Cryptographically Isolated Virtual Networks
Size: px
Start display at page:

Download "Cryptographically Isolated Virtual Networks"

Transcription

1 Cryptographically Isolated Virtual Networks A Community of Interest Approach SecTor 2013 Rob Johnson, Distinguished Engineer Unisys

2 Agenda Who am I? What is the issue? What are Secure COIs? How do Secure COIs work? How do Secure COIs help? What did I say? 2013 Unisys Corporation All rights reserved Page 2

3 Crypto COIs Who Am I? Rob Johnson, Distinguished Engineer, Unisys 32 years with Unisys about average for Unisys engineers Same company, different jobs Current Jobs Chief Architect Unisys Stealth program Security Architect, Unisys Secure Private Cloud program Security Architect, Unisys Forward! program What I do Architecture Products, services, solutions, protocols, design analysis, Evangelism Conferences, customers, whitepapers, 2013 Unisys Corporation All rights reserved Page 3

4 Crypto COIs What Is The Issue? Competing Trends Networks are getting fewer and flatter 2013 Unisys Corporation All rights reserved Page 4

5 Crypto COIs What Is The Issue? Competing Trends Networks are getting fewer and flatter Regulations are getting more numerous and tighter 2013 Unisys Corporation All rights reserved Page 5

6 Crypto COIs What Is The Issue? Competing Trends Networks are getting fewer and flatter Regulations are getting more numerous and tighter Technology Outruns Bureaucracy 2013 Unisys Corporation All rights reserved Page 6

7 Crypto COIs What Is The Issue? Maybe the World Really Is Flat! LANs => VLANs Hardware Switches => vswitches VLANs => SDNs (Software Defined Networks) vswitches => Clouds IPv4 => IPv6 PSTN => VoIP BYOD Remote access from unmanaged PCs Employee laptops inside the firewall Phones and Tablets Mobile malware grew by 614% % of BYOD enterprises have had a BYOD-related data breach 2 1: Juniper Networks 2: Decisive Analytics 2013 Unisys Corporation All rights reserved Page 7

8 Crypto COIs What Is The Issue? Private Information Must Be Protected Personally Identifiable Information (PII) Personal financial information (PCI DSS) Corporate financial information (US: SOX) Healthcare information (US: HIPPA) Governmental information (US: FISMA/FedRAMP) Data jurisdictions Regulations Are Similar, But Different Isolation of in-scope systems Segmentation of networks connecting in-scope systems Traditional: Physical Emerging: Cryptographic 2013 Unisys Corporation All rights reserved Page 8

9 Secure COIs What Are They? Community of Interest (COI) Members of a COI can communicate with each other 2013 Unisys Corporation All rights reserved Page 9

10 Secure COIs What Are They? Community of Interest (COI) Members of a COI can communicate with each other Non-members can not communicate with members (unless explicitly allowed) 2013 Unisys Corporation All rights reserved Page 10

11 Secure COIs What Are They? Community of Interest (COI) Members of a COI can communicate with each other Non-members can not communicate with members (unless explicitly allowed) Network Virtualization Cryptographically enforced 2013 Unisys Corporation All rights reserved Page 11

12 Secure COIs What Are They? Community of Interest (COI) Members of a COI can communicate with each other Non-members can not communicate with members (unless explicitly allowed) Network Virtualization Cryptographically enforced Topology agnostic 2013 Unisys Corporation All rights reserved Page 12

13 Secure COIs What Are They? Community of Interest (COI) Members of a COI can communicate with each other Non-members can not communicate with members (unless explicitly allowed) Network Virtualization Cryptographically enforced Topology agnostic Identity-Based Users authorized as COI members My set of COIs defines my virtual network 2013 Unisys Corporation All rights reserved Page 13

14 Secure COIs What Are They? Dynamic Mesh of Secure Endpoints Point-to-point tunnels Pre-tunnel COI membership agreement FIPS (or local equivalent) cryptography Protocols Multi-factor user authentication Secure user COI authorization Network tunneling protocol Standard IPsec Pre-IKE COI agreement protocol Proprietary 2013 Unisys Corporation All rights reserved Page 14

15 Secure COIs How Do They Work? Alice Logs Onto Client-1 Alice s credentials are authenticated Alice s Role is determined Alice s membership in COI-A is authorized Id Mgmt Svr 2013 Unisys Corporation All rights reserved Page 15

16 Secure COIs How Do They Work? Alice Logs Onto Client-1 Alice s credentials are authenticated Alice s Role is determined Alice s membership in COI-A is authorized Alice Browses to Server-A, which is also a member of COI-A COI-A holds traffic until a point-to-point tunnel is established Server-A Id Mgmt Svr 2013 Unisys Corporation All rights reserved Page 16

