Development. Architecture QA. Operations
|
|
- Teresa Helena Thornton
- 5 years ago
- Views:
Transcription
1
2 Development Architecture QA Operations
3 Lack of business agility Slow to onboard new customers Hard to practice true DevOps Outpaced by disruptors Rogue dev projects Lack of SecOps agility Slow threat assessments Can t patch fast enough Reactive security posture
4
5 DevOps is the combination of cultural philosophies, practices, and tools that increases an organization s ability to deliver applications and services at high velocity
6 DevOps is not a process change, nor a tool, it s a culture change
7 1 Cloud Birth 2 Cloud Chaos 3 Hybrid Groove Security Decision Making Security & Compliance Posture Operational Cost
8 Dev User interface design Code development Help file construction Staffing Architecture review Standards Resource consumption conformance metrics Walkthroughs Budget PII Footprinting System test compliance Code validation Design SDLC Documentation review Mobile Unit test readiness Scalability Test case development Skills development Function/component test Performance Installation guidelines verification Buffer overflow risk assessment Load and stress test Webreadiness Ops Run stuff Break stuff Lock out users How Development Sees Operations
9 How developers click Job 1 is Deploying code Quickly use new technologies Ability to deploy regardless of platform Freedom!
10 Ops Dev Write code Test some Organizational design Patching Network bandwidth forecasting Cloud migration strategy Legacy environment support Skills Virtual machine Budget and funding development management Containers Fallback/roll forward Intrusion prevention/detection ITIL Compliance Service Level Change Review Board Backup/recovery Agreements Power Equipment upgrade/retirement strategy consumption Acquisition and Site security IT Service Desk procurement Vendor Metrics Space planning certification Network COBIT configuration Web security Alignment BYOD Security ITIL Compliance Identity and Access Management High availability Cost recovery/chargeback Third-party risk management Business Continuity Storage Planning consumption How Operations Sees Development
11 What makes security teams sleep Reduce Surprises Standards and control everywhere Controlled changes Less regulatory pressure
12 It s even getting more interesting
13 Hybrid Datacenter is here Public Cloud Containers Serverless One Year of Container Usage 67% 53% Virtual Desktops 31% Evaluating 42% Evaluating Physical Servers Virtual Servers 22% Using % Using 2017
14 VMware Cloud on AWS Runs on AWS Bare metal Infrastructure Move on-premise Workloads to AWS Integrated with Vmware APIs (NSX,vSphere) Maintain the Existing Skills Retain Existing Architecture and Investment
15 Wouldn t be nice if we can use one tool for security?
16 Let s use DevOps for Security
17 Identify your crown jewel and protect first Security built-in not bolt-on Focus on building continuous, automated and agile security architecture Over-invested in preventive measure vs proactive detection-response Where do we start?
18 Source: Gartner (June 2018) Privileged account management Active antiphishing Micro segmentation and flow visibility Cloud security posture management Cloud access security broker CARTA-inspired vulnerability management Application control on server workloads Detection and response Automated security scanning Software-defined perimeter Gartner Top 10 Security Projects for 2018
19
20 Security Events in Monitoring: Influencing Design Automatic Remediation Automatic Isolation Heal configuration Drift Automated Auditing
21 Securing Code and using Code Secure Coding Practices Proactive controls enforce by code Using code to build infrastructure
22 Build Checking Scan for Vulnerabilities or Malware Enable Secrets Management Configuration Scrubbing
23 Deployment Security Continuous Vulnerability Scanning Automated deployment of Approved Images Just in time server access
24 Example: Securing Docker Images
25 Challenge: How can you verify that containers deployed in production do not contain any known malware or vulnerabilities?
