Access Denied! Decoding Identity Aware Proxies
|
|
- Gabriella Melton
- 5 years ago
- Views:
Transcription
1 Access Denied! Decoding Identity Aware Proxies
2 Users & Corporate Apps Have Left The Building CORP NET DC App #1 App #2 The Web SaaS IaaS Existing network architectures are not optimized for this App #3 App #n DC No VPN = No Security Complex Slow Office Cafe High Risk
3 There is no INSIDE
4 Security Challenges In This Environment Larger Attack Surface Advanced Threats Security Complexity Security Skills Direct Internet Access (DIA), SaaS, cloud services, mobility, IOT all dramatically increase your attack surface Threats are becoming more complex, increasing in volume and adversaries are now adept at bypassing your defences Security complexity and control point complications has created security gaps Worldwide shortage of security talent and expertise means many security teams are stretched
5 Zero Trust is the new approach Key principles: The network is always assumed to be hostile. External and internal threats exist on the network at all times. Network locality is not sufficient for deciding trust in a network. Every device, user, and network flow is authenticated and authorized. Policies must be dynamic and calculated from as many sources of data as possible.
6 Different Approaches To Implement Zero Trust Option #1 Network Segmentation Option #2 Software Defined Perimeters Option #3 Identity Aware Proxies
7 Network Segmentation Software Defined Perimeters Advantages Great for Protection from East-West lateral movement Drawbacks Fragile & Complicated Expensive Shared resources used by entire Enterprise Even more complex to implement in hybrid IaaS/ On-prem Often implemented within Corp WAN Advantages Familiar: Most Similar to legacy Remote Access VPN Relatively Fast to Eliminate VPN Drawbacks Limited Architecture: A tunnel is just a tunnel Service Insertion not possible due to tunnel architecture Push Complexity with Legacy Auth down to Each Application
8 Identity Aware Proxy (IAP) Cloud-based Proxy architecture Identity verification and authorization occur in the cloud based on least access principles No tunnels IAP provides access to applications, whitelisted for authenticated and authorized users, at the application layer (Layer 7) Standard HTTPs or websockets over TLS Trusted Identity Store to verify users and devices Cloak the applications and assets in the cloud or behind the firewall Clientless for Web apps
9 Identity Aware Proxy Advantages Long Term Flexibility with Proxy Architecture Service Insertion for features like WAF, CDN, etc Auth Bridging Unify multiple Islands of Identity Future Capabilities likely to include Password Vaulting and Shared Accounts Drawbacks More of a departure for Helpdesk support compared to network centric solutions Can be more work to get started
10 Identity Aware Proxy (IAP) - Architecture Outbound TLS Connection From Connector to EAA Edge Enterprise Data Center Proxy Cloud Platform Apps TLS Connection User to IAP Edge IAP Edge Enterprise Access Connector APP User Admin User Customer Admin User to IAP Management Cloud TLS Connection IAP Management Cloud Outbound TLS Connection From Connector to Proxy Management Cloud APP User Proxy Cloud Platform Apps
11 Enterprise Access Connector Outbound Proxy Internet Enterprise Enterprise Access Edge Centrally Managed Virtual Machine Only dials out - all inbound access is denied Proxies connections to internal apps Can translate SSH, RDP/VNC to HTTP/S Communicates with your Active Directory/LDAP Apps Enterprise Access Connector Supports full ADC functionality including load balancing, custom headers, path based routing, and authentication bridging. AD / LDAP
12 Enterprise Access Connector - Authentication Flow Internet Enterprise Access Edge Enterprise Enterprise Access Connector 2. Akamai authenticates itself using the Akamai certificate (EAA Management) 3. Customer must approve the Connector 5. Akamai signs CSR; sends approved certificate Avoid data theft and downtime 1. Connector by extending initiates a mutually the security perimeter outside the data-center and Approval protect from increasing frequency, scale and sophistication of web attacks. TLS Connection CSR Approved Certificate authenticated TLS connection using is factory certificate (EAA Management) 4. Connector creates a CSR; sends to Akamai 6. Connector tears down existing TLS connection 8. Akamai authenticates itself using the approved certificate (EAA Management) 10. Akamai authenticates itself using the approved certificate (EAA Edge) TLS Connection TLS Connection 7. Connector initiates a mutually authenticated TLS connection using approved certificate (EAA Management) 9. Connector initiates a mutually authenticated TLS connection using approved certificate (EAA Edge)
13 Authentication and Authorization Internet IdP (IDaaS) (e.g. Okta, OneLogin) Enterprise AD / LDAP Apps User EAA Edge Enterprise Connector EAA Edge will authenticate the user against AD Provides Single Sign-On Capabilities Provides Multi-Factor Authentication Can integrate with IDaaS providers Supports NTLM, Kerberos, SAML, Header based Auth Seamless integration for any authentication source
14 User Data Path Internet Enterprise Access Edge Enterprise Enterprise Access Connector User User attempting to access application SSL sessions for configured applications End user requests access to an application Only accepts SSL traffic for configured applications. Must be from authenticated and authorized users. All other traffic is dropped.
