PROTECT WORKLOADS IN THE HYBRID CLOUD
|
|
- Ambrose Long
- 5 years ago
- Views:
Transcription
1 PROTECT WORKLOADS IN THE HYBRID CLOUD SPOTLIGHTS Industry Aviation Use Case Protect workloads in the hybrid cloud for the safety and integrity of mission-critical applications and sensitive data across the public cloud and enterprise data centers. Business Benefits Support public cloud adoption for the flexibility and cost advantages while inherently protecting business-critical data, such as intellectual property, flight plans, regulated data (e.g., PII) and other proprietary data, accessible across the extended environment. Operational Benefits Adapt security at the speed of your business needs. Automate deployment of multiple virtual security appliances with bootstrap configurations. Streamline policy deployment to keep pace with dynamic changes in cloud computing workloads. Maintain consistent security and management across legacy and public cloud environments. Seamlessly extend the private data center for ease of support. Security Benefits Reduce attackers ability to move laterally within the public cloud through application awareness. Reduce the risk of accidental or intentional insider access to virtualized computing resources based on user visibility. Segregate the private data center from the public cloud with consistent security across the entire hybrid environment. Business Challenge Public cloud infrastructure-as-a-service or platform-as-a-service offerings, such as Amazon Web Services (AWS ), Microsoft Azure or Google Cloud Platform, can quickly and economically accommodate unexpected or temporary business computing workloads. Many aviation organizations are extending their private data centers to the public cloud for a hybrid cloud model with competitive and operational benefits. However, proper alignment of security and resiliency to enterprise standards and policies is still required. In the aviation industry, concerns over data, workload, siloed legacy systems, processes, infrastructure security and latency have slowed adoption of the public cloud. Wherever data resides, it can become the target of malicious entities. Moving some of that data to the public cloud does not shift responsibility for it, though, as such responsibility cannot be delegated. Organizations must take appropriate measures to protect their data residing in the public cloud as well. A few aviation industry pioneers have already placed some workloads on public IaaS offerings. Others are evaluating cautiously to ensure effective security controls, 24/7 availability and regulatory compliance, including data residency concerns. Business Drivers Cloud computing is necessary to remain competitive, maintain operational excellence and manage IT costs more effectively. Constrained IT budgets seek relief through more economical public cloud services. However, the move to the public cloud must be done with security foremost in mind. Many in the aviation industry want to leverage the agility, flexibility and economics of public cloud infrastructure to complement their private data centers while ensuring intellectual property, regulated data (e.g., PII, PCI DSS) and other sensitive data is protected. To achieve this, the following issues in a hybrid cloud model need to be addressed: Limited visibility into applications and data in the public cloud. Varying native security capabilities and features at different cloud providers. Shared responsibility for security in the public cloud. Scaling security up and down as needed with dynamic addition and deletion of virtual machines. Palo Alto Networks Protect Workloads in the Hybrid Cloud for Aviation Use Case 1
2 Traditional Approaches Building upon existing practices, enterprises are likely to secure connections to cloud service providers just as they would any other third-party partner. However, in recognition of the infrastructure nature of the outsourced service, enterprises may also opt to leverage the native security available from the cloud provider strictly out of convenience as a complementary measure. Customer-provided security measures: As with any other third-party business partner, many customers deploy stateful inspection firewalls at the enterprise network perimeter and/or IaaS edge to control traffic flow based on well-known port and IP address pairs. However, such firewalls are not application-aware and cannot adequately manage traffic, as many applications may use arbitrary ports, or even hop ports, during the lifespan of a session. Moreover, these perimeter firewalls do not safely enable traffic flow within the virtual environments at the cloud provider. Cloud provider security measures: Cloud providers openly promote a shared security responsibility model for use of their public cloud IaaS or PaaS computing resources. In this model, the cloud provider is responsible for the underlying infrastructure (i.e., the physical elements of which the service is composed), while the customer is responsible for the data or applications (depending on IaaS or PaaS model) deployed in the environment. Encryption is strongly recommended for data at rest and in transit (see Figure 1). Additionally, the cloud provider offers optional tools to assist customers in securing their