17 Secure COIs How Do They Work? Alice Logs Onto Client-1 Alice s credentials are authenticated Alice s Role is determined Alice s membership in COI-A is authorized Alice Browses to Server-A, which is also a member of COI-A Id Mgmt Svr Server-A COI-A holds traffic until a point-to-point tunnel is established Client-1 securely advertises COI-A membership 2013 Unisys Corporation All rights reserved Page 17

18 Secure COIs How Do They Work? Alice Logs Onto Client-1 Alice s credentials are authenticated Alice s Role is determined Alice s membership in COI-A is authorized Alice Browses to Server-A, which is also a member of COI-A Id Mgmt Svr Server-A COI-A holds traffic until a point-to-point tunnel is established Client-1 securely advertises COI-A membership Server-A accepts COI-A and returns ECDH key 2013 Unisys Corporation All rights reserved Page 18

19 Secure COIs How Do They Work? Alice Logs Onto Client-1 Alice s credentials are authenticated Alice s Role is determined Alice s membership in COI-A is authorized Alice Browses to Server-A, which is also a member of COI-A Server-A COI-A holds traffic until a point-to-point tunnel is established Client-1 securely advertises COI-A membership Server-A accepts COI-A and returns ECDH key Id Mgmt Svr Client-1 validates Server-A s key and sends back its ECDH key 2013 Unisys Corporation All rights reserved Page 19

20 Secure COIs How Do They Work? Alice Logs Onto Client-1 Alice s credentials are authenticated Alice s Role is determined Alice s membership in COI-A is authorized Alice Browses to Server-A, which is also a member of COI-A Server-A COI-A holds traffic until a point-to-point tunnel is established Client-1 securely advertises COI-A membership Server-A accepts COI-A and returns ECDH key Id Mgmt Svr Client-1 validates Server-A s key and sends back its ECDH key Server-A and Client-1 have agreed on a shared secret which they use to establish an IPsec tunnel 2013 Unisys Corporation All rights reserved Page 20

21 Secure COIs How Do They Work? Alice Logs Onto Client-1 Alice s credentials are authenticated Alice s Role is determined Alice s membership in COI-A is authorized Alice Browses to Server-A, which is also a member of COI-A Server-A COI-A holds traffic until a point-to-point tunnel is established Client-1 securely advertises COI-A membership Server-A accepts COI-A and returns ECDH key Id Mgmt Svr Client-1 validates Server-A s key and sends back its ECDH key Server-A and Client-1 have agreed on a shared secret which they use to establish an IPsec tunnel Traffic between Client-1 and Server-A flows through the IPsec tunnel 2013 Unisys Corporation All rights reserved Page 21

22 Secure COIs How Do They Work? Alice Logs Off Client-1 Tunnel to Server-A is terminated Alice s COI membership is forgotten Id Mgmt Svr Server-A 2013 Unisys Corporation All rights reserved Page 22

23 Secure COIs How Do They Work? Alice Logs Off Client-1 Tunnel to Server-A is terminated Alice s COI membership is forgotten Bob Logs Onto Client-1 Bob s credentials are authenticated Bob s Role is determined Bob s membership in COI-B is authorized Id Mgmt Svr 2013 Unisys Corporation All rights reserved Page 23

24 Secure COIs How Do They Work? Alice Logs Off Client-1 Tunnel to Server-A is terminated Alice s COI membership is forgotten Bob Logs Onto Client-1 Bob s credentials are authenticated Bob s Role is determined Bob s membership in COI-B is authorized Server-A Id Mgmt Svr Bob Browses to Server-A, which is not a member of COI-B COI-B holds traffic until a point-to-point tunnel is established 2013 Unisys Corporation All rights reserved Page 24

25 Secure COIs How Do They Work? Alice Logs Off Client-1 Tunnel to Server-A is terminated Alice s COI membership is forgotten Bob Logs Onto Client-1 Bob s credentials are authenticated Bob s Role is determined Bob s membership in COI-B is authorized Server-A Id Mgmt Svr Bob Browses to Server-A, which is not a member of COI-B COI-B holds traffic until a point-to-point tunnel is established Client-1 securely advertises COI-B membership 2013 Unisys Corporation All rights reserved Page 25

26 Secure COIs How Do They Work? Alice Logs Off Client-1 Tunnel to Server-A is terminated Alice s COI membership is forgotten Bob Logs Onto Client-1 Bob s credentials are authenticated Bob s Role is determined Bob s membership in COI-B is authorized Server-A Id Mgmt Svr Bob Browses to Server-A, which is not a member of COI-B COI-B holds traffic until a point-to-point tunnel is established Client-1 securely advertises COI-B membership Server-A rejects COI-B and siliently drops Client-1 s request 2013 Unisys Corporation All rights reserved Page 26