15 Validate user identity to control access to assets Verified Individual -MFA OTP Identified Individual - username / password Trusted Device - client certificates AUTHENTICATION Authorised Applications
16 User Data Path Internet Enterprise Access Edge Enterprise Enterprise Access Connector User User attempting to access application SSL sessions for configured applications Pass user requests to application Apps End user requests access to an application Only accepts SSL traffic for configured applications. Must be from authenticated and authorized users. All other traffic is dropped. Only processes HTTP messages received over self-initiated SSL sessions. Messages may only be directed toward applications the connector is configured for. Intended application. Also provide authentication and authorization for all users.
17 Cloud Based - High Availability & Reliability Enterprise User Internet Global DNS Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Apps All components must be elastic and redundant Enterprise Access Edges Enterprise Access Connectors Customer Applications Built-in Server and Data Center Load Balancing Regional Enterprise Access Edges with Automatic Failover Redundant Enterprise Access Connectors
18 Identity Aware Proxy (IAP) Architecture Summary Clientless TLS EAA SAML IDP (Auth Path Only) Internet SaaS User > Browser With Client Internet EAA DPoP Auth & Data Path EAA Connector Apps VPC IaaS EAA Client User > Desktop Apps > EAA Client Auth-N,Z before connect Secured data path Integrated HA, Load balancing Multiple IDP support SSO and auth bridging Managed & Unmanaged devices EAA Connector Apps AD Data Center 18
19 IAP Compliments Network Segmentation Clientless TLS Segment 4 App 4 User > Browser With Client Internet EAA DPoP Segment 3 App 3 Segment 2 User > Desktop Apps > EAA Client EAA Client App 2 No limit on number or connectors Simplify Micro segmentation Network level for coarse segmentation IAP for fine grained per app segmentation Segment 1 App 1 AD Data Center 19
20 Moving Beyond Perimeter Security A comprehensive & achievable roadmap to less risk 8 Steps To Zero Trust App Precheck Access Proxy Prep Test Lab Enrollment Security Upgrade Performance Upgrade External User Enrollment Internal User Enrollment VLAN Migration 8 Steps To Zero Trust A comprehensive guide & roadmap to Zero Trust by Akamai CTO Charlie Gero Zero Trust Ref. Architecture Simple visual guide on how to apply Zero Trust across common environments akamai.com/zerotrust
21 THANK YOU
22 Magecart and Javascript skimmers code
23 Magecart group of criminals that have been targeting online shopping carts and skimming credit card data at checkout. Time in operation: Roughly 3 years Group Strength: Unknown, roughly operate in 6-7 groups Target industry: ecommerce (primarily) Modus operandi: Java script skimmers/malware Many of the Magecart victims are struggling to contain the attacks. In the third quarter of 2018 many Magecart victims were re-infected soon after detection and cleaning-up of the initial infection Intelligent Edge Security 2018 Akamai
24 Understanding Magecart (Data Skimming) Kill Chain Reconnaissance Infiltration Exploitation Exfiltration Identify target website with high account value Identify random targets Implanting server side skimmer code Implanting clientside malware/plugins Checkout page compromised Skimmer.js executes Skimming of webform such as credit card number, expiration date, name, billing add. Etc. Data packaging and exfiltration to the attacker location Intelligent Edge Security 2018 Akamai
