added new applications-related risks and support for applications as part of TSQ.

FMC Support for SGT

ASMS now supports Security Group Tag objects.

Cisco ACI | Shared Services

Route Leaking & Export and Import Contracts

ASMS provides support for connectivity between VRFs in the same tenant and in different tenants, and between VRFs in a common tenant and other tenants, including support for automation in FireFlow. For this we've added three new contract types in the Policy tab:

  • Inter-VRF contract
  • imported contract
  • Not formed contract

See Supported contract scopes.

Cisco Meraki | Improvements GA

Support for visibility (in Policies and TSQ) in General Availability.

Palo Alto Networks

Panorama | URL Category Support

ASMS now supports visibility for URL Categories in TSQ, risks & policy optimization reports.

In FireFlow, you can create a ticket using panorama URL categories, implement the ticket, run ActiveChange and validate the results. See Working with Panorama URL Categories.

Panorama | Device Group Hierarchy

Now you can fully utilize Device Group hierarchy when creating a new traffic request rule. You can push rules to all Device group levels: By selecting upwards in the hierarchy, you can propagate rules to Device Groups below. You can create manually or automate the Device Group selection using hooks. See Palo Alto Networks Panorama devices and SelectPolicyForDevices.

Prisma Access visibility EA

ASMS now supports Prisma Access visibility for remote networks and service connections (in changes, TSQ and risks).

VMware NSX-T on AWS (in EA)

Now you can onboard an NSX-T deployed on AWS. See Support for NSX-T deployed on AWS (VMC).

Arista VRRP support (in EA)

AFA now supports Arista's VRRP cluster.