data and workloads, including network security, inventory, configuration management, data security and access control. Within the IaaS or PaaS environment, network isolation, virtual networks, security groups (essentially stateful inspection firewalls) and network access control lists offer some degree of traffic control at the cloud provider. However, these all have the limitation of not being application-aware. Additionally, leveraging multiple tools from different cloud providers is difficult to maintain, and security policies increase the complexity of building and maintaining the IaaS environment, especially at scale. Responsibility On-Prem IaaS PaaS Data classification and accountability Client and endpoint protection Identify and access management Application level controls Network controls Host infrastructure Physical security As further evidence of their commitment to the security of their underlying infrastructure, cloud providers offer certifications of compliance with various regulations or standards (e.g., ISO/IEC 27001:2013, PCI Cloud Customer Cloud Provider DSS, EU Model Clauses). However, the customer is ultimately responsible Figure 1: Shared responsibility model for demonstrating compliance with all relevant regulatory requirements, building upon the cloud provider s foundation. For example, transferring personal data out of the European Union is only permitted when the receiving locale has equivalent data privacy laws. The public cloud customer will need to take steps to demonstrate compliance with the EU General Data Protection Regulation, which will be in effect as of May 25, This may take the form of explicitly and contractually limiting data and workload to public cloud facilities located within the EU. Palo Alto Networks Approach Palo Alto Networks provides the means to extend the enterprise network to public IaaS or PaaS providers seamlessly, using one or more IPsec VPNs. These are the only permissible connections between the enterprise and the public cloud provider. This protects data in transit between the private data center and the public cloud, and creates the foundation for the hybrid data center. To provide resiliency, connections to another geographically diverse cloud provider gateway may also be deployed. For even greater diversity, a separate public cloud provider may also be used. This is known as a multi-cloud configuration. With Palo Alto Networks Next-Generation Security Platform, the aviation industry can improve its security posture by directly mapping security policies to key business initiatives. The addition of context around application, content and user activity, through App-ID, Content-ID and User-ID technology, provides greater visibility that leads to faster incident response and improved forensics. These same elements form the integral components of the public cloud security policy, just as they do in the private data center. Expected application flows can be allowed while all else is denied within, into and out of the cloud. Threat prevention policies can block known and unknown malware from spreading in the virtual environment. Data filtering can block the transfer of sensitive data patterns (e.g., credit card numbers) and dangerous file types. These capabilities provide significant protection beyond the basic security features offered by the public cloud provider. Palo Alto Networks enables aviation industry businesses to move their applications and data to the public cloud while Palo Alto Networks Protect Workloads in the Hybrid Cloud for Aviation Use Case 2
3 maintaining the same security posture established on their private networks. A consistent security posture is ensured through centralized management that can control both the physical and virtual firewall instances. Palo Alto Networks offers a unified public and private cloud-based architecture that can scale from the smallest organization to the largest enterprise with a single security platform that may be deployed simply and pervasively throughout the network. Architectural Vision Using AWS as an example of a cloud provider, Figure 2 depicts a deployment of a hybrid cloud environment. The private data center is connected to the AWS Virtual Private Cloud via an IPsec VPN that terminates on next-generation firewall instances. For further resiliency (not shown), this same configuration can be replicated from a second private data center to another AWS region or a different public cloud provider. Within the VPC, Palo Alto Networks virtualized next-generation firewalls and servers are distributed across different availability zones to create separate fault domains for high availability and to accommodate maintenance windows. As shown, two firewalls are deployed in each availability zone, in an active/passive, stateful failover, high availability configuration, to secure traffic moving into and out of the environment. PN DC-FW1 DC-FW2 NSX NSX IPsec VPN Internet AZ1c AZ1b Private Data Center Figure 2: Hybrid cloud architecture diagram Use Case Implementation In this deployment (see Figure 2), the private data center was extended to AWS to host the internet-facing applications. Palo Alto Networks Next-Generation Firewall appliances are used to secure the AWS Direct Connect link. virtual next-generation firewalls handle traffic between the internet and the servers in the virtual private cloud at AWS. PN DC-FW1 DC-FW2 NSX NSX IPsec VPN Internet AZ1c AZ1b Private Data Center Figure 3: Use case deployment Palo Alto Networks Protect Workloads in the Hybrid Cloud for Aviation Use Case 3