25 DOORS TO DATA SKIMMING How did the script/skimmer get in?
26 TRUST EXPLOITATION
27 Authorized user injecting malicious script Insider threat - a user who legitimately has access to include scripts on the websites intentionally adds a malicious payload. Unknowingly: Valid users doing a/b tests, cms upgrades etc. open up security holes Checkout Script
28 Unauthorized user injecting malicious script Accidental exposure formal practices and controls are usually unaware of all of the injection points Web Attackers Stored Cross-Site Scripting (XSS) Reflected Cross-Site Scripting (XSS) Application modification using other vulnerabilities Targeting 3 rd party integration and partners
29 Client side Malware, Plug-ins 1 User browser making legitimate requests to vulnerable site/s Browser side logic such as compromised browser plugins can manipulate content on browser side 2 3 Card data and user info is skimmed, stored and sent to the attacker location SIGN IN BA G LOGIN CREATE ACCOUNT
30 How does the attack look like in real? Infiltration includes a piece of JavaScript <script src= Exfiltration pixel.gif?stolendata= nov 2020 a%20name a%20billing% 20address Exploitation credit-card-skimmer.js runs and extracts payment details such as Card number, expiration, name and billing address User Interaction
31 EXAMPLE: INLINE JAVASCRIPT SKIMMER
32 EXAMPLE: INLINE JAVASCRIPT SKIMMER
33 DATA EXFILTRATION: INLINE JAVASCRIPT SKIMMER
34 EXAMPLE: EXTERNAL JAVASCRIPT SKIMMER
35 EXAMPLE: EXTERNAL JAVASCRIPT SKIMMER
36 Where do we go from here?
37 Zero Trust approach can help: Trust but verify Users & Apps are everywhere Trust, but verify Access only to authorized apps and resources
38 PROTECT YOUR SENSITIVE PAGES Login Auth + Data Path Controls Payment Profile Application layer protection Content Security Policy (CSP) and SRI Script management
39 CORPORATE APPLICATION MODERNIZATION Reference architecture Browser Client Attacker Edge platform 1 DDoS / WAF Identity App access App acceleration Manage Corporate apps 7 Data Centre Cloud Provider X Cloud Provider Y
40 DEFENSE IN DEPTH - CSP AND SRI CONTROLS Content Security Policy Disallow/Selectively allow Inline/external JavaScript with script-src Use of CSP Nonces Validating Inline JavaScript with CSP Hashes Subresource Integrity (SRI) Validating External JavaScript by specifying an integrity attribute to your script calls CSP and SRI together with a new CSP directive called require-sri-for Data Exfiltration Defenses Control XMLHttpRequest (XHR) based exfiltration with CSP connect-src Control exfiltration with Image() Constructor using CSP img-src Implement CSP violation reporting
41 THANK YOU
AKAMAI WHITE PAPER. Enterprise Application Access Architecture Overview
AKAMAI WHITE PAPER Enterprise Application Access Architecture Overview Enterprise Application Access Architecture Overview 1 Providing secure remote access is a core requirement for all businesses. Though
More informationIntegrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement
Integrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement The Challenge: Smarter Attackers and Dissolving Perimeters Modern enterprises are simultaneously
More informationToday s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps
Today s workforce is Mobile Most applications are Web-based apps Cloud and SaaSbased applications are being deployed and used faster than ever Hybrid Cloud is the new normal. % plan to migrate >50% of
More informationINCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.
INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS Protect Critical Enterprise Applications and Cardholder Information with Enterprise Application Access Scope and Audience This guide is for
More informationDeploying Tableau at Enterprise Scale in the Cloud
# T C 1 8 Deploying Tableau at Enterprise Scale in the Cloud Calvin Chaney Senior Systems Analyst Enterprise Analytics / Tableau Enterprise Analytics supports Tableau s mission of driving self-service
More informationNews and Updates June 1, 2017
Microsoft Azure News and Updates June 1, 2017 Azure Backup for Windows Server System State Modern Backup Storage with Azure Backup Server v2 vcenter/esxi 6.5 support for Azure Backup Server Larger Disk
More informationCourse Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture
About this Course This course will best position your organization to analyse threats and detect anomalies that could indicate cybercriminal behaviour. The payoff for this new proactive approach would
More informationIntroduction. The Safe-T Solution
Secure Application Access Product Brief Contents Introduction 2 The Safe-T Solution 3 How It Works 3 Capabilities 4 Benefits 5 Feature List 6 6 Introduction As the world becomes much more digital and global,
More informationInstalling and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.
Installing and Configuring VMware Identity Manager Connector 2018.8.1.0 (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on
More informationApp Gateway Deployment Guide
C E N T R I F Y D E P L O Y M E N T G U I D E App Gateway Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical
More informationPrecisionAccess Trusted Access Control
Data Sheet PrecisionAccess Trusted Access Control Defeats Cyber Attacks Credential Theft: Integrated MFA defeats credential theft. Server Exploitation: Server isolation defeats server exploitation. Compromised
More informationIBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights
IBM Secure Proxy Advanced edge security for your multienterprise data exchanges Highlights Enables trusted businessto-business transactions and data exchange Protects your brand reputation by reducing
More informationDATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz
Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz Osman Akagunduz Consultant @ InSpark Microsoft Country Partner Of The Year Twitter: @Osman_Akagunduz What s in this session The role of Azure
More informationIdentiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks
Identiteettien hallinta ja sovellusturvallisuus Timo Lohenoja, CISPP Systems Engineer, F5 Networks timo@f5.com Cybersecurity Is Business Continuity Maintain and grow revenue Identify industry threats Protect
More informationUnderstanding of basic networking concepts (routing, switching, VLAN, firewall functionality)
Citrix NetScaler for Apps and Desktops Day(s): 5 Course Code: CNS-222 Overview This course is designed specifically for students who have limited or no previous NetScaler experience. The content is based
More informationCitrix Workspace. Lausanne Laurent Strauss Christophe Beaugrand
Workspace Lausanne 09.03.2017 Laurent Strauss Christophe Beaugrand WorkspaceSuite Improve employee productivity Deliver a high performance user experience Empower entire workforce Secure enterprise content
More informationHybrid Identity de paraplu in de cloud
EXPERTS LIVE SUMMER NIGHT Hybrid Identity de paraplu in de cloud Robbert van der Zwan TSP EM+S Netherlands EXPERTS LIVE SUMMER NIGHT Robbert van der Zwan Robbert works as an Enterprise Mobility and Security
More informationInside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1
Inside Symantec O 3 Sergi Isasi Senior Manager, Product Management SR B30 - Inside Symantec O3 1 Agenda 2 Cloud: Opportunity And Challenge Cloud Private Cloud We should embrace the Cloud to respond to
More informationConfigure Unsanctioned Device Access Control
Configure Unsanctioned Device Access Control paloaltonetworks.com/documentation Contact Information Corporate Headquarters: Palo Alto Networks 3000 Tannery Way Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-support
More informationHow your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter
How your network can take on the cloud and win Think beyond traditional networking toward a secure digital perimeter Contents Introduction... 3 Reduce risk points with secure, contextualized access...
More informationSOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications
Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT
ArcGIS Enterprise Security: An Introduction Randall Williams Esri PSIRT Agenda ArcGIS Enterprise Security for *BEGINNING to INTERMIDIATE* users ArcGIS Enterprise Security Model Portal for ArcGIS Authentication
More informationCloud Security Best Practices
Cloud Security Best Practices Cohesive Networks - your applications secured Our family of security and connectivity solutions, VNS3, protects cloud-based applications from exploitation by hackers, criminal
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationGOING WHERE NO WAFS HAVE GONE BEFORE
GOING WHERE NO WAFS HAVE GONE BEFORE Andy Prow Aura Information Security Sam Pickles Senior Systems Engineer, F5 Networks NZ Agenda: WTF is a WAF? View from the Trenches Example Attacks and Mitigation
More informationCato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief
Cato Cloud Software-defined and cloud-based secure enterprise network Solution Brief Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise Cato Networks: Software-defined and Cloud-based
More informationHow to Apply a Zero-Trust Model to Cloud, Data and Identity
SESSION ID: SPO3-T08 How to Apply a Zero-Trust Model to Cloud, Data and Identity Nico Popp Sr. VP of Information Protection Symantec Cloud Security Status Quo Today: CASB CASB Rich SaaS visibility (logs,
More informationSecurity Landscape Thorsten Stoeterau Security Systems Engineer - Barracuda Networks
Security Landscape 2018 Thorsten Stoeterau Security Systems Engineer - Barracuda Networks Traditional threat vectors Network Perimeter Email User Remote Access Web Applications Remote Users https://csi.barracuda.com
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationCloud Native Security. OpenShift Commons Briefing
Cloud Native Security OpenShift Commons Briefing Amir Sharif Co-Founder amir@aporeto.com Cloud Native Applications Challenge Security Change Frequency x 10x 100x 1,000x Legacy (Pets) Servers VMs Cloud
More informationEn partenariat avec CA Technologies. Genève, Hôtel Warwick,
SIGS Afterwork Event in Geneva API Security as Part of Digital Transformation Projects The role of API security in digital transformation Nagib Aouini, Head of Cyber Security Services Defense & Cyber Security
More informationADC im Cloud - Zeitalter
ADC im Cloud - Zeitalter Applikationsdienste für Hybrid-Cloud- und Microservice-Szenarien Ralf Sydekum, SE Manager DACH, F5 Networks GmbH Some of the Public Cloud Related Questions You May Have.. It s
More informationAT&T Endpoint Security
AT&T Endpoint Security November 2016 Security Drivers Market Drivers Online business 24 x 7, Always on Globalization Virtual Enterprise Business Process / IT Alignment Financial Drivers CapEx / OpEx Reduction
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationIntegrating AirWatch and VMware Identity Manager
Integrating AirWatch and VMware Identity Manager VMware AirWatch 9.1.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a
More informationVMware Tunnel on Windows. VMware Workspace ONE UEM 1810
VMware Tunnel on Windows VMware Workspace ONE UEM 1810 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation,
More informationCoordinated Threat Control
Application Note Coordinated Threat Control Juniper Networks Intrusion Detection and Protection (IDP) and Secure Access SSL VPN Interoperability Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale,
More informationIntegration Patterns for Legacy Applications
Integration Patterns for Legacy Applications Index Why should I integrate my apps with Okta? 3 Scope 5 When to use this ebook 6 How to read this ebook 7 Integration patterns supported by Okta 8 RADIUS
More informationVMware Tunnel Guide for Windows
VMware Tunnel Guide for Windows Installing the VMware Tunnel for your Workspace ONE UEM environment Workspace ONE UEM v1810 Have documentation feedback? Submit a Documentation Feedback support ticket using
More informationExtending the browser to secure applications
Extending the browser to secure applications Highlights from W3C WebAppSec Group Deian Stefan Modern web apps have many moving pieces & parties Application code & content itself User provided content (e.g.,
More informationPasswords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist
Passwords Are Dead Long Live Multi-Factor Authentication Chris Webber, Security Strategist Copyright 2015 Centrify Corporation. All Rights Reserved. 1 Threat Landscape Breach accomplished Initial attack
More informationSecurity Information & Policies
Security Information & Policies 01 Table of Contents OVERVIEW CHAPTER 1 : CHAPTER 2: CHAPTER 3: CHAPTER 4: CHAPTER 5: CHAPTER 6: CHAPTER 7: CHAPTER 8: CHAPTER 9: CHAPTER 10: CHAPTER 11: CHAPTER 12: CHAPTER
More informationDefend Your Web Applications Against the OWASP Top 10 Security Risks. Speaker Name, Job Title
Defend Your Web Applications Against the OWASP Top 10 Security Risks Speaker Name, Job Title Application Security Is Business Continuity Maintain and grow revenue Identify industry threats Protect assets
More informationBIG-IP V11.3: PRODUCT UPDATE. David Perodin Field Systems Engineer III
BIG-IP V11.3: PRODUCT UPDATE David Perodin Field Systems Engineer III Contents V11.3 Product Update 1. BIG-IP v.11.3.0 (Local Traffic Manager & Access Policy Manager) 2. Advanced Firewall Module (AFM)
More informationOkta Integration Guide for Web Access Management with F5 BIG-IP
Okta Integration Guide for Web Access Management with F5 BIG-IP Contents Introduction... 3 Publishing SAMPLE Web Application VIA F5 BIG-IP... 5 Configuring Okta as SAML 2.0 Identity Provider for F5 BIG-IP...