27 Secure COIs How Do They Work? Alice Logs Off Client-1 Tunnel to Server-A is terminated Alice s COI membership is forgotten Bob Logs Onto Client-1 Bob s credentials are authenticated Bob s Role is determined Bob s membership in COI-B is authorized Server-A Id Mgmt Svr Bob Browses to Server-A, which is not a member of COI-B COI-B holds traffic until a point-to-point tunnel is established Client-1 securely advertises COI-B membership Server-A rejects COI-B and siliently drops Client-1 s request Client-1 times out the request and discards traffic to Server-A 2013 Unisys Corporation All rights reserved Page 27

28 Secure COIs How Do They Help? Identity-Based Network Virtualization COIs grouped into Roles for access control Managed through IdMS No network infrastructure changes Regulatory Compliance Identity-based authentication Separation of duties Role-based authorization Network traffic is encrypted In-scope resources are segregated, maybe Dark Endpoints No access allowed from outside COI Mitigates malware exposure, including from BYOD devices 2013 Unisys Corporation All rights reserved Page 28

29 Secure COIs Summary Two Colliding Trends Flattening/virtualization of networks Increasingly tight security controls 2013 Unisys Corporation All rights reserved Page 29

30 Secure COIs Summary Two Colliding Trends Flattening/virtualization of networks Increasingly tight security controls Secure COIs Identity/Role-based COI membership, ie access control Isolation/segregation of critical resources Cryptographically enforced dynamic mesh 2013 Unisys Corporation All rights reserved Page 30

31 Cryptographically Isolated Virtual Networks A Community of Interest Approach Questions? Contact: Rob Johnson RobertJohnson@unisyscom 2013 Unisys Corporation All rights reserved Page 31

Similar documents

Cloud Customer Architecture for Securing Workloads on Cloud Services

Cloud Customer Architecture for Securing Workloads on Cloud Services Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,

More information

Consolidated Hygiene and Encryption Service E-Hub. Slide 1

Consolidated Hygiene and Encryption Service E-Hub. Slide 1 Consolidated Email Hygiene and Encryption Service E-Hub Slide 1 Agenda E-Hub Service Overview E-Hub Benefits & Features E-Hub Rates and Implementation Microsoft FOPE Overview Demo Questions Slide 2 2 OTECH

More information

Choosing the level that works for you!

Choosing the level that works for you! The Encryption Pyramid: Choosing the level that works for you! Eysha S. Powers eysha@us.ibm.com IBM, Enterprise Cryptography Extensive use of encryption is one of the most impactful ways to help reduce

More information

Virtual Machine Encryption Security & Compliance in the Cloud

Virtual Machine Encryption Security & Compliance in the Cloud Virtual Machine Encryption Security & Compliance in the Cloud Pius Graf Director Sales Switzerland 27.September 2017 Agenda Control Your Data In The Cloud Overview Virtual Machine Encryption Architecture

More information

Cloud-Based Data Security

Cloud-Based Data Security White Paper Cloud-Based Data Security SaaS-built Galileo collects and analyzes customized performance data efficiently, on-demand, via a secure Internet connection. About Galileo Created by the ATS Group,

More information

ClearPath OS 2200 System LAN Security Overview. White paper

ClearPath OS 2200 System LAN Security Overview. White paper ClearPath OS 2200 System LAN Security Overview White paper Table of Contents Introduction 3 Baseline Security 3 LAN Configurations 4 Security Protection Measures 4 Software and Security Updates 4 Security

More information

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES ACCESS MANAGEMENT Policy UT Health San Antonio shall adopt access management processes to ensure that access to Information Resources is restricted to authorized users with minimal access rights necessary

More information

User-to-Data-Center Access Control Using TrustSec Design Guide

User-to-Data-Center Access Control Using TrustSec Design Guide CISCO VALIDATED DESIGN User-to-Data-Center Access Control Using TrustSec Design Guide October 2015 REFERENCE NETWORK ARCHITECTURE Table of Contents About This Document... 1 Cisco TrustSec Overview... 2

More information

Securing the Corporate WLAN in a Healthcare Regulated Organization

Securing the Corporate WLAN in a Healthcare Regulated Organization Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Securing

More information

Pulse Policy Secure X Network Access Control (NAC) White Paper

Pulse Policy Secure X Network Access Control (NAC) White Paper Pulse Policy Secure 802.1X Network Access Control (NAC) White Paper Introduction The growing mobility trend has created a greater need for many organizations to secure and manage access for both users

More information

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below

More information

Implementing Cisco Network Security (IINS) 3.0

Implementing Cisco Network Security (IINS) 3.0 Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using

