Service Composer helps you consume security services with ease.

Let us walk through an example to show how Service Composer helps you protect your network end-to-end. Let us say you have the followings security policies defined in your environment:

  • An initial state security policy that includes a vulnerability scanning service (InitStatePolicy)

  • A remediation security policy that includes a network IPS service in addition to firewall rules and an anti-virus service (RemPolicy)

Ensure that the RemPolicy has higher weight (precedence) than InitStatePolicy.

You also have the followings security groups in place:

  • An applications assets group that includes the business critical applications in your environment (AssetGroup)

  • A remediation security group defined by a tag that indicates the virtual machine is vulnerable (VULNERABILITY_MGMT.VulnerabilityFound.threat=medium) named RemGroup

You now map the InitStatePolicy to AssetGroup to protect all business critical applications in your environment. You also map RemPolicy to RemGroup to protect vulnerable virtual machines.

When you initiate a vulnerability scan, all virtual machines in AssetGroup are scanned. If the scan identifies a virtual machine with a vulnerability, it applies the VULNERABILITY_MGMT.VulnerabilityFound.threat=medium tag to the virtual machine.

Service Composer instantly adds this tagged virtual machine to RemGroup, where a network IPS solution is already in place to protect this vulnerable virtual machine.

Figure 1. Service Composer in action
workflow

This topic will now take you through the steps required to consume the security services offered by Service Composer.