More informationSONICWALL SECURITY HEALTH CHECK SERVICE
SonicWall Partner Service Overview SONICWALL SECURITY HEALTH CHECK SERVICE Ensure your SonicWall Investment is fully optimized to protect your network Overview The SonicWall Security Health Check Service
More informationGLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More informationSAP Security in a Hybrid World. Kiran Kola
SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal
More informationA different approach to Application Security
雲端時代企業應用的安全與挑戰 A different approach to Application Security Protecting your most critical business assets APPLICATION ACCESS APPLICATION PROTECTION F5 Networks, Inc 2 F5 s Comprehensive Security Solutions
More informationVMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager
VMware Identity Manager Cloud Deployment DEC 2017 VMware AirWatch 9.2 VMware Identity Manager You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationSONICWALL SECURITY HEALTH CHECK SERVICE
SonicWall Partner Service Overview SONICWALL SECURITY HEALTH CHECK SERVICE Ensure your SonicWall Investment is fully optimized to protect your network Overview The SonicWall Security Health Check Service
More informationVMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager
VMware Identity Manager Cloud Deployment Modified on 01 OCT 2017 VMware Identity Manager You can find the most up-to-date technical documentation on the VMware Web site at: https://docs.vmware.com/ The
More informationVMware Tunnel Guide Deploying the VMware Tunnel for your AirWatch environment
VMware Tunnel Guide Deploying the VMware Tunnel for your AirWatch environment AirWatch v9.3 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
More informationCybersecurity Roadmap: Global Healthcare Security Architecture
SESSION ID: TECH-W02F Cybersecurity Roadmap: Global Healthcare Security Architecture Nick H. Yoo Chief Security Architect Disclosure No affiliation to any vendor products No vendor endorsements Products
More informationRelated Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)
PRESENTED BY: Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced) One of the main problems that customers face with the adoption of SaaS and cloud-based apps is how to deliver the
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationVMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018
VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018 Table of Contents Introduction to Horizon Cloud with Manager.... 3 Benefits of Integration.... 3 Single Sign-On....3
More informationVodafone Secure Network Gateway
Vodafone Secure Network Gateway Presented by 00 Month 0000 The future is exciting. Ready? Insert Confidentiality Level in slide footer Digital business demands next generation connectivity Vodafone IP-VPN
More informationMagento Commerce Architecture and Security Model Last updated: Aug 2017
Magento Commerce Architecture and Security Model Last updated: Aug 2017 Architecture The Magento Commerce architecture is designed to provide a highly secure environment. Each customer is deployed into
More informationSONICWALL SECURITY HEALTH CHECK PSO 2017
SONICWALL SECURITY HEALTH CHECK PSO 2017 Get help in fully utilizing your investment to protect your network Overview SonicWALL Security Health Check provides a customer with a comprehensive review of
More informationCompTIA Exam CAS-002 CompTIA Advanced Security Practitioner (CASP) Version: 6.0 [ Total Questions: 532 ]
s@lm@n CompTIA Exam CAS-002 CompTIA Advanced Security Practitioner (CASP) Version: 6.0 [ Total Questions: 532 ] Topic break down Topic No. of Questions Topic 1: Volume A 117 Topic 2: Volume B 122 Topic
More informationNETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING.
NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING. The old mantra of trust but verify just is not working. Never trust and verify is how we must apply security in this era of sophisticated breaches.
More informationA. The portal will function as an identity provider and issue an authentication assertion
Volume: 88 Questions Question: 1 A security analyst wishes to increase the security of an FTP server. Currently, all trails to the FTP server is unencrypted. Users connecting to the FTP server use a variety
More informationChapter 9. Firewalls
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however
More informationCato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN
Cato Cloud Software-defined and Cloud-based Secure Enterprise Network Solution Brief NETWORK + SECURITY IS SIMPLE AGAIN Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise The
More informationKlaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access
Klaudia Bakšová System Engineer Cisco Systems Cisco Clean Access Agenda 1. Securing Complexity 2. NAC Appliance Product Overview and In-Depth 3. NAC Appliance Technical Benefits The Challenge of Securing
More informationWHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365
WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365 Airwatch Support for Office 365 One of the most common questions being asked by many customers recently is How does AirWatch support Office 365? Customers often
More informationVMware Tunnel Guide for Windows Installing the VMware Tunnel for your AirWatch environment
VMware Tunnel Guide for Windows Installing the VMware Tunnel for your AirWatch environment AirWatch v9.1 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard
More informationO365 Solutions. Three Phase Approach. Page 1 34
O365 Solutions Three Phase Approach msfttechteam@f5.com Page 1 34 Contents Use Cases... 2 Use Case One Advanced Traffic Management for WAP and ADFS farms... 2 Use Case Two BIG-IP with ADFS-PIP... 3 Phase
More informationDeploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2
Deploying VMware Identity Manager in the DMZ JULY 2018 VMware Identity Manager 3.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have
More informationGuide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1
Guide to Deploying VMware Workspace ONE DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationManaging Your Privileged Identities: The Choke Point of Advanced Attacks
Managing Your Privileged Identities: The Choke Point of Advanced Attacks Shirief Nosseir EMEA Alliances Director Identity & API Management Tuesday, 16 May 2017 Agenda Why Privileged Access Management Why
More informationGuide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1
Guide to Deploying VMware Workspace ONE VMware Identity Manager 2.9.1 VMware AirWatch 9.1 Guide to Deploying VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware
More informationMicrosoft Microsoft TS: MS Internet Security & Acceleration Server 2006, Configuring. Practice Test. Version:
Microsoft 70-351 Microsoft 70-351 TS: MS Internet Security & Acceleration Server 2006, Configuring Practice Test Version: 2.2 QUESTION NO: 1 Your network consists of a single Active Directory domain named
More informationShareFile Technical Presentation
ShareFile Technical Presentation Joerg Vosse Senior Systems Engineer - Citrix ShareFile CEE joerg.vosse@citrix.com ShareFile Enterprise Architecture Overview ShareFile Document Cloud ShareFile.com ShareFile.eu
More informationSAS and F5 integration at F5 Networks. Updates for Version 11.6
SAS and F5 integration at F5 Networks Updates for Version 11.6 Managing access based on Identity Employees Partner Customer Administrator IT challenges: Control access based on user-type and role Unify
More informationSecurity Readiness Assessment
Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting Copyright 2015 Oracle and/or its affiliates. All rights reserved. Cloud Era Requires Identity-Centric Security SaaS PaaS IaaS
More informationACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems
ACS-3921/4921-001 Computer Security And Privacy Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been
More information85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges
Do You Have A Firewall Around Your Cloud? California Cybersecurity Education Summit 2018 Tyson Moler Oracle Security, North America Public Sector Conquering The Big Threats & Challenges Real Life Threats
More informationDeploying Cisco ASA VPN Solutions v2.0 (VPN)
Deploying Cisco ASA VPN Solutions v2.0 (VPN) Course Overview: The Deploying Cisco ASA VPN Solutions (VPN) v2.0 course is part of the curriculum path that leads to the Cisco CCNP Security certification.