26 Jenkins
27 Completed Build
28 Failed Build.. But why?
29 Malware Found in the APIs
30 Check Smart Check
31 Check Scans
32 Scan Details
33 Vulnerable Package Installed Find where Vulnerability was introduced
34 Malware Copied Find where malware was introduced
35 Vulnerable Package Installed Malware Copied Easily Reference in Dockerfile
36
37 Example: Virtual Patching
38 Challenge: Average Patching time for customers is 176 Days, How would you protect your containers when zero day strikes
39 Apache Struts Vulnerability CVE
40 Unprotected Struts Website
41
42
43
44 Protected Protected Struts Website
45 Runs on Docker Rules Applied Virtual Patching applied
46
47 Event Summary Multiple Events
48 Event View Attack type and CVE
49 Details of the Attack Attack String
50 Alerts on Slack
51 Visibility regardless of Server Location
52 Continue to leverage current investments
53 Container virtual patching
54
55 Key Takeaways Start Small Plan Ahead Security team has to code Look for Open Security APIs Don t be afraid ~ integrate
56 Nothing is Permanent and Nothing is Perfect
57 THANK YOU Paul Hidalgo Trend Micro linkedin.com/in/peeweeh/ Feedback:
Automating Security Practices for the DevOps Revolution
Automating Security Practices for the DevOps Revolution Hari Srinivasan Director Product Management, Cloud and Virtualization Security Qualys Inc. 1 Qualys, Inc. 2018 Agenda Transformation of today s IT
More informationDevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY
DevOps Anti-Patterns Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! 31 Anti-Pattern: Throw it Over the Wall Development Operations 32 Anti-Pattern: DevOps Team Silo
More informationTHE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES
SESSION ID: STR-R14 THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES Doug Cahill Group Director and Senior Analyst Enterprise Strategy Group @dougcahill WHO IS THIS GUY? Topics The Composition
More informationMicrosoft Security Management
Microsoft Security Management MICROSOFT SECURITY MANAGEMENT SECURITY MANAGEMENT CHALLENGES Some large financial services organizations have as many as 40 or more different security vendors inside their
More informationDevSecOps Why Aren t You Doing It? Brian Liceaga, CISSP 1
DevSecOps Why Aren t You Doing It? Brian Liceaga, CISSP 1 Agenda State of DevOps Value of DevOps Benefitting from DevOps DevSecOps What you can do as InfoSec 2 The State of DevOps - 2017 Automation is
More informationCase Study: The Evolution of EMC s Product Security Office. Dan Reddy, CISSP, CSSLP EMC Product Security Office
Case Study: The Evolution of EMC s Product Security Office Dan Reddy, CISSP, CSSLP EMC Product Security Office 1 The Evolution of EMC Product Security 2000-2004 2005-2009 2010-Beyond External Drivers Hackers
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationClosing the Hybrid Cloud Security Gap with Cavirin
Enterprise Strategy Group Getting to the bigger truth. Solution Showcase Closing the Hybrid Cloud Security Gap with Cavirin Date: June 2018 Author: Doug Cahill, Senior Analyst Abstract: Most organizations
More informationAWS Reference Design Document
AWS Reference Design Document Contents Overview... 1 Amazon Web Services (AWS), Public Cloud and the New Security Challenges... 1 Security at the Speed of DevOps... 2 Securing East-West and North-South
More informationSecuring Your Cloud Introduction Presentation
Securing Your Cloud Introduction Presentation Slides originally created by IBM Partial deck derived by Continental Resources, Inc. (ConRes) Security Division Revision March 17, 2017 1 IBM Security Today
More informationCLOUD WORKLOAD SECURITY
SOLUTION OVERVIEW CLOUD WORKLOAD SECURITY Bottom line: If you re in IT today, you re already in the cloud. As technology becomes an increasingly important element of business success, the adoption of highly
More informationGovernment IT Modernization and the Adoption of Hybrid Cloud
