HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE

Transcription

1 #RSAC SESSION ID: SPO3-T07 HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE Tom Corn Senior Vice President/GM Security Products

2 Increase in Security Losses Forecasted Growth in Overall IT Spend Growth in Security Spend 26% (since 2014) 4.5% 10.2% (since 2017) $3.7 Trillion in 2018 Gartner Press Release, Gartner Says Global IT Spending to Reach $3.7 Trillion in 2018, January 16, 2018 $91.4 Billion in 2018 Source: IDC, Worldwide Semiannual Security Spending Guide, #US , March 2018 $600 Billion in 2017 Source: Center for Strategic and Int l Studies, Economic Impact of Cybercrime, February,

3 Security Controls 3

4 Threat Landscape Nation States Organized Crime Hacktivists Agile Apps Center / Cloud Infrastructure End User Infrastructure Compute Network Storage Users Devices Access Modernization 4

5 Dynamics of an Attack Attacker Infiltration Propagation Extraction Exfiltration Defender 5

6 Dynamics of an Attack Attacker Infiltration Propagation Extraction Exfiltration Defender 6

7 Home-court advantage noun the advantage that you have over an opponent when a sports contest takes place at your own sports field or court. Macmillan Dictionary 7

8 Home-court advantage 8

9 Home-Court Advantage Bedroom Kitchen Living Room Playroom Courtyard Outdoor Kitchen Bathroom Master Bedroom Study Garage 9

10 Home-Court Advantage Comes From Understanding how your family uses your home, and using that context to shrink your security posture Family Bedroom Kitchen Living Room Playroom Courtyard Outdoor Kitchen Bathroom Master Bedroom Study Garage 10

11 If You Want Home-Court Advantage Take advantage of what you know better than an attacker Detect Threats Family Shrink the Attack Surface 11

12 Why don t we get homecourt advantage in cyber security? 12

13 We Keep All the Lights On, and All the Rooms Open Bedroom Room Kitchen Room Living Room Room Playroom Room Courtyard Outdoor Room Kitchen Bathroom Room Master Room Bedroom Room Study Garage Room 13

14 14

15 We See Through an Infrastructure Lens Monitor Perimeter For Threats Monitor Network For Threats Monitor Endpoint For Threats 15

16 If We Compartmentalize at All, it s Aligned to an Infrastructure Lens Bedrooms Bathrooms Kitchens Living Rooms 16

17 17

18 18

19 Threat Posture 19

20 We Should Focus More on Core Protection Strategies Gartner Market Guide for Cloud Workload Protection Framework Figure 1. Cloud Workload Protection Controls Hierarchy, 2018 Gartner, Inc. AV Less Critical Deception HIPS with Vulnerability Shielding Server Workload EDR Behavioral Monitoring IaaS at Rest Encryption Important, but often provided outside of CWPP Optional Server Protection Strategies Exploit Prevention / Memory Protection Application Control / Whitelisting System Integrity Monitoring / Management Core Server Protection Strategies Network Firewalling, Segmentation and Visibility Hardening, Configuration and Vulnerability Management Foundational No arbitrary code No , web client Admin Privilege Management Change Management Log Management Operations Hygiene Restricted Physical and Logical Perimeter Access Source: Gartner, Market Guide for Cloud Workload Protection Platforms, Neil MacDonald, March 26th Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. 20

21 And We Should Focus on Applications and And how they use the infrastructure versus focusing just on the infrastructure Family Bedroom Room Kitchen Room Living Room Room Playroom Room Courtyard Outdoor Room Kitchen Bathroom Room Master Room Bedroom Room Study Garage Room 21

22 Cyber Threats Residual Risk Apps Cyber Hygiene Attack Surface Micro- Segmentation Least Privilege Encryption Multi-Factor Authentication Patching 22

23 Apps Apps 23

24 Threat Landscape Nation States Organized Crime Hacktivists Agile Apps Center / Cloud Infrastructure End User Infrastructure Compute Network Storage Users Devices Access Modernization 24

25 Compute Network Storage Users Devices Access Cloud & Mobile Infrastructure Can the unique properties of cloud and mobile be the solution versus the problem? 25

26 Virtualization Mobility Apps 26

27 Security Controls Arch/Eng SOC GRC Compute Network User Device SaaS Context Control SDDC Apps User Access Layer Virtualization Mobility Compute Network Users Devices Access Secure Infrastructure 27

28 Cyber Threats Residual Risk Apps Cyber Hygiene Attack Surface Micro- Segmentation Least Privilege Encryption Multi-Factor Authentication Patching 28

29 Apps Secure Infrastructure Compute Network Users Devices Access 29

30 Changing the Application Security Model From chasing bad to ensuring good Chasing Bad OS 75,000, Processes Processes Processes Ensuring Good Compute Network Users Devices Access 30