4 In this use case, as shown in Figure 4, we have additional VPCs at AWS. There is also a business-to-business VPC as an example. Protected for by the, this VPC can also be used for other third parties, like MRO (maintenance, repair and overhaul). Within AWS, supporting VPCs are dedicated by business unit to separate test, staging and production workloads from one another. This creates segmentation within and across Airline 1 and Airline 2 VPCs to limit lateral movement and the propagation of malware through their public cloud. Airline 1 Airline 2 B2B MRO PRODUCTION STAGING TEST PRODUCTION STAGING TEST IPsec VPNs to third parties VPC peering Direct connect Corporate Data Center Figure 4: Additional AWS VPCs Implementation Overview Products Required Palo Alto Networks (virtual next-generation firewall) at public IaaS or PaaS provider Palo Alto Networks Next-Generation Firewall (physical appliance) in the corporate data center Palo Alto Networks Panorama network security management for all next-generation firewalls How the Hybrid Cloud Is Implemented (High Level) Physical next-generation firewalls monitor and control traffic between the enterprise data center and the public cloud instance. The firewalls include subscriptions for Threat Prevention, URL Filtering and WildFire cloud-based threat analysis service. Internet-facing applications hosted in the public cloud are protected by virtual appliances and control traffic with firewall policies based on App-ID. Firewall rules based on App-ID are used to control inter-vpc traffic between Airline 1 and Airline 2 at AWS. Business units with multiple VPCs (e.g., development, test) segregate them with AWS security groups. How the Hybrid Cloud Works (High Level) The public cloud is designed as a logical but untrusted extension of the existing private data center. An IPsec VPN tunnel between the private data center and the cloud provider carries all traffic across the hybrid cloud environment over a dedicated, high-bandwidth wide area network. Palo Alto Networks Next-Generation Firewall appliances (physical and virtual) safely enable all traffic moving through the public cloud environment. No data traverses the cloud provider environment without passing through a Palo Alto Networks firewall. Consistent Palo Alto Networks Next-Generation Firewall features (e.g., application control, IPS, anti-malware, anti-exploit, sandboxing and URL Filtering) and security policies apply across both the private and public cloud portions of the network. Panorama can monitor and centrally manage all of this enforcement. Benefits of Palo Alto Networks for Hybrid Cloud Following the Palo Alto Networks approach for hybrid cloud deployments, aviation industry organizations may realize the following benefits: Business Benefits Support the adoption of public cloud computing for agility, flexibility and economies of scale while inherently protecting business-critical data, such as intellectual property, regulated data (e.g., PII), flight plans and other proprietary data, accessible across the extended environment. Palo Alto Networks Protect Workloads in the Hybrid Cloud for Aviation Use Case 4
5 Operational Benefits Reduce operational time to secure the data center with security adapted to the speed of your business, allowing for more effective use of staff resources elsewhere. Automate the deployment of multiple physical and virtual security appliances with bootstrapped configurations. Streamline policy deployment so that security keeps pace with changes in compute workloads. Seamlessly extend the private data center to the public cloud for network transparency and ease of support. Scale your next-generation firewalls on AWS for increased aggregate capacity and improved availability in the public cloud. Centralize management of all physical form factor and next-generation firewalls, on- and off-premise, to ensure consistent system configurations, provide streamlined policy updates and get a single view of all logs from the entire security architecture. Security Benefits Reduce business and operational risk: Minimize exposure with siloed systems and data. Limit unauthorized lateral movement into and within the virtualized public cloud environment. Prevent exfiltration of data from the public cloud. Enjoy better security controls than ports and IP addresses can provide. Block previously seen and brand-new malware across zones/segments/attack vectors at every stage of the attack lifecycle. Reduce the risk of accidental or intentional insider access to virtualized resources in the public cloud based on application and user awareness with App-ID and User-ID, respectively. Get consistent security across all environments, with the confidence that the data workload and environment in the public cloud enjoy the same Palo Alto Networks Next-Generation Security Platform protections available in the private data center. Additional Resources Find further resources to secure your public