What's New in ASMS A33.00
Release date: July 2024
We are excited to present AlgoSec ASMS A33.00 including a seamless in-place upgrade to Rocky Linux 8 OS and a number of strategic enhancements. It ensures robust and adaptive network security management, aligned with the rapid pace of today's digital transformation.
Here are the outstanding highlights of this latest release:
Mapping of Hybrid-Cloud Apps
-
AI-driven application discovery: Facilitates your transition to an app-centric approach in your hybrid-cloud environment by using advanced AI to discover and identify running business applications.
-
Application creation in FireFlow Links change requests with applications from AppViz, enhancing efficiency and ensuring alignment between requested changes and corresponding applications.
Better Visibility Across Complex Hybrid Networks
Reduce Risk Exposure and Minimize Attack Surface
-
Automated Creation of Change Requests for Rule Tightening: Refine your security policies with automated requests created directly from the Tighten Permissive Rules report.
Intelligent and Automated Application Connectivity Change
-
FireFlow support for Azure FW FireFlow can now recommend adding or modifying existing Azure Firewall rules to accommodate the requested traffic.
-
-
Checkpoint Application Awareness: Create tickets with seamless Check Point application integration and receive detailed service and application insights in FireFlow's work order view.
-
Security Zones Support for Check Point R80.10+: When Admins segment networks by assigning interfaces to defined zones like internal, DMZ, or external on the device, AFA can now detect these in the policy rules.
-
And now for the details:
Security Estate Visibility
Automated Creation of Change Requests for Rule Tightening
Now you can automate refining your policy, straight from the Tighten Permissive Rules report. Select from rules that are identified as too wide and permissive or rules which contain sparsely used and unused objects. All you need to do is review suggested changes and approve. See Refining Rules via the Intelligent Policy Tuner.
Interface Enhancements
-
Improved user interface for TSQ results
The TSQ Results user interface has been revamped, featuring an updated form that now supports an expanded, full-screen map view for enhanced visualization. See Run traffic simulation queries.
-
New onboarding screens for select device brands
Introducing a revamped onboarding user interface designed for select brands, now featuring enhancements for device onboarding and editing processes. This update includes the added capability to bulk update child devices directly through their management devices, streamlining operations and enhancing efficiency. For Panorama, Arista, Cisco Firepower, Cisco Meraki, Juniper Space, Panorama Prisma, Versa, NSX-T. See Manage devices.
-
Device tree context menu: This early availability feature allows you to make frequently used actions more accessible. You can perform key operations quickly and efficiently straight from the Device Tree, reducing the need for multiple clicks and improving overall navigation comfort. See Device tree context menu.
Compliance Reports
We've updated the ASD-ISM Compliance Report to the March 2023 version.
Platform
Upgrade to Rocky 8 OS
We're excited announce a strategic operating system upgrade from CentOS to Rocky 8 in ASMS version A33.00. This transition facilitates a smooth in-place repository conversion, ensuring system integrity and continuity. Enhanced by robust cloud infrastructure support from AWS and GCP, and reinforced by FIPS 140-3 certification, ASMS A33.00 with Rocky 8 delivers advanced security and performance, tailored for both cloud and AlgoSec's certified hardware appliances. The upgrade path to A33.00 is from the latest hotfix A32.60 build (A32.60.310-143 or above). Make sure to review the prerequisites for A33.00. See Upgrade prerequisites.
Enhanced audit logs for Roles, Risk Profile and Users
We've enhanced the audit capabilities in ASMS A33.00 with a new category of audit logs specifically designed to capture user-initiated changes. This important update includes logs for user login and logout activities, configurations of users and roles, and modifications to risk profiles. See Audit Logs.
New APIs in A33.00
Firewall Analyzer APIs:
FireFlow APIs:
Devices & Orchestration
Check Point
Application awareness for Check Point R80+: Create tickets with seamless CKP application integration and receive detailed service and application insights in FireFlow's work order view. Quickly identify default services by hovering over the 'Application-default' column, making for a smoother change management workflow. See Application awareness support for Check Point R80+.
Security Zones Support for Check Point R80.10+: ASMS version A33.00 enhances network management with support for Security Zones on Check Point R80.10+ devices. When Admins segment networks by assigning interfaces to defined zones like internal, DMZ, or external on the device, AFA can now detect these in the policy rules. An interface is exclusive to one Security Zone, yet a zone can be assigned to several interfaces for versatile segmentation.
NSX-T Gateway Firewall visibility
ASMS A33.00 now supports NSX-T Gateway Firewalls. See Device tree display of NSX-T.
Application Connectivity
Application creation in FireFlow
The new AppViz Application Name field in FireFlow Basic Change Requests allows you to easily link change requests with applications from AppViz. This integration streamlines the change management process, enhancing efficiency and ensuring alignment between requested changes and corresponding applications. From the field you can select an existing application from AppViz or add a new one to AppViz.
-
For an existing application, modifications will affect its related flows within AppViz.
-
For a newly created application, it becomes accessible for use in AppViz flows.
AI-driven application discovery
Introducing a new AI-driven feature designed to enhance the application discovery process and simplify how you can onboard applications to AppViz. This advanced feature suggest applications from a variety of sources for onboarding into your system, making the discovery process faster and more intelligent.
In this first phase, AppViz detects potential applications from FireFlow change requests offering these findings for your consideration. Further sources will be added in the future. See AI-Driven Application Discovery in AppViz.
Cloud
Azure Load Balancer support
Azure Load Balancer is now supported within ASMS. View Azure Load Balancers directly in the ASMS device tree and network map. Requires integrating ASMS with AlgoSec Cloud. See Enable AlgoSec Cloud - ASMS integration (optional).
FireFlow support for Azure FW
The Azure Firewall Workorder streamlines rule management by recommending on rules additions and modifications. It includes details on Rule Collection and Rule Collection Groups and supports network-based rules.
Google Cloud Platform Map and Traffic Path (EA)
AlgoSec already supports visibility and risks calculations for Google Cloud Projects. In this Early Availability feature, additional ASMS capabilities include:
-
Google Cloud Platform Map
-
Traffic Path
See Google Cloud Map and Traffic Path.
AlgoSec Cloud and ASMS Unified onboarding for AWS
Now, using this Early Availability feature, you can seamlessly onboard AWS accounts to both AlgoSec Cloud and ASMS simultaneously. Once you add accounts to AlgoSec Cloud, they will automatically be onboarded to ASMS. See Onboard AWS accounts to both AlgoSec Cloud and ASMS simultaneously.