31 Processes Processes Processes App Web Processes Processes Processes OS OS Apps Processes Processes Processes Storage DB Processes Processes Processes OS OS Compute Network Users Devices Access 31

32 Protecting Applications in Virtualized and Cloud Environments Learn Protect Capture & Analyze Detect Respond Manifest Manifest Compute Network Users Devices Access 32

33 Uniquely Leverage the Hypervisor Application Isolation Automation What was Provisioned What is Running Compute Network Users Devices Access 33

34 Capture & Analyze Capture the purpose and intended state of applications and VMs Learn Protect Capture & Analyze Detect Respond Off-the-shelf apps OTS Software base Machine Learning Custom apps CI/CD pipeline [Provisioning systems] [Automation frameworks] Intended State Engine App Scope Manifest Manifest Manifest vcenter ESX Compute Network Users Devices Access 34

35 Detect Runtime application attestation and secure manifest store Learn Protect Capture & Analyze Detect Respond Processes Processes Processes Processes Processes Processes Processes Processes Processes OS OS OS AppDefense Monitor AppDefense Monitor AppDefense Monitor Manifest Manifest Manifest Protected zone Compute Network Users Devices Access 35

36 Respond Orchestrated incident response routines for the SOC Learn Protect Capture & Analyze Detect Respond Secure infrastructure Integrated Ecosystem Snapshot Quarantine Block/Alarm Network Blocking Compute Network Users Devices Access 36

37 Review and Readiness Collaboration between security teams and application teams Learn Protect Review Detect Continuous Learning Continuous Protection Readiness Respond Compute Network Users Devices Access 37

38 Review and Readiness Collaboration Between Security Teams and Application Teams Figure 2: DevSecOps: Secure Development as a Continuous Improvement Process 2017 Gartner, Inc. Dev Sec Ops Create Plan Continuous Improvement Prevent Continuous Configuration Detect Continuous Integration Monitoring and Analytics Adapt Release Monitoring and Analytics Continuous Monitoring Verify Continuous Deployment Continuous Learning Respond Preprod Predict Continuous Delivery Source: Gartner,10 Things to Get Right for Successful DevSecOps, Neil MacDonald, October Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. 38

39 Demo

40 Security Controls Apps Secure Infrastructure Compute Network Users Devices Access 40

41 Enabling Richer Security Controls Security Controls MSSP SIEM GRC EDR Containers Network User Device SaaS Control Context Apps SDDC User Access Layer Compute Network Secure Infrastructure Users Devices Access Source: Momentum Partners Cyberscape

42 Security Controls Apps Secure Infrastructure Compute Network Users Devices Access 42

43 App Web Apps Storage DB Compute Network Users Devices Access 43

44 App Web Apps Storage DB Compute Network Users Devices Access 44

45 Security Controls Apps Secure Infrastructure Compute Network Users Devices Access 45

46 Enabling Richer Security Controls Security Controls Arch/Eng SOC GRC EndPoint Network User Device SaaS Control Context Apps SDDC User Access Layer Compute Network Secure Infrastructure Users Devices Access Source: Momentum Partners Cyberscape

47 Security Controls Apps Secure Infrastructure Compute Network Users Devices Access 47

48 App Web Application Apps Storage DB Compute Network Users Devices Access 48

49 Security Controls Apps Secure Infrastructure Compute Network Users Devices Access 49

50 App Web Apps Storage DB Compute Network Users Devices Access 50

51 Validate and Verify Right user + right device + right app Private Cloud Apps SaaS Insertion Point Insertion Point Public Cloud Compute Network Users Devices Access 51

52 Security Controls Apps Secure Infrastructure Compute Network Users Devices Access 52

53 Enabling Richer Security Controls Security Controls Arch/Eng SOC GRC Compute Network Identity Device CASB Control Context Apps SDDC User Access Layer Compute Network Secure Infrastructure Users Devices Access Source: Momentum Partners Cyberscape

54 If You Want Home-Court Advantage Take advantage of what you know better than an attacker Detect Threats Family Shrink the Attack Surface 54

55 Cyber Threats Residual Risk Apps Micro- Segmentation Least Privilege Encryption Multi-Factor Authentication Patching Cyber Hygiene Attack Surface 55

56 Transforming CYBERSecurity Security Controls Arch/Eng SOC GRC Compute Network User Device SaaS Control Context Apps SDDC User Access Layer Compute Network Secure Infrastructure Users Devices Access Source: Momentum Partners Cyberscape

57 Compute Network Users Devices Access Secure Infrastructure Go beyond: Securing Cloud & Mobility To using: Cloud & Mobility to Secure 57

58 #RSAC SESSION ID: SPO3-T07 HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE Tom Corn Senior Vice President/GM Security Products

59 Transforming CYBERSecurity Security Controls Arch/Eng SOC GRC Compute Network User Device SaaS Control Context Apps SDDC User Access Layer Compute Network Secure Infrastructure Users Devices Access Source: Momentum Partners Cyberscape