cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Application Dependency Mapping: Security and Ongoing ADM

Level 10

Application Dependency Mapping: Security and Ongoing ADM

Well, here we are. Finally, on the last post of this series. If you have not been following along, you can find the previous posts: part one, part two, part three, part four, and part five. And, if you have been following along, I hope you have found at least something useful along the way. And for those who have left comments, I really appreciate the feedback.

So, let’s get this moving and close this series out.

Implementing Security Based on ADM

In the previous post, we briefly touched on security and I mentioned that I would save that for this post. And that is exactly what we will discuss right now. You may wonder why I saved security for this post rather than the previous one. I felt that because at least in most of my experience when dealing with ADM, the applications are the focus and security is generally not part of this, which led me to separating out the two between posts.

As mentioned, security is a critical component to ADM. The ideal scenario after mapping our application dependencies would be to secure communications to everything else not required for our application to function. By doing so, we can minimize the potential for any vulnerabilities which may affect our application. Now if you recall, in the last post, we also mentioned that if your ADM solution could create profiles and model the data collected, we could benefit from these when implementing our security profiles. Having the ability to model a security profile based on our application mappings, we can ensure that our application continues to function. If we were to apply a profile that affected our application, we could easily restore to a previous profile that was functional. By having these capabilities centralized we can easily manage our environment in a very holistic view. To elaborate on this, we mentioned in an earlier post that many ADM solutions require a host level agent to be installed. By using these agents, host level firewall capabilities can be managed by your ADM solution. For example, Windows firewall for Windows hosts and IPTables for Linux hosts. By doing this, we can manage security at the host level rather than at the edge.

Additionally, some ADM solutions may also provide reporting capabilities that show any high security vulnerabilities and patches that may be required to maintain our security posture required. This is a huge benefit to your security organization.

Not Just Once But Ongoing (ADM)

After you have successfully mapped out your applications dependencies and implemented a security policy if that is a requirement, ongoing ADM discoveries should be performed regularly. By doing so, we can ensure that if anything has changed, the proper measures can be taken. This will also ensure that using a new toolset to get our dependencies does not end up turning into the previous methods of tracking them in spreadsheets that become outdated relatively quickly.

Conclusion Of Series

Throughout this series, we have covered a lot of ground. The majority of what we covered was based around Application Performance Monitoring, but we also touched on Application Dependency Mapping along with security. I am hopeful that these topics have been useful, not only in being something potentially new, but also additional perspectives of possibilities that can be achieved by using a very efficient solution. I look forward to the comments around these posts to inspire additional conversations and perspectives based on other’s experiences.

13 Comments
Level 14

Thanks for this series. I am sure that we will be revisiting it in the future. 

Level 13

Thanks for the series. It's been interesting and informative.

It seems all like Cisco Tetration to me.  Necessary, incredibly expensive, time-consuming to implement, useful to the Nth degree for troubleshooting and SLA's.

Level 13

Thanks again for this series.  Really good set of posts.

Level 20

Seeing which ports are being used between different parts of the application on the network is pretty important to figuring out how to lock down the application to only the communications paths that it needs to function.

MVP
MVP

There are so many levels to security - getting good baselines and maps is crucial.

I you think that Cisco Tetration is expensive, look at the price of Vmware NSX.

RT

This port information would make it easy to document for BCP.

RT

Level 20

Yep we finally bought into NSX but it took a while because it's really expensive.  It's awesome the way it integrates in with vCenter and vCloud Director.

Level 20

4sure and isn't the TCP/IP port information (between entities) basically the foundation for all that is application functionality and it's security therein?

Good article and good series. Will certainly be referencing this again and again in 2019. Thanks!

Level 12

thanks for the article

MVP
MVP

You bring up security at the host and it's a great point. No longer are the days when you could just firewall at the edge and call it good.