More information

Securing Institutional Data in a Mobile World

Securing Institutional Data in a Mobile World University of Wisconsin Madison Securing Institutional Data in a Mobile World July 13, 2017 Securing Institutional Data in a Mobile World / Agenda 01 What is a mobile device? 02 Protecting institutional

More information

SD-WAN 101. November 3 rd 2016 Rob McBride Marketing

SD-WAN 101. November 3 rd 2016 Rob McBride Marketing SD-WAN 101 November 3 rd 2016 Rob McBride Marketing Email: rob@viptela.com Twitter: @digitalmcb Industry trends impacting networking Cloud Mobile Social 2 Today s WAN is challenged to keep up Complex Operations

More information

Google Cloud Platform: Customer Responsibility Matrix. December 2018

Google Cloud Platform: Customer Responsibility Matrix. December 2018 Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect

More information

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros

More information

Cloud Security Best Practices

Cloud Security Best Practices Cloud Security Best Practices Cohesive Networks - your applications secured Our family of security and connectivity solutions, VNS3, protects cloud-based applications from exploitation by hackers, criminal

More information

Auditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley

Auditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley Auditing Bring Your Own Devices (BYOD) Risks Shannon Buckley Agenda 1. Understanding the trend towards BYOD. 2. Weighing up the cost benefit vs. the risks. 3. Identifying and mitigating the risks. 4. Tips

More information

Compliance Audit Readiness. Bob Kral Tenable Network Security

Compliance Audit Readiness. Bob Kral Tenable Network Security Compliance Audit Readiness Bob Kral Tenable Network Security Agenda State of the Market Drifting Out of Compliance Continuous Compliance Top 5 Hardest To Sustain PCI DSS Requirements Procedural support

More information

Security+ SY0-501 Study Guide Table of Contents

Security+ SY0-501 Study Guide Table of Contents Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators

More information

Google Cloud Platform: Customer Responsibility Matrix. April 2017

Google Cloud Platform: Customer Responsibility Matrix. April 2017 Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder

More information

Network Access Control

Network Access Control Network Access Control It is about saying YES! to BYOD but staying on control Jan Michael de Kok Sales Engineering Manager Caribbean & Central America Realities of Smart Devices, Like It Or Not A new device

More information

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group Future Challenges and Changes in Industrial Cybersecurity Sid Snitkin VP Cybersecurity Services ARC Advisory Group Srsnitkin@ARCweb.com Agenda Industrial Cybersecurity Today Scope, Assumptions and Strategies

More information

Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd

Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd Berlin Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd AWS Compliance Display Cabinet Certificates: Programmes:

More information

Watson Developer Cloud Security Overview

Watson Developer Cloud Security Overview Watson Developer Cloud Security Overview Introduction This document provides a high-level overview of the measures and safeguards that IBM implements to protect and separate data between customers for

More information

The Device Has Left the Building

The Device Has Left the Building The Device Has Left the Building Mobile Security Made Easy With Managed PKI Christian Brindley Principal Systems Engineer, Symantec Identity and Information Protection Agenda 1 2 3 Mobile Trends and Use

More information

Mitigating Cybersecurity Risk with Hyper-Segmentation

Mitigating Cybersecurity Risk with Hyper-Segmentation Mitigating Cybersecurity Risk with Hyper-Segmentation Session 46, February 20, 2017 Eric Miller, Sr. Director, Ascension Information Services Paul Unbehagen, Chief Architect, Avaya 1 Speaker Introduction

More information

Key Management in a System z Enterprise

Key Management in a System z Enterprise IBM Systems IBM z Systems Security Conference Business Security for today and tomorrow > 27-30 September Montpellier Key Management in a System z Enterprise Leo Moesgaard (lemo@dk.ibm.com) Manager of IBM

More information

Identity-Based Cyber Defense. March 2017

Identity-Based Cyber Defense. March 2017 Identity-Based Cyber Defense March 2017 Attackers Continue to Have Success Current security products are necessary but not sufficient Assumption is you are or will be breached Focus on monitoring, detecting

More information

Link Security Considerations in the. Enterprise

Link Security Considerations in the. Enterprise Link Security Considerations in the Mahalingam Mani 1 Security in Brief Point Security System Protection: beyond standards Servers upto application level Layer 2 & 3 Network Devices Perimeter Protection

More information

Introducing Avaya SDN Fx with FatPipe Networks Next Generation SD-WAN

Introducing Avaya SDN Fx with FatPipe Networks Next Generation SD-WAN Avaya-FatPipe Solution Overview Introducing Avaya SDN Fx with FatPipe Networks Next Generation SD-WAN The Avaya SDN-Fx and FatPipe Networks solution provides a fabric-based SDN architecture for simplicity

More information

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance. Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do