cloud implementations at the links below: Services to Help You Support Palo Alto Networks Customer Support automates the discovery of related cases to increase productivity and get you to a resolution more quickly. We offer multiple support packages: Standard, Premium and Premium Plus. You can also opt for your own technical account manager as a subscription-based extension of Premium Support. Premium Plus provides both a designated technical support engineer and technical account manager who will learn and understand your deployment at technical and business levels. This in-depth understanding accelerates incident resolution. Consulting Palo Alto Networks Consulting Services provide access to specialized talent knowledgeable in ensuring the safe enablement of applications. By matching talent to task, we deliver the right expertise at the right time, dedicated to your success. Resident engineers, for example, provide on-site product expertise and are uniquely qualified to advise how to get the most out of your Next-Generation Security Platform deployment. Education Training from a Palo Alto Networks Authorized Training Center delivers the knowledge and expertise to prepare you to protect our way of life in the digital age. Our trusted security certifications provide the necessary Next-Generation Security Platform knowledge to prevent successful cyberattacks and safely enable applications Tannery Way Santa Clara, CA Main: Sales: Support: Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of our trademarks can be found at paloaltonetworks.com/company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies. protect-workloads-in-thehybrid-cloud -for-aviation-uc
SEGMENTATION TO A TRADITIONAL DATA CENTER
APPLY NETWORK SEGMENTATION TO A TRADITIONAL DATA CENTER SUMMARY Industry Financial Services Use Case Apply network segmentation for effective protection of mission-critical applications and data in a traditional
More informationAUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs
AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs WITH PALO ALTO NETWORKS AND REAN CLOUD 1 INTRODUCTION EXECUTIVE SUMMARY Organizations looking to provide developers with a free-range development environment
More informationVM-SERIES FOR VMWARE VM VM
SERIES FOR WARE Virtualization technology from ware is fueling a significant change in today s modern data centers, resulting in architectures that are commonly a mix of private, public or hybrid cloud
More informationVM-SERIES ON GOOGLE CLOUD DEPLOYMENT GUIDELINES
SERIES ON GOOGLE CLOUD DEPLOYMENT GUIDELINES Organizations are adopting Google Cloud Platform to take advantage of the same technologies that drive common Google services. Many business initiatives, such
More informationONBOARDING GUIDE GLOBALPROTECT CLOUD SERVICE FOR REMOTE NETWORKS
ONBOARDING GUIDE GLOBALPROTECT CLOUD SERVICE FOR REMOTE NETWORKS GlobalProtect cloud service extends Palo Alto Networks Next-Generation Security Platform to your remote networks and mobile users. It operationalizes
More informationGLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationPANORAMA. Figure 1: Panorama deployment
PANORAMA Security deployments are complex and can overload IT teams with complex security rules and mountains of data from multiple sources. Panorama network security management empowers you with easy-to-implement,
More informationSECURITY PLATFORM FOR HEALTHCARE PROVIDERS
SECURITY PLATFORM FOR HEALTHCARE PROVIDERS Hundreds of hospitals, clinics and healthcare networks across the globe prevent successful cyberattacks with our Next-Generation Security Platform. Palo Alto
More informationZero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection
Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information
More informationMcAfee Public Cloud Server Security Suite
McAfee Public Cloud Server Security Suite Comprehensive security for AWS and Azure cloud workloads As enterprises shift their data center strategy to include and often lead with public cloud server instances,
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationCato Networks. Network Security as a Service
Cato s Security as a Service SHLOMO KRAMER, CEO Founder: Check Point (CHKP), Imperva (IMPV) Investor: Palo Alto s (PANW), Trusteer, GUR SHATZ, CTO VP R&D, PM: Imperva (IMPV) Founder: Incapsula (Imperva
More informationDECRYPT SSL AND SSH TRAFFIC TO DISRUPT ATTACKER COMMUNICATIONS AND THEFT
DECRYPT SSL AND SSH TRAFFIC TO DISRUPT ATTACKER COMMUNICATIONS AND THEFT SUMMARY Industry Federal Government Use Case Prevent potentially obfuscated successful cyberattacks against federal agencies using
More informationSecuring Your Microsoft Azure Virtual Networks
Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up
More informationCato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief
Cato Cloud Software-defined and cloud-based secure enterprise network Solution Brief Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise Cato Networks: Software-defined and Cloud-based
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationBUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY
SOLUTION OVERVIEW BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY Every organization is exploring how technology can help it disrupt current operating models, enabling it to better serve