Government IT Modernization and the Adoption of Hybrid Cloud An IDC InfoBrief, Sponsored by VMware June 2018 Federal and National Governments Are at an Inflection Point Federal and national governments
More informationThe threat landscape is constantly
A PLATFORM-INDEPENDENT APPROACH TO SECURE MICRO-SEGMENTATION Use Case Analysis The threat landscape is constantly evolving. Data centers running business-critical workloads need proactive security solutions
More informationSecuring Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &
Securing Dynamic Data Centers Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan & Afghanistan @WajahatRajab Modern Challenges By 2020, 60% of Digital Businesses will suffer Major Service
More informationBUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY
SOLUTION OVERVIEW BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY Every organization is exploring how technology can help it disrupt current operating models, enabling it to better serve
More informationChristopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud
Christopher Covert Principal Product Manager Enterprise Solutions Group Copyright 2016 Symantec Endpoint Protection Cloud THE PROMISE OF CLOUD COMPUTING We re all moving from challenges like these Large
More informationUnify DevOps and SecOps: Security Without Friction
SANS Secure DevOps Summit Unify DevOps and SecOps: Security Without Friction Matt Alderman, CISSP Chief Strategy & Marketing Officer Layered Insight @maldermania Technology Trend #1: Infrastructure Migrates
More informationMicrosoft Operations Management Suite (OMS) Fernando Andreazi RED CLOUD
Microsoft Operations Management Suite (OMS) Fernando Andreazi RED CLOUD Management as a Service Data analytics Shifting landscape at play Modern management Micro-services and containers Cloud Migrations
More informationMcAfee Public Cloud Server Security Suite
McAfee Public Cloud Server Security Suite Comprehensive security for AWS and Azure cloud workloads As enterprises shift their data center strategy to include and often lead with public cloud server instances,
More informationSecuring the Modern Data Center with Trend Micro Deep Security
Advania Fall Conference Securing the Modern Data Center with Trend Micro Deep Security Okan Kalak, Senior Sales Engineer okan@trendmicro.no Infrastructure change Containers 1011 0100 0010 Serverless Public
More informationGoing cloud-native with Kubernetes and Pivotal
Going cloud-native with Kubernetes and Pivotal A guide to Pivotal Container Service (PKS) by role Fast, low-risk enterprise-grade Kubernetes has arrived With Pivotal Container Service (PKS), organizations
More informationElizabeth Lawler CEO & Co-Founder Conjur,
SESSION ID: ASD-W02 Is DevOps Breaking Your Company? Elizabeth Lawler CEO & Co-Founder Conjur, Inc. @elizabethlawler Agenda I. Security + DevOps Overview Unstoppable Force vs Immovable Object Aligning
More informationHow to succeed with data centre migration
How to succeed with data centre migration Presented by Robert Sternberg Tuesday 12 April 2016 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cloudreach AWS Services Cloudreach
More informationThe IBM Platform Computing HPC Cloud Service. Solution Overview
The IBM Platform Computing HPC Cloud Service Solution Overview Industry-leading workload management 20 years managing distributed scale-out systems with 2000+ customers in many industries High performance
More informationSUSE s vision for agile software development and deployment in the Software Defined Datacenter
From Git to Cloud SUSE s vision for agile software development and deployment in the Software Defined Datacenter Joachim Werner Senior Product Manager joe@suse.com Peter Chadwick Director Product Management
More informationGovernance for the Public Sector Cloud
Governance for the Public Sector Cloud Managing Cost and Ensuring Compliance Paving the Way to the Cloud Forecasting a potential 30% reduction in data infrastructure spend, the U.S. Government embarked
More informationHALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.
HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD Automated PCI compliance anytime, anywhere. THE PROBLEM Online commercial transactions will hit an estimated
More informationNetwork Virtualization Business Case
SESSION ID: GPS2-R01 Network Virtualization Business Case Arup Deb virtual networking & security VMware NSBU adeb@vmware.com I. Data center security today Don t hate the player, hate the game - Ice T,
More informationAutomated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security Chris Van Den Abbeele, Global Solution Architect, Trend
SAI3314BES Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security Chris Van Den Abbeele, Global Solution Architect, Trend Micro #VMworld #SAI3314BES Automated Security
More informationQualys Cloud Platform
Qualys Cloud Platform Our Journey into the Cloud: The Qualys Cloud Platform & Architecture Thomas Wendt Regional Manager Post-Sales, DACH, Qualys Inc. Digital Transformation More than just adopting new
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationThe Why, What, and How of Cisco Tetration
The Why, What, and How of Cisco Tetration Why Cisco Tetration? With the above trends as a backdrop, Cisco has seen specific changes within the multicloud data center. Infrastructure is changing. It is
More informationSIEMLESS THREAT DETECTION FOR AWS
SOLUTION OVERVIEW: ALERT LOGIC FOR AMAZON WEB SERVICES (AWS) SIEMLESS THREAT DETECTION FOR AWS Few things are as important to your business as maintaining the security of your sensitive data. Protecting
More informationvrealize Introducing VMware vrealize Suite Purpose Built for the Hybrid Cloud
vrealize Introducing VMware vrealize Suite Purpose Built for the Hybrid Cloud Overview: Realizing the Full Power of the Cloud Cloud computing provides tremendous competitive advantages to companies, but
More informationPrivilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer
Privilege Security & Next-Generation Technology Morey J. Haber Chief Technology Officer mhaber@beyondtrust.com Agenda The Next-Gen Threat Landscape o Infomatics, Breaches & the Attack Chain o Securing
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationTransformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018
Transformation in Technology Barbara Duck Chief Information Officer Investor Day 2018 Key Takeaways 1Transformation in Technology driving out cost, supporting a more technologyenabled business Our new
More informationWatson Developer Cloud Security Overview
Watson Developer Cloud Security Overview Introduction This document provides a high-level overview of the measures and safeguards that IBM implements to protect and separate data between customers for
More informationReinvent Your 2013 Security Management Strategy
Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone:+33 6 25 34 12 01 Email:laurent.boutet@skyboxsecurity.com www.skyboxsecurity.com What are Your Key Objectives for
More informationIBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan
IBM Cloud Security for the Cloud Amr Ismail Security Solutions Sales Leader Middle East & Pakistan Today s Drivers for Cloud Adoption ELASTIC LOWER COST SOLVES SKILLS SHORTAGE RAPID INNOVATION GREATER
More informationPresenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe
Presenting the ware NSX ECO System May 2015 Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe Agenda 10:15-11:00 ware NSX, the Network Virtualization Platform 11.15-12.00 Palo Alto
More informationNOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect
NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should
More informationOn-Premise, Cloud, Or Managed Service. Making The Most Of Information Management Technology & People
On-Premise, Cloud, Or Managed Service Making The Most Of Information Management Technology & People Steffen Low Vice President, Symantec Business Critical Services Matthew Edwards President & Global CTO,
More informationSolution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and
Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and Compliance Management Through the integration of AlgoSec
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationSecurity-as-a-Service: The Future of Security Management
Security-as-a-Service: The Future of Security Management EVERY SINGLE ATTACK THAT AN ORGANISATION EXPERIENCES IS EITHER ON AN ENDPOINT OR HEADING THERE 65% of CEOs say their risk management approach is
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationSuman Sourav Director DevSecOps, Vantage Point Security. OWASP Indonesia Day 2017
Suman Sourav Director DevSecOps, Vantage Point Security OWASP Indonesia Day 2017 About me Certified Secure Software Lifecycle Professional (CSSLP) 12+ Years of Experience in Software Security Co-Founder
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationHow Security Policy Orchestration Extends to Hybrid Cloud Platforms
How Security Policy Orchestration Extends to Hybrid Cloud Platforms Reducing complexity also improves visibility when managing multi vendor, multi technology heterogeneous IT environments www.tufin.com
More informationBUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology
BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology ebook BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS
More informationPortnox CORE. On-Premise. Technology Introduction AT A GLANCE. Solution Overview
Portnox CORE On-Premise Technology Introduction Portnox CORE provides a complete solution for Network Access Control (NAC) across wired, wireless, and virtual networks for enterprise managed, mobile and
More informationsecurity mindfulness dwayne.
