Security Estate Visibility

Automated Creation of Change Requests for Rule Tightening

Now you can automate refining your policy, straight from the Tighten Permissive Rules report. Select from rules that are identified as too wide and permissive or rules which contain sparsely used and unused objects. All you need to do is review suggested changes and approve. See Refining Rules via the Intelligent Policy Tuner.

Interface Enhancements

• Improved user interface for TSQ results

  The TSQ Results user interface has been revamped, featuring an updated form that now supports an expanded, full-screen map view for enhanced visualization. See Run traffic simulation queries.

  

• New onboarding screens for select device brands

  Introducing a revamped onboarding user interface designed for select brands, now featuring enhancements for device onboarding and editing processes. This update includes the added capability to bulk update child devices directly through their management devices, streamlining operations and enhancing efficiency. For Panorama, Arista, Cisco Firepower, Cisco Meraki, Juniper Space, Panorama Prisma, Versa, NSX-T. See Manage devices.

  

• Device tree context menu: This early availability feature allows you to make frequently used actions more accessible. You can perform key operations quickly and efficiently straight from the Device Tree, reducing the need for multiple clicks and improving overall navigation comfort. See Device tree context menu.

  

Compliance Reports

We've updated the ASD-ISM Compliance Report to the March 2023 version.

Platform

Upgrade to Rocky 8 OS

We're excited announce a strategic operating system upgrade from CentOS to Rocky 8 in ASMS version A33.00. This transition facilitates a smooth in-place repository conversion, ensuring system integrity and continuity. Enhanced by robust cloud infrastructure support from AWS and GCP, and reinforced by FIPS 140-3 certification, ASMS A33.00 with Rocky 8 delivers advanced security and performance, tailored for both cloud and AlgoSec's certified hardware appliances. The upgrade path to A33.00 is from the latest hotfix A32.60 build (A32.60.310-143 or above). Make sure to review the prerequisites for A33.00. See Upgrade prerequisites.

Enhanced audit logs for Roles, Risk Profile and Users

We've enhanced the audit capabilities in ASMS A33.00 with a new category of audit logs specifically designed to capture user-initiated changes. This important update includes logs for user login and logout activities, configurations of users and roles, and modifications to risk profiles. See Audit Logs.

New APIs in A33.00

Firewall Analyzer APIs:

• Get a list of user defined risk profiles

• Download Risk Profile File

• Get Risk Profile Data

FireFlow APIs:

• Create Rule Modification Change Request

Devices & Orchestration

Check Point

Application awareness for Check Point R80+: Create tickets with seamless CKP application integration and receive detailed service and application insights in FireFlow's work order view. Quickly identify default services by hovering over the 'Application-default' column, making for a smoother change management workflow. See Application awareness support for Check Point R80+.

Security Zones Support for Check Point R80.10+: ASMS version A33.00 enhances network management with support for Security Zones on Check Point R80.10+ devices. When Admins segment networks by assigning interfaces to defined zones like internal, DMZ, or external on the device, AFA can now detect these in the policy rules. An interface is exclusive to one Security Zone, yet a zone can be assigned to several interfaces for versatile segmentation.

NSX-T Gateway Firewall visibility

ASMS A33.00 now supports NSX-T Gateway Firewalls. See Device tree display of NSX-T.

Application Connectivity

Application creation in FireFlow

The new AppViz Application Name field in FireFlow Basic Change Requests allows you to easily link change requests with applications from AppViz. This integration streamlines the change management process, enhancing efficiency and ensuring alignment between requested changes and corresponding applications. From the field you can select an existing application from AppViz or add a new one to AppViz.

• For an existing application, modifications will affect its related flows within AppViz.

• For a newly created application, it becomes accessible for use in AppViz flows.

See AppViz Application Name.

AI-driven application discovery

Introducing a new AI-driven feature designed to enhance the application discovery process and simplify how you can onboard applications to AppViz. This advanced feature suggest applications from a variety of sources for onboarding into your system, making the discovery process faster and more intelligent.

In this first phase, AppViz detects potential applications from FireFlow change requests offering these findings for your consideration. Further sources will be added in the future. See AI-Driven Application Discovery in AppViz.