More informationCato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN
Cato Cloud Software-defined and Cloud-based Secure Enterprise Network Solution Brief NETWORK + SECURITY IS SIMPLE AGAIN Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise The
More informationHARNESSING THE HYBRID CLOUD TO DRIVE GREATER BUSINESS AGILITY
HARNESSING THE HYBRID CLOUD TO DRIVE GREATER BUSINESS AGILITY WHY DIGITAL TRANSFORMATION IS DRIVING ADOPTION OF MULTI-CLOUD STRATEGIES In the era of digital business, enterprises are increasingly using
More informationSecuring Your Most Sensitive Data
Software-Defined Access Securing Your Most Sensitive Data Company Overview Digital Growth Means Digital Threats Digital technologies offer organizations unprecedented opportunities to innovate their way
More informationVMware Hybrid Cloud Solution
VMware Hybrid Cloud Solution Simplifying and Accelerating Your Multi-Cloud Strategy Bunyamin Ozyasar System Engineer Manager 2017 VMware Inc. All rights reserved. Today s Agenda 1 2 3 VMware SDDC Approach
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationFIREWALL OVERVIEW. Palo Alto Networks Next-Generation Firewall
FIREWALL OVERVIEW Palo Alto Networks Next-Generation Firewall Fundamental shifts in application usage, user behavior, and complex, convoluted network infrastructure create a threat landscape that exposes
More informationEnsuring a Consistent Security Perimeter with CloudGenix AppFabric
USE CASE BRIEF Ensuring a Consistent Security Perimeter with CloudGenix AppFabric CloudGenix AppFabric ensures a consistent security perimeter for every site in the enterprise in the midst of constantly
More informationPANORAMA. Key Security Features
PANORAMA Security deployments are complex and can overload IT teams with complex security rules and mountains of data from multiple sources. Panorama network security management empowers you with easy-to-implement,
More informationSOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN
S O L U T I O N O V E R V I E W SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN Today s branch office users are consuming more wide area network (WAN) bandwidth
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationGDPR: An Opportunity to Transform Your Security Operations
GDPR: An Opportunity to Transform Your Security Operations McAfee SIEM solutions improve breach detection and response Is your security operations GDPR ready? General Data Protection Regulation (GDPR)
More informationThe Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy
The Next Generation Security Platform Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy The Next Generation Enterprise Security Platform Core Value Proposition An Enterprise Security
More informationBusiness Strategy Theatre
Business Strategy Theatre Security posture in the age of mobile, social and new threats Steve Pao, GM Security Business 01 May 2014 In the midst of chaos, there is also opportunity. - Sun-Tzu Security:
More informationSecuring the Software-Defined Data Center
Securing the Software-Defined Data Center The future of the data center is software defined Key Advantages McAfee Network Platform 8.4 Delivers best-in-class IPS security across physical and softwaredefined
More informationCloud Services. Infrastructure-as-a-Service
Cloud Services Infrastructure-as-a-Service Accelerate your IT and business transformation with our networkcentric, highly secure private and public cloud services - all backed-up by a 99.999% availability
More informationOptimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution
DATASHEET Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution Features & Benefits Best-in-class VPN and vadc solutions A single point of access for all
More informationCisco Cloud Application Centric Infrastructure
Cisco Cloud Application Centric Infrastructure About Cisco cloud application centric infrastructure Cisco Cloud Application Centric Infrastructure (Cisco Cloud ACI) is a comprehensive solution for simplified
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationMODERNIZE INFRASTRUCTURE
SOLUTION OVERVIEW MODERNIZE INFRASTRUCTURE Support Digital Evolution in the Multi-Cloud Era Agility and Innovation Are Top of Mind for IT As digital transformation gains momentum, it s making every business
More informationCloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017
Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and
More informationComprehensive Database Security
Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought
More informationA CISO GUIDE TO MULTI-CLOUD SECURITY Achieving Transparent Visibility and Control and Enhanced Risk Management
A CISO GUIDE TO MULTI-CLOUD SECURITY Achieving Transparent Visibility and Control and Enhanced Risk Management CONTENTS INTRODUCTION 1 SECTION 1: MULTI-CLOUD COVERAGE 2 SECTION 2: MULTI-CLOUD VISIBILITY
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationVMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION
TECHNICAL MARKETING DOCUMENTATION October 2014 Table of Contents Purpose and Overview.... 3 1.1 Background............................................................... 3 1.2 Target Audience...........................................................