security mindfulness dwayne. foley@eagledream.com security mindfulness defined - the quality or state of being aware that you need to build security into your daily practice -the secure state achieved
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationClearing the Path to Micro-Segmentation. A Strategy Guide for Implementing Micro- Segmentation in Hybrid Clouds
Clearing the Path to Micro-Segmentation A Strategy Guide for Implementing Micro- Segmentation in Hybrid Clouds Clearing the Path to Micro-Segmentation 1 More Clouds in the Forecast The migration of vast
More informationHARNESSING THE HYBRID CLOUD TO DRIVE GREATER BUSINESS AGILITY
HARNESSING THE HYBRID CLOUD TO DRIVE GREATER BUSINESS AGILITY WHY DIGITAL TRANSFORMATION IS DRIVING ADOPTION OF MULTI-CLOUD STRATEGIES In the era of digital business, enterprises are increasingly using
More informationWITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,
More informationCloud Computing: Making the Right Choice for Your Organization
Cloud Computing: Making the Right Choice for Your Organization A decade ago, cloud computing was on the leading edge. Now, 95 percent of businesses use cloud technology, and Gartner says that by 2020,
More informationDatacenter Security: Protection Beyond OS LifeCycle
Section Datacenter Security: Protection Beyond OS LifeCycle 1 Not so fun Facts from the Symantec ISTR 2017 Report Zero-Day Vulnerability, annual total Legitimate tools, annual total 6,000 5 5,000 4,000
More informationVMware Hybrid Cloud Solution
VMware Hybrid Cloud Solution Simplifying and Accelerating Your Multi-Cloud Strategy Bunyamin Ozyasar System Engineer Manager 2017 VMware Inc. All rights reserved. Today s Agenda 1 2 3 VMware SDDC Approach
More informationEndpoint Security Can Be Much More Effective and Less Costly. Here s How
Endpoint Security Can Be Much More Effective and Less Costly Here s How Contents Introduction More is not always better Escalating IT Security Budgets Ineffective management Need of the hour System management
More informationCisco CloudCenter Use Case Summary
Cisco CloudCenter Use Case Summary Overview IT organizations often use multiple clouds to match the best application and infrastructure services with their business needs. It makes sense to have the freedom
More informationCHAPTER 4 Operating a VMware vcloud
CHAPTER 4 Operating a VMware vcloud 4.1 Overview This chapter offers practical, operations-focused guidelines to help you implement a VMware vcloud. Based on the vcloud Operations Framework, the guidelines
More informationTrust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved
Trust in the Cloud Mike Foley RSA Virtualization Evangelist 2009/2010/2011 1 2010 VMware Inc. All rights reserved Agenda How do you solve for Trust = Visibility + Control? What s needed to build a Trusted
More informationSIEMLESS THREAT MANAGEMENT
SOLUTION BRIEF: SIEMLESS THREAT MANAGEMENT SECURITY AND COMPLIANCE COVERAGE FOR APPLICATIONS IN ANY ENVIRONMENT Evolving threats, expanding compliance risks, and resource constraints require a new approach.
More informationArcGIS in the Cloud. Andrew Sakowicz & Alec Walker
ArcGIS in the Cloud Andrew Sakowicz & Alec Walker Key Takeaways How to Identify Organizational Strategy & Priorities Esri s Cloud Offerings A Broad Spectrum Successfully Executing Your Strategy The Cloud
More informationCato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief
Cato Cloud Software-defined and cloud-based secure enterprise network Solution Brief Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise Cato Networks: Software-defined and Cloud-based
More informationCOMPLIANCE AUTOMATION BRIDGING THE GAP BETWEEN DEVELOPMENT AND INFORMATION SECURITY
COMPLIANCE AUTOMATION BRIDGING THE GAP BETWEEN DEVELOPMENT AND INFORMATION SECURITY Published January, 2018 : BRIDGING THE GAP BETWEEN DEVELOPMENT AND INFORMATION SECURITY Speed is nothing without control.