More information

PCI DSS and the VNC SDK

PCI DSS and the VNC SDK RealVNC Limited 2016. 1 What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) compliance is mandated by many major credit card companies, including Visa, MasterCard, American Express,

More information

Welcome to the Jungle: (If we act like prey, they ll act like predators)

Welcome to the Jungle: (If we act like prey, they ll act like predators) Welcome to the Jungle: (If we act like prey, they ll act like predators) Chris Hoke April 6, 2017 www.siriuscom.com 4/4/2017 1 Agenda Who I am Basics of information security Target rich environment Defend

More information

GEARS + CounterACT. Advanced Compliance Enforcement for Healthcare. December 16, Presented by:

GEARS + CounterACT. Advanced Compliance Enforcement for Healthcare. December 16, Presented by: Advanced Compliance Enforcement for Healthcare Presented by: December 16, 2014 Adam Winn GEARS Product Manager OPSWAT Kevin Mayer Product Manager ForeScout Agenda Challenges for the healthcare industry

More information

Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design

Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design White Paper Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design Emerging IT technologies have brought about a shift from IT as a cost center to IT as a business driver.

More information

VMware, SQL Server and Encrypting Private Data Townsend Security

VMware, SQL Server and Encrypting Private Data Townsend Security VMware, SQL Server and Encrypting Private Data Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 Today s Agenda! What s new from Microsoft?! Compliance, standards, and

More information

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes: Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information

More information

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview IBM Watson on the IBM Cloud Security Overview Introduction IBM Watson on the IBM Cloud helps to transform businesses, enhancing competitive advantage and disrupting industries by unlocking the potential

More information

Best Practices for Extending the WAN into AWS (IaaS) with SD-WAN

Best Practices for Extending the WAN into AWS (IaaS) with SD-WAN Best Practices for Extending the WAN into AWS (IaaS) with SD-WAN Ariful Huq Product Management @arifulhuq & Rob McBride Marketing @digitalmcb Industry trends impacting networking Cloud Mobile Social 2

More information

Addressing PCI DSS 3.2

Addressing PCI DSS 3.2 Organizational Challenges Securing the evergrowing landscape of devices while keeping pace with regulations Enforcing appropriate access for compliant and non-compliant endpoints Requiring tools that provide

More information

The Common Controls Framework BY ADOBE

The Common Controls Framework BY ADOBE The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.

More information

Security Automation Connecting Your Silos

Security Automation Connecting Your Silos Security Automation Connecting Your Silos Lisa Lorenzin Principal Solutions Architect Juniper Network What We Have 9/29/2014 Copyright 2014 Trusted Computing Group 2 Drowning in Information 9/29/2014 Copyright

More information

Policy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4

Policy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4 Policy Sensitive Information Version 3.4 Table of Contents Sensitive Information Policy -... 2 Overview... 2 Policy... 2 PCI... 3 HIPAA... 3 Gramm-Leach-Bliley (Financial Services Modernization Act of

More information

Securing Health Data in a BYOD World

Securing Health Data in a BYOD World Business White Paper Securing Health Data in a BYOD World Five strategies to minimize risk Page 2 of 9 Securing Health Data in a BYOD World Table of Contents Page 2 Introduction Page 3 BYOD Adoption Drivers

More information

Software Defined Networking Security: Security for SDN and Security with SDN. Seungwon Shin Texas A&M University

Software Defined Networking Security: Security for SDN and Security with SDN. Seungwon Shin Texas A&M University Software Defined Networking Security: Security for SDN and Security with SDN Seungwon Shin Texas A&M University Contents SDN Basic Operation SDN Security Issues SDN Operation L2 Forwarding application

More information

The threat landscape is constantly

The threat landscape is constantly A PLATFORM-INDEPENDENT APPROACH TO SECURE MICRO-SEGMENTATION Use Case Analysis The threat landscape is constantly evolving. Data centers running business-critical workloads need proactive security solutions

More information

CSE543 Computer and Network Security Module: Network Security

CSE543 Computer and Network Security Module: Network Security CSE543 Computer and Network Security Module: Network Security Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 2 Communication Security Want to establish a secure channel

More information

Leveraging the LincPass in USDA

Leveraging the LincPass in USDA Leveraging the LincPass in USDA Two Factor Authentication, Digital Signature, Enterprise VPN, eauth Single Sign On February 2010 USDA Takes Advantage of the LincPass USDA is taking advantage of the LincPass

More information

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

Complying with RBI Guidelines for Wi-Fi Vulnerabilities A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Mountain View, CA 94043 www.airtightnetworks.com 2013 AirTight Networks, Inc. All rights reserved. Reserve Bank of India (RBI) guidelines

More information

Managing Site-to-Site VPNs: The Basics

Managing Site-to-Site VPNs: The Basics CHAPTER 23 A virtual private network (VPN) consists of multiple remote peers transmitting private data securely to one another over an unsecured network, such as the Internet. Site-to-site VPNs use tunnels