More informationDynamic WAN Selection
KNOW YOUR NETWORK DATA SHEET Dynamic WAN Selection Overview Ipanema s Dynamic WAN Selection (DWS) is a core component of Ipanema SD-WAN and provides user-centric, dynamic path selection. It automatically
More informationCustomer Onboarding with VMware NSX L2VPN Service for VMware Cloud Providers
VMware vcloud Network VMware vcloud Architecture Toolkit for Service Providers Customer Onboarding with VMware NSX L2VPN Service for VMware Cloud Providers Version 2.8 August 2017 Harold Simon 2017 VMware,
More informationAPP-ID. A foundation for visibility and control in the Palo Alto Networks Security Platform
APP-ID A foundation for visibility and control in the Palo Alto Networks Security Platform App-ID uses multiple identification techniques to determine the exact identity of applications traversing your
More informationCisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY
Cisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY CASE STUDY ADOBE 2 About Adobe Adobe Systems provides digital media and marketing solutions to customers around the world including
More informationPolicy Enforcer. Product Description. Data Sheet. Product Overview
Policy Enforcer Product Overview Juniper s Software-Defined Secure Network (SDSN) platform leverages the entire network, not just perimeter firewalls, as a threat detection and security enforcement domain.
More informationVerizon Software Defined Perimeter (SDP).
Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.
More informationTransit VPC Deployment Using AWS CloudFormation Templates. White Paper
Transit VPC Deployment Using AWS CloudFormation Templates White Paper Introduction Amazon Web Services(AWS) customers with globally distributed networks commonly need to securely exchange data between
More informationCitrix SD-WAN for Optimal Office 365 Connectivity and Performance
Solution Brief Citrix SD-WAN for Optimal Office 365 Connectivity and Performance Evolving Needs for WAN Network Architecture Enterprise networks have historically been architected to provide users access
More informationAgenda. This Session: Azure Networking Basics, On-prem connectivity options DEMO Create VNET/Gateway Cost-estimation for VNET/Gateways
Onur Dogruoz Agenda Previous Sessions: Introduction to Azure Infrastructure as a Service (IaaS), Azure portal, role-based access control (RBAC), calculator overview VM Types, Azure Hybrid Use Benefits(AHUB),
More informationVMware vshield Edge Design Guide
ware Technical WHITE PAPER ware Overview The new virtual datacenter (vdc) infrastructure deployments enable IT to provide on-demand infrastructure services to its customers on a common, shared infrastructure
More informationWhy the cloud matters?
Why the cloud matters? Speed and Business Impact Expertise and Performance Cost Reduction Trend Micro Datacenter & Cloud Security Vision Enable enterprises to use private and public cloud computing with
More informationLayer Security White Paper
Layer Security White Paper Content PEOPLE SECURITY PRODUCT SECURITY CLOUD & NETWORK INFRASTRUCTURE SECURITY RISK MANAGEMENT PHYSICAL SECURITY BUSINESS CONTINUITY & DISASTER RECOVERY VENDOR SECURITY SECURITY
More informationTRUE SECURITY-AS-A-SERVICE
TRUE SECURITY-AS-A-SERVICE To effectively defend against today s cybercriminals, organizations must look at ways to expand their ability to secure and maintain compliance across their evolving IT infrastructure.
More informationSIEMLESS THREAT DETECTION FOR AWS
SOLUTION OVERVIEW: ALERT LOGIC FOR AMAZON WEB SERVICES (AWS) SIEMLESS THREAT DETECTION FOR AWS Few things are as important to your business as maintaining the security of your sensitive data. Protecting
More informationSecuring the Modern Data Center with Trend Micro Deep Security
Advania Fall Conference Securing the Modern Data Center with Trend Micro Deep Security Okan Kalak, Senior Sales Engineer okan@trendmicro.no Infrastructure change Containers 1011 0100 0010 Serverless Public
More informationVM-SERIES FOR AWS HYBRID CLOUD DEPLOYMENT GUIDELINES
SERIES FOR AWS HYBRID CLOUD DEPLOYMENT GUIDELINES Cloud-first development initiatives, the need to deliver your applications and services to an exploding number of mobile devices, and the ongoing need
More informationSOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE
SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE March 2018 Table of Contents Introduction...1 Design...2 Use Cases...2 Underlay...3 Overlay...3 Dynamic Segmentation...3 Non-Stop Networking...4 Summary...5
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationSteelConnect. The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN
Data Sheet SteelConnect The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN The Business Challenge Delivery of applications is becoming
More informationAWS Reference Design Document
AWS Reference Design Document Contents Overview... 1 Amazon Web Services (AWS), Public Cloud and the New Security Challenges... 1 Security at the Speed of DevOps... 2 Securing East-West and North-South
More informationSymantec Cloud Workload Protection
Solution Brief Symantec Cloud Workload Protection Secure Your Public Cloud Deployments and Reduce Risk Executive Summary Organizations are rapidly adopting public cloud services such as Amazon Web Services
More informationTwilio cloud communications SECURITY
WHITEPAPER Twilio cloud communications SECURITY From the world s largest public companies to early-stage startups, people rely on Twilio s cloud communications platform to exchange millions of calls and
More informationSECURING THE MULTICLOUD
SECURING THE MULTICLOUD Bahul Harikumar and Ali Bidabadi Juniper Networks This statement of direction sets forth Juniper Networks current intention and is subject to change at any time without notice.