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationCloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.
George Gerchow, Sumo Logic Chief Information Security Officer Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops. Agenda Sumo Security
More informationHow to master hybrid IT. Get the speed and agility you want, with the visibility and control you need
How to master hybrid IT Get the speed and agility you want, with the visibility and control you need The process of moving from a dedicated hosted server to the cloud was seamless. Dimension Data s platform
More informationNo Limits Cloud Introducing the HPE Helion Cloud Suite July 28, Copyright 2016 Vivit Worldwide
No Limits Cloud Introducing the HPE Helion Cloud Suite July 28, 2016 Copyright 2016 Vivit Worldwide Brought to you by Copyright 2016 Vivit Worldwide Hosted By Jeff Jamieson VP Sales & Marketing Whitlock
More informationSTRATEGIC PLAN
STRATEGIC PLAN 2013-2018 In an era of growing demand for IT services, it is imperative that strong guiding principles are followed that will allow for the fulfillment of the Division of Information Technology
More informationWHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS
July 2018 WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS JUST WHAT THE DOCTOR ORDERED... PROTECT PATIENT DATA, CLINICAL RESEARCH AND CRITICAL INFRASTRUCTURE HEALTHCARE S KEY TO DEFEATING IOT CYBERATTACKS
More informationCyberPosture Intelligence for Your Hybrid Infrastructure
VALUE BRIEF CyberPosture Intelligence for Your Hybrid Infrastructure CyberPosture is a consolidated risk score, based on configuration and workload analysis, that executives can present to their board,
More information2018 Report The State of Securing Cloud Workloads
2018 Report The State of Securing Cloud Workloads 1 Welcome to our 2018 report on the state of securing cloud workloads A summary of the responses of close to 350 professionals whose primary areas of responsibility
More informationSecurity as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS
Security as Code: The Time is Now Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS Introduction Business is moving faster to the cloud, and DevOps is accelerating scale and pushing automation
More informationMODERNIZE INFRASTRUCTURE
SOLUTION OVERVIEW MODERNIZE INFRASTRUCTURE Support Digital Evolution in the Multi-Cloud Era Agility and Innovation Are Top of Mind for IT As digital transformation gains momentum, it s making every business
More informationAnnexure 08 (Profile of the Project Team)
Annexure 08 (Profile of the Project Team) 1. Project Director (1) 2. Transition / Delivery Manager (1) 3. Project Manager Software (1) 4. Project Manager SLA (1) 5. Project Manager Information Security
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More information1V0-642.exam.30q.
1V0-642.exam.30q Number: 1V0-642 Passing Score: 800 Time Limit: 120 min 1V0-642 VMware Certified Associate 6 Network Visualization Fundamentals Exam Exam A QUESTION 1 Which is NOT a benefit of virtualized
More informationUnderstanding As-a-service: Teradata IntelliCloud
Understanding As-a-service: Teradata IntelliCloud Brian Wood, Director of Cloud Marketing 1 2 Agenda Key Takeaways Is it real and ready for prime-time? Yes! 50+ customers, growing size & complexity, AWS,
More informationVirtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC
Virtualization Security & Audit John Tannahill, CA, CISM, CGEIT, CRISC jtannahi@rogers.com Session Overview Virtualization Concepts Virtualization Technologies Key Risk & Control Areas Audit Programs /
More informationRethinking Product Security: Cloud Demands a New Way
SESSION ID: CSV-R11 Rethinking Product Security: Cloud Demands a New Way Reeny Sondhi Chief of Product Security Autodesk Inc. @reenysondhi Tony Arous Head of Application Security Autodesk Inc. @tonyarous
More informationAZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments
AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES To Secure Azure and Hybrid Cloud Environments Introduction Cloud is at the core of every successful digital transformation initiative. With cloud comes new
More informationDEVOPSIFYING NETWORK SECURITY. An AlgoSec Technical Whitepaper
DEVOPSIFYING NETWORK SECURITY An AlgoSec Technical Whitepaper Introduction This technical whitepaper presents and discusses the concept of Connectivity as Code, a complementary concept to Infrastructure
More informationSupporting the Cloud Transformation of Agencies across the Public Sector
SOLUTION SERVICES Supporting the Cloud Transformation of Agencies across the Public Sector BRIEF Digital transformation, aging IT infrastructure, the Modernizing Government Technology (MGT) Act, the Datacenter
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationTransform Your Business To An Open Hybrid Cloud Architecture. Presenter Name Title Date
Transform Your Business To An Open Hybrid Cloud Architecture Presenter Name Title Date Why You Need To Transform Your Business Public cloud performance setting new expectations for: IT speed, flexibility
More information2018 Cisco and/or its affiliates. All rights reserved.
Beyond Data Center A Journey to self-driving Data Center with Analytics, Intelligent and Assurance Mohamad Imaduddin Systems Engineer Cisco Oct 2018 App is the new Business Developer is the new Customer
More informationNETWORK AND SD-VPN. Meshing legacy and Cloud Service Providers
NETWORK AND SD-VPN NETWORK AND SD-VPN Reduced network overheads and complexity, and an agile approach to Network Transformation. Cloud Gateway lets you reduce appliance sprawl and network aggregation points
More informationEnabling Innovation in the Digital Economy
White Paper Business Agility Enabling Innovation in the Digital Economy Business Agility White Paper Enabling Innovation in the Digital Economy Five Steps to Implementing a Software-defined Infrastructure
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationMurray Goldschmidt. Chief Operating Officer Sense of Security Pty Ltd. Micro Services, Containers and Serverless PaaS Web Apps? How safe are you?
Murray Goldschmidt Chief Operating Officer Sense of Security Pty Ltd Micro Services, Containers and Serverless PaaS Web Apps? How safe are you? A G E N D A 1 2 3 Serverless, Microservices and Container
More information5 Steps to Government IT Modernization
5 Steps to Government IT Modernization 1 WHY MODERNIZE? IT modernization is intimidating, but it s necessary. What are the advantages of modernization? Enhance citizen experience and service delivery Lower
More informationPut Security Into Your DevOps NOW. Or Prepare for the Flood Matthew Fisher Solution Architect, Fortify Federal 08MAR2018
Put Security Into Your DevOps NOW Or Prepare for the Flood Matthew Fisher Solution Architect, Fortify Federal 08MAR2018 Defining Devops State of Devops Report (Puppet, Dora):..set of practices and cultural
More informationEnterprise & Cloud Security
Enterprise & Cloud Security Greg Brown VP and CTO: Cloud and Internet of Things McAfee An Intel Company August 20, 2013 You Do NOT Want to Own the Data Intel: 15B 2015 Cisco: 50B 2020 2 August 21, 2013
More informationA DEVOPS STATE OF MIND. Chris Van Tuin Chief Technologist, West
A DEVOPS STATE OF MIND Chris Van Tuin Chief Technologist, West cvantuin@redhat.com In short, software is eating the world. - Marc Andreessen, Wall Street Journal, August 2011 UBER, LYFT FALLOUT: TAXI
More informationDevSecOps Shift Left Security. Prioritizing Incident Response using Security Posture Assessment and Attack Surface Analysis
DevSecOps Shift Left Security Prioritizing Incident Response using Security Posture Assessment and Attack Surface Analysis Themes Vulnerabilities are Low Hanging Fruit Why so many breaches that Anti-Virus
More informationRSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief
RSA Solution Brief Managing Risk Within Advanced Security Operations RSA Solution Brief How do you advance your security operations function? Increasingly sophisticated security threats and the growing
More information