More information

Mobile Security Overview Rob Greer, VP Endpoint Management and Mobility Product Management Dave Cole, Sr. Director Consumer Mobile Product Management

Mobile Security Overview Rob Greer, VP Endpoint Management and Mobility Product Management Dave Cole, Sr. Director Consumer Mobile Product Management Mobile Security Overview Rob Greer, VP Endpoint Management and Mobility Product Management Dave Cole, Sr. Director Consumer Mobile Product Management June 29, 2011 1 Forward-Looking Statements This presentation

More information

CompTIA Advanced Security Practitioner (CASP) (Exam CAS-001)

CompTIA Advanced Security Practitioner (CASP) (Exam CAS-001) CompTIA Advanced Security Practitioner (CASP) (Exam CAS-001) Course Outline Course Introduction Course Introduction Lesson 01 - The Enterprise Security Architecture Topic A: The Basics of Enterprise Security

More information

Module Overview. works Identify NAP enforcement options Identify scenarios for NAP usage

Module Overview. works Identify NAP enforcement options Identify scenarios for NAP usage Module 6: Network Policies and Access Protection Module Overview Describe how Network Policies Access Protection (NAP) works Identify NAP enforcement options Identify scenarios for NAP usage Describe Routing

More information

Who s Protecting Your Keys? August 2018

Who s Protecting Your Keys? August 2018 Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and

More information

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Is your privacy secure? HIPAA Compliance Workshop September 2008 Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Agenda Have you secured your key operational, competitive and financial

More information

VPN Overview. VPN Types

VPN Overview. VPN Types VPN Types A virtual private network (VPN) connection establishes a secure tunnel between endpoints over a public network such as the Internet. This chapter applies to Site-to-site VPNs on Firepower Threat

More information

PROTECTING INFORMATION ASSETS NETWORK SECURITY

PROTECTING INFORMATION ASSETS NETWORK SECURITY PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security

More information

VNC Connect security whitepaper. Cloud versus direct with VNC Connect

VNC Connect security whitepaper. Cloud versus direct with VNC Connect VNC Connect security whitepaper Cloud versus direct with VNC Connect November 2017 Contents Introduction... 3 Key terminology... 3 Direct connectivity... 4 Cloud connectivity... 5 Summary... 6 Appendix:

More information

WELCOME ISO/IEC 27001:2017 Information Briefing

WELCOME ISO/IEC 27001:2017 Information Briefing WELCOME ISO/IEC 27001:2017 Information Briefing Denis Ryan C.I.S.S.P NSAI Lead Auditor Running Order 1. Market survey 2. Why ISO 27001 3. Requirements of ISO 27001 4. Annex A 5. Registration process 6.

More information

Securing BYOD with Cisco TrustSec Security Group Firewalling

Securing BYOD with Cisco TrustSec Security Group Firewalling White Paper Securing BYOD with Cisco TrustSec Security Group Firewalling Getting Started with TrustSec What You Will Learn The bring-your-own-device (BYOD) trend can spur greater enterprise productivity

More information

2017 Annual Meeting of Members and Board of Directors Meeting

2017 Annual Meeting of Members and Board of Directors Meeting 2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,

More information

CipherCloud CASB+ Connector for ServiceNow

CipherCloud CASB+ Connector for ServiceNow ServiceNow CASB+ Connector CipherCloud CASB+ Connector for ServiceNow The CipherCloud CASB+ Connector for ServiceNow enables the full suite of CipherCloud CASB+ capabilities, in addition to field-level

More information

Questions Submitted Barry County Michigan Network Security Audit and Vulnerability Assessment RFP

Questions Submitted Barry County Michigan Network Security Audit and Vulnerability Assessment RFP Questions Submitted Barry County Michigan Network Security Audit and Vulnerability Assessment RFP 1. If we cannot attend the September 27 pre-bid meeting in-person, will there be conference call capability

More information

Complying with PCI DSS 3.0

Complying with PCI DSS 3.0 New PCI DSS standards are designed to help organizations keep credit card information secure, but can cause expensive implementation challenges. The F5 PCI DSS 3.0 solution allows organizations to protect

More information

HIPrelay Product. The Industry's First Identity-Based Router Product FAQ

HIPrelay Product. The Industry's First Identity-Based Router Product FAQ HIPrelay Product The Industry's First Identity-Based Router Product FAQ Q. What is the HIPrelay? The HIPrelay is an identity-based router that seamlessly extends identity-defined micro-segments (IDMS)

More information

Verizon Software Defined Perimeter (SDP).

Verizon Software Defined Perimeter (SDP). Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.