More informationGoogle on BeyondCorp: Empowering employees with security for the cloud era
SESSION ID: EXP-F02 Google on BeyondCorp: Empowering employees with security for the cloud era Jennifer Lin Director, Product Management, Security & Privacy Google Cloud What is BeyondCorp? Enterprise
More informationPaloalto Networks PCNSA EXAM
Page No 1 m/ Paloalto Networks PCNSA EXAM Palo Alto Networks Certified Network Security Administrator Product: Full File For More Information: /PCNSA-dumps 2 Product Questions: 50 Version: 8.0 Question:
More informationArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young
ArcGIS Online A Security, Privacy, and Compliance Overview Andrea Rosso Michael Young ArcGIS Online A Multi-Tenant System Portal Portal Portal ArcGIS Online Agenda Online Platform Security Deployment Architecture
More informationOutwit Cyber Criminals with Comprehensive Malware and Exploit Protection.
Singtel Business Product Brochure Managed Advanced Threat Prevention Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection. As cyber criminals outwit businesses by employing ever-new
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (9 th Week) 9. Firewalls and Intrusion Prevention Systems 9.Outline The Need for Firewalls Firewall Characterictics and Access Policy Type of Firewalls
More informationIBM Security Access Manager
IBM Access Manager Take back control of access management with an integrated platform for web, mobile and cloud Highlights Protect critical assets with risk-based and multi-factor authentication Secure
More informationAdaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia
Adaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia F5 EMEA Webinar Listopad 2014 Andrzej Kroczek Field Systems Engineer Today s Network and App Access: So Many Variables! LOCATIONS USERS DEVICES
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationF5 Application Security. Radovan Gibala Field Systems Engineer
1 F5 Application Security Radovan Gibala Field Systems Engineer r.gibala@f5.com +420 731 137 223 2007 2 Agenda Challenge Websecurity What are the problems? Building blocks of Web Applications Vulnerabilities
More informationVMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1
VMware Workspace ONE Quick Configuration Guide VMware AirWatch 9.1 A P R I L 2 0 1 7 V 2 Revision Table The following table lists revisions to this guide since the April 2017 release Date April 2017 June
More informationImplementing Core Cisco ASA Security (SASAC)
1800 ULEARN (853 276) www.ddls.com.au Implementing Core Cisco ASA Security (SASAC) Length 5 days Price $6215.00 (inc GST) Overview Cisco ASA Core covers the Cisco ASA 9.0 / 9.1 core firewall and VPN features.
More informationSecuring Your Microsoft Azure Virtual Networks
Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up
More informationTIBCO Cloud Integration Security Overview
TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationDECRYPT SSL AND SSH TRAFFIC TO DISRUPT ATTACKER COMMUNICATIONS AND THEFT
DECRYPT SSL AND SSH TRAFFIC TO DISRUPT ATTACKER COMMUNICATIONS AND THEFT SUMMARY Industry Federal Government Use Case Prevent potentially obfuscated successful cyberattacks against federal agencies using
More informationPLANNING AZURE INFRASTRUCTURE SECURITY - AZURE ADMIN ACCOUNTS PROTECTION & AZURE NETWORK SECURITY
PAGE 2 IN CEE PLANNING AZURE INFRASTRUCTURE SECURITY - AZURE ADMIN ACCOUNTS PROTECTION & AZURE NETWORK SECURITY MAR 2017 IGOR SHASTITKO About Consalta Every business deserves an opportunity to grow! We
More informationContent Security Policy
About Tim Content Security Policy New Tools for Fighting XSS Pentester > 10 years Web Applications Network Security Products Exploit Research Founded Blindspot Security in 2014 Pentesting Developer Training
More information