More informationExtending Enterprise Security to Multicloud and Public Cloud
Extending Enterprise Security to Multicloud and Public Cloud Paul Kofoid Sr. Consulting Engineer: Security & Cloud This statement of direction sets forth Juniper Networks current intention and is subject
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationThe threat landscape is constantly
A PLATFORM-INDEPENDENT APPROACH TO SECURE MICRO-SEGMENTATION Use Case Analysis The threat landscape is constantly evolving. Data centers running business-critical workloads need proactive security solutions
More informationAccelerate GDPR compliance with the Microsoft Cloud Agustín Corredera
Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law. Businesses and users are
More informationVendor: Cisco. Exam Code: Exam Name: Cisco Sales Expert. Version: Demo
Vendor: Cisco Exam Code: 646-206 Exam Name: Cisco Sales Expert Version: Demo QUESTION 1 What are three current business factors that are influencing customer decisions in making technology investments?
More informationHow do you decide what s best for you?
How do you decide what s best for you? Experience Transparency Leadership Commitment Cost reduction Security Trustworthiness Credibility Confidence Reliability Compliance Privacy Expertise Flexibility
More informationACTIONABLE SECURITY INTELLIGENCE
ACTIONABLE SECURITY INTELLIGENCE Palo Alto Networks ACC, Logging and Reporting Data is widely available. What is scarce is the ability to extract actionable intelligence from it. Palo Alto Networks next-generation
More informationEBOOK: VMware Cloud on AWS: Optimized for the Next-Generation Hybrid Cloud
EBOOK: VMware Cloud on AWS: Optimized for the Next-Generation Hybrid Cloud Contents Introduction... 3 What is VMware Cloud on AWS?... 5 Customer Benefits of Adopting VMware Cloud on AWS... 6 VMware Cloud
More informationEvolution of Data Center Security Automated Security for Today s Dynamic Data Centers
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationCloud Confidence: Simple Seamless Secure. Dell EMC Data Protection for VMware Cloud on AWS
Cloud Confidence: Simple Seamless Secure Dell EMC Data Protection for VMware Cloud on AWS Introduction From the boardroom to the data center, digital transformation has become a business imperative. Whether
More informationExtending Enterprise Security to Public and Hybrid Clouds
Extending Enterprise Security to Public and Hybrid Clouds Juniper Security for an Ever-Evolving Market Challenge Enterprises are migrating toward public or hybrid clouds much faster than expected, creating
More informationAgenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2
GRC3386BUS GDPR Readiness with IBM Cloud Secure Virtualization Raghu Yeluri, Intel Corporation Shantu Roy, IBM Bill Hackenberger, Hytrust #VMworld #GRC3386BUS Agenda GDPR Overview & Requirements IBM Secure
More informationMcAfee Total Protection for Data Loss Prevention
McAfee Total Protection for Data Loss Prevention Protect data leaks. Stay ahead of threats. Manage with ease. Key Advantages As regulations and corporate standards place increasing demands on IT to ensure
More informationDeliver Office 365 Without Compromise Ensure successful deployment and ongoing manageability of Office 365 and other SaaS apps
Use Case Brief Deliver Office 365 Without Compromise Ensure successful deployment and ongoing manageability of Office 365 and other SaaS apps Overview Cloud-hosted collaboration and productivity suites
More informationData center interconnect for the enterprise hybrid cloud
WHITEPAPER Data center interconnect for the enterprise hybrid cloud The world is moving to the cloud. Everything from entertainment and consumer mobile applications to enterprise software and government
More informationEnhanced Threat Detection, Investigation, and Response
Enhanced Threat Detection, Investigation, and Response What s new in Cisco Stealthwatch Enterprise Release 6.10.2 Cisco Stealthwatch Enterprise is a comprehensive visibility and security analytics solution
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More information3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity
3 Ways Businesses Use Network Virtualization A Faster Path to Improved Security, Automated IT, and App Continuity INTRODUCTION 2 Today s IT Environments Are Demanding Technology has made exciting leaps
More informationVMware vcloud Networking and Security Overview
VMware vcloud Networking and Security Overview Efficient, Agile and Extensible Software-Defined Networks and Security WHITE PAPER Overview Organizations worldwide have gained significant efficiency and
More informationSIMPLIFY PCI COMPLIANCE
SIMPLIFY PCI COMPLIANCE WITH NETWORK SEGMENTATION FOR AIRLINES SPOTLIGHTS Industry Aviation Use Case Simplify PCI compliance with network segmentation for airlines PCI DSS The Payment Card Industry Data
More informationIntermedia s Private Cloud Exchange
Intermedia s Private Cloud Exchange This is a practical guide to implementing Intermedia s Private Cloud Exchange on AWS. Intermedia, the world s independent provider of Hosted Exchange, and AWS, the leading
More informationThird Party Cloud Services Its Adoption in the New Age
Solutions for higher performance! Third Party Cloud Services Its Adoption in the New Age 1 Introduction Cloud computing is the delivery of computing services over the Internet. Cloud services allow individuals
More informationMicrosoft 365 Business FAQs
Microsoft 365 Business FAQs Last updated April 27 th, 2018 Table of Contents General... 3 What is Microsoft 365 Business?... 3 Who should consider adopting Microsoft 365 Business?... 3 How can I get Microsoft
More informationCato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.
Cato Cloud Global SD-WAN with Built-in Network Security Solution Brief 1 Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise The rise of cloud applications and mobile workforces
More informationAchieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER
Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER Table of Contents The Digital Transformation 3 Four Must-Haves for a Modern Virtualization Platform 3
More informationVMWARE CLOUD FOUNDATION: INTEGRATED HYBRID CLOUD PLATFORM WHITE PAPER NOVEMBER 2017
: INTEGRATED HYBRID CLOUD PLATFORM WHITE PAPER NOVEMBER 2017 Table of Contents Executive Summary 3 A Single Architecture for Hybrid Cloud 4 Introducing VMware Cloud Foundation 4 Deploying on Premises 6
More informationCSP 2017 Network Virtualisation and Security Scott McKinnon
CSP 2017 Network Virtualisation and Security Scott McKinnon smckinnon@vmware.com Security Lead, Northern EMEA Network & Security, VMware Disclaimer This presentation may contain product features that are
More informationDimension Data IaaS Services. Gary Ramsay
Dimension Data IaaS Services Gary Ramsay 29.08.2017 In a world first, Dimension Data provided real-time data analytics on each of the 198 riders in this year s Tour de France. accelerate your ambition
More informationTotal Threat Protection. Whitepaper
Total Threat Protection Whitepaper Organizations Are Caught Between a Growing Threat Landscape and Resource Limitations Today s organizations continue to struggle with providing adequate protection in
More informationVMWARE CLOUD FOUNDATION: THE SIMPLEST PATH TO THE HYBRID CLOUD WHITE PAPER AUGUST 2018
VMWARE CLOUD FOUNDATION: THE SIMPLEST PATH TO THE HYBRID CLOUD WHITE PAPER AUGUST 2018 Table of Contents Executive Summary 3 A Single Architecture for Hybrid Cloud 4 Introducing VMware Cloud Foundation
More informationIntroducing Avaya SDN Fx with FatPipe Networks Next Generation SD-WAN
Avaya-FatPipe Solution Overview Introducing Avaya SDN Fx with FatPipe Networks Next Generation SD-WAN The Avaya SDN-Fx and FatPipe Networks solution provides a fabric-based SDN architecture for simplicity
More informationCritical Infrastructure Protection for the Energy Industries. Building Identity Into the Network
Critical Infrastructure Protection for the Energy Industries Building Identity Into the Network Executive Summary Organizations in the oil, gas, and power industries are under increasing pressure to implement
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More information