More information

Secure Access for Microsoft Office 365 & SaaS Applications

Secure Access for Microsoft Office 365 & SaaS Applications Best Practices Guide Secure Access for Microsoft Office 365 & SaaS Applications Implement Robust Compliance for All Users, All Devices, and All Data This guide illustrates best practices for secure Office

More information

How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT

How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT Table of Contents TABLE OF CONTENTS 1 BACKGROUND 2 WINDOWS SERVER CONFIGURATION STEPS 2 CONFIGURING USER AUTHENTICATION 3 ACTIVE DIRECTORY

More information

How to Configure BGP over IKEv2 IPsec Site-to- Site VPN to an Google Cloud VPN Gateway

How to Configure BGP over IKEv2 IPsec Site-to- Site VPN to an Google Cloud VPN Gateway How to Configure BGP over IKEv2 IPsec Site-to- Site VPN to an Google Cloud VPN Gateway To connect to the Google Cloud VPN gateway, create an IPsec IKEv2 site-to-site VPN tunnel on your F-Series Firewall

More information

It s About the Data, Stupid.

It s About the Data, Stupid. Next Presentation Begins at 16:40 It s About the Data, Stupid. Salo Fajer, Chief Technology Officer It s About the Data, Stupid. Salo Fajer, Chief Technology Officer First, allow me to explain my session

More information

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall Overview This document describes how to implement IPsec with pre-shared secrets establishing

More information

PROTECT WORKLOADS IN THE HYBRID CLOUD

PROTECT WORKLOADS IN THE HYBRID CLOUD PROTECT WORKLOADS IN THE HYBRID CLOUD SPOTLIGHTS Industry Aviation Use Case Protect workloads in the hybrid cloud for the safety and integrity of mission-critical applications and sensitive data across

More information

ENCRYPTION STANDARDS FOR PUBLIC CLOUD ENVIRONMENTS

ENCRYPTION STANDARDS FOR PUBLIC CLOUD ENVIRONMENTS Allscripts Enterprise INFORMATION PRIVACY & SECURITY POLICIES: ENCRYPTION STANDARDS FOR PUBLIC CLOUD ENVIRONMENTS Revision: 1.0 FINAL Approval Date: December 01, 2015 Security Policy: S-10-01 Approval

More information

University of Pittsburgh Security Assessment Questionnaire (v1.7)

University of Pittsburgh Security Assessment Questionnaire (v1.7) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided

More information

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

How Security Policy Orchestration Extends to Hybrid Cloud Platforms How Security Policy Orchestration Extends to Hybrid Cloud Platforms Reducing complexity also improves visibility when managing multi vendor, multi technology heterogeneous IT environments www.tufin.com

More information

10 FOCUS AREAS FOR BREACH PREVENTION

10 FOCUS AREAS FOR BREACH PREVENTION 10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual

More information

How to Prepare a Response to Cyber Attack for a Multinational Company.

How to Prepare a Response to Cyber Attack for a Multinational Company. You Have Been Breached! How to Prepare a Response to Cyber Attack for a Multinational Company. Chayan Chakravarti, MBA, CISM, PMP Patrick Enyart, CISA, CISM, CRISC Presenters Chayan Chakravarti Manager,

More information

Cloud Native Security. OpenShift Commons Briefing

Cloud Native Security. OpenShift Commons Briefing Cloud Native Security OpenShift Commons Briefing Amir Sharif Co-Founder amir@aporeto.com Cloud Native Applications Challenge Security Change Frequency x 10x 100x 1,000x Legacy (Pets) Servers VMs Cloud

More information

Monitoring Remote Access VPN Services

Monitoring Remote Access VPN Services CHAPTER 5 A remote access service (RAS) VPN secures connections for remote users, such as mobile users or telecommuters. RAS VPN monitoring provides all of the most important indicators of cluster, concentrator,

More information

IAM Security & Privacy Policies Scott Bradner

IAM Security & Privacy Policies Scott Bradner IAM Security & Privacy Policies Scott Bradner November 24, 2015 December 2, 2015 Tuesday Wednesday 9:30-10:30 a.m. 10:00-11:00 a.m. 6 Story St. CR Today s Agenda How IAM Security and Privacy Policies Complement

More information

The Need For A New IT Security Architecture: Global Study On The Risk Of Outdated Technologies

The Need For A New IT Security Architecture: Global Study On The Risk Of Outdated Technologies The Need For A New IT Security Architecture: Global Study On The Risk Of Outdated Technologies Daniel Yeung Technical Manager, Hong Kong & Taiwan AUG 2017 2017 Citrix Why Worry? Security needs to be top-of-mind

More information

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter

More information

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Network Security - ISA 656 IPsec IPsec Key Management (IKE) Network Security - ISA 656 IPsec IPsec (IKE) Angelos Stavrou September 28, 2008 What is IPsec, and Why? What is IPsec, and Why? History IPsec Structure Packet Layout Header (AH) AH Layout Encapsulating

More information

Managing Site-to-Site VPNs

Managing Site-to-Site VPNs CHAPTER 21 A virtual private network (VPN) consists of multiple remote peers transmitting private data securely to one another over an unsecured network, such as the Internet. Site-to-site VPNs use tunnels

More information

Securing the Network: Understanding CIA, Segmentation, and Zero Trust. Jacek Szamrej VP of Cybersecurity SEDC

Securing the Network: Understanding CIA, Segmentation, and Zero Trust. Jacek Szamrej VP of Cybersecurity SEDC Securing the Network: Understanding CIA, Segmentation, and Zero Trust Jacek Szamrej VP of Cybersecurity SEDC Jacek Szamrej VP of Cybersecurity SEDC C? A I What are we protecting? Confidentiality DATA Availability

More information

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide

More information

Whitepaper on EU Data Protection October 2014

Whitepaper on EU Data Protection October 2014 Whitepaper on EU Data Protection October 2014 (Please see http://aws.amazon.com/compliance/aws-whitepapers/ for the latest version of this paper, and http://aws.amazon.com/de/data-protection/ for the German

More information

Security Operations & Analytics Services

Security Operations & Analytics Services Security Operations & Analytics Services www.ecominfotech.biz info@ecominfotech.biz Page 1 Key Challenges Average time to detect an attack (Dwell time) hovers around 175 to 210 days as reported by some

More information

ANIKET DAPTARI & RANJINI RAJENDRAN CONTRAIL TEAM

ANIKET DAPTARI & RANJINI RAJENDRAN CONTRAIL TEAM ROLE OF NETWORK VIRTUALIZATION AND SOFTWARE DEFINED SECURITY IN MULTICLOUD ANIKET DAPTARI & RANJINI RAJENDRAN CONTRAIL TEAM This statement of direction sets forth Juniper Networks current intention and

More information

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS SECURITY PLATFORM FOR HEALTHCARE PROVIDERS Hundreds of hospitals, clinics and healthcare networks across the globe prevent successful cyberattacks with our Next-Generation Security Platform. Palo Alto

More information

The Current State of Encryption and Key Management

The Current State of Encryption and Key Management BDB G The Current State of Encryption and Key Management Where Security Gaps Persist and Strategies for Addressing Them whitepaper Executive Summary While encryption has been employed for decades, much

More information

Managing Site-to-Site VPNs: The Basics

Managing Site-to-Site VPNs: The Basics CHAPTER 21 A virtual private network (VPN) consists of multiple remote peers transmitting private data securely to one another over an unsecured network, such as the Internet. Site-to-site VPNs use tunnels

More information

Cradlepoint to Palo Alto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions

Cradlepoint to Palo Alto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions Cradlepoint to Palo Alto VPN Example Summary This configuration covers an IPSec VPN tunnel setup between a Cradlepoint Series 3 router and a Palo Alto firewall. IPSec is customizable on both the Cradlepoint

More information

Internet security and privacy

Internet security and privacy Internet security and privacy IPsec 1 Layer 3 App. TCP/UDP IP L2 L1 2 Operating system layers App. TCP/UDP IP L2 L1 User process Kernel process Interface specific Socket API Device driver 3 IPsec Create

More information

VMware, SQL Server and Encrypting Private Data Townsend Security

VMware, SQL Server and Encrypting Private Data Townsend Security VMware, SQL Server and Encrypting Private Data Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 Today s Agenda! Compliance, standards, and best practices! Encryption and

More information

Data Privacy and Protection GDPR Compliance for Databases

Data Privacy and Protection GDPR Compliance for Databases Data Privacy and Protection GDPR Compliance for Databases Walo Weber, Senior Sales Engineer September, 2016 Agenda GDPR: who, what, why, when Requirements for databases Discovery Classification Masking

More information

EM L01 Introduction to Mobile

EM L01 Introduction to Mobile EM L01 Introduction to Scott Jareo Principal Field Enablement Mgr. 1 Agenda 1 Welcome and Introduction 2 Overview 3 Lab Exercises 4 Resources and Conclusion 2 Leading Concerns In Enterprise Mobility Discussions

More information

The Top 6 WAF Essentials to Achieve Application Security Efficacy

The Top 6 WAF Essentials to Achieve Application Security Efficacy The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and

More information

Mobility Policy Bundle

Mobility Policy Bundle Version 2018-02 Mobility Policy Bundle Table of Contents This document contains the following policies: BYOD Access and Use Policy (revised 02/2018) Mobile Device Access and Use Policy (revised 02/2018)

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback