Good Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy
|
|
- Anabel Wells
- 6 years ago
- Views:
Transcription
1 Good Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy SESSION ID: CSV-W01 Bryan D. Payne Director of Security Research
2 Cloud Security Today Cloud has lots of momentum Lots of concerns about security What s the real story?!2
3 What this talk will cover What does it take to secure an IaaS cloud? Specific ideas to improve your cloud or select a cloud provider.!3
4 What this talk will NOT cover A cloud comparison A one-size-fits-all cloud security cookbook!4
5 Talk Outline Cloud Introduction (demo!) IaaS Architecture Details Security Differentiators Virtualization Stack Security (demo!) Questions & Wrap-up!5
6 Cloud Service Models Today s Talk!6
7 Public Cloud Users: Anyone with a credit card Provider! Doesn t trust users Doesn t want to violate users privacy Monitoring at network edges Fraud prevention Network reputation concerns Broad compliance concerns!7
8 Private Cloud Users: Part of a common organization Provider! Trusts users (at some level) Has full access to data / workloads Security from top to bottom Design undergoes great scrutiny Enterprise integration Targeted compliance concerns!8
9 Know Your Neighbors Who are your neighbors (other users)? Who is your cloud admin / operator / builder? Who else has privilege on the cloud? Who should? Who does?!9
10 Demo: How Things Can Go Very Wrong!10
11 Understanding IaaS Cloud Architectures
12 User Perspective Launch instances Take snapshots Flexible storage options API + web dashboard!12
13 Admin / Operator Perspective Create & manage users, projects, quotas, etc Configure cloud Monitor cloud events, logs, health, etc API + web dashboard!13
14 Builder Perspective Software engineer & DevOps Designs and creates cloud Controls security domains Many services to setup & manage!14
15 Cloud Simplicity Compute Object Storage Example services from OpenStack.!15
16 Individual Services Image Identity Dashboard Compute Object Storage Network Volume!16
17 Security Domains Image Identity Dashboard Compute Object Storage Network Volume!17
18 Gated Interconnects Image Identity Dashboard Compute Object Storage Network Volume!18
19 Map Data Paths Image Identity Dashboard Compute Object Storage Network Volume!19
20 Secure design complete or is it?!20
21 Individual Services Image Identity Dashboard Compute Object Storage Network Volume!21
22 Lots of Glue Image Identity Dashboard Billing Alarming Compute Object Storage DNS Automation Network Metering Load Balancing Certificate Authorities Account Maintenance Orchestration Monitoring Messaging Volume Databases!22
23 Data Paths Image Identity Dashboard Billing Alarming Compute Object Storage DNS Automation Network Metering Load Balancing Certificate Authorities Account Maintenance Orchestration Monitoring Messaging Volume Databases!23
24 Message Plumbing Image Identity Dashboard Billing Alarming Compute Object Storage DNS Automation Network Metering Load Balancing Certificate Authorities Account Maintenance Orchestration Monitoring Messaging Volume Databases!24
25 Billing Plumbing Image Identity Dashboard Billing Alarming Compute Object Storage DNS Automation Network Metering Load Balancing Certificate Authorities Account Maintenance Orchestration Monitoring Messaging Volume Databases!25
26 Alarm Plumbing Image Identity Dashboard Billing Alarming Compute Object Storage DNS Automation Network Metering Load Balancing Certificate Authorities Account Maintenance Orchestration Monitoring Messaging Volume Databases!26
27 SSL / TLS Plumbing Image Identity Dashboard Billing Alarming Compute Object Storage DNS Automation Network Metering Load Balancing Certificate Authorities Account Maintenance Orchestration Monitoring Messaging Volume Databases!27
28 Under Cloud Admin Plumbing Image Identity Dashboard Billing Alarming Compute Object Storage DNS Automation Network Metering Load Balancing Certificate Authorities Account Maintenance Orchestration Monitoring Messaging Volume Databases!28
29 So Much Plumbing! Image Identity Dashboard Billing Alarming Compute Object Storage DNS Automation Network Metering Load Balancing Certificate Authorities Account Maintenance Orchestration Monitoring Messaging Volume Databases!29
30 !30
31 OpenStack Security Guide Security guidance on deploying OpenStack (IaaS Cloud) Written in one week Diverse group of authors Continued contributions accepted through GitHub!31
32 Cloud Security Domains Cloud Users / Administrators External Data Guest Management Instance Instance Compute Node Instance Instance Compute Node API Endpoints Web Dashboard Storage Node Storage Node Management and Control Plane Services Cloud Operators!32
33 Example API Action: Launching an Instance External Management Source:
34 Security Challenges in the Cloud Audit trails Controlling access Defense in depth / Layered security Protecting bridge points API Endpoints Virtualization Security!34
35 Source:
36 Cloud Security Differentiators
37 Security Certifications Necessary, but not sufficient Mapping to cloud not always clear Not a useful place to differentiate!37
38 Threats High capability $$$$ Targeted Low Widespread $ Intelligence Services Organized Crime Highly Capable Groups Motivated Individuals Script Kiddies ISP Intercept Hypervisor Breakout Advanced Persistent Treat Complex 0-day Development Supply Chain Attack Distributed Denial of Service Spear Phishing Automated Exploitation Tools Service Brute Force Mass Phishing Source: OpenStack Security Guide Social Engineering (Employee)!38
39 Cloud Attack Vectors API Endpoints Web Dashboard Information Leakage VM Breakout Hardware Sharing Default Images Unsecured Instances Secondary Attacks Mitigation Strategies Service hardening, mandatory access controls, code audits HTTPS, HSTS, CSP, allowed referrers, disable HTTP trace SSL/TLS, disable memory dedup, random assignments Service hardening, mandatory access controls, code audits Avoid bare metal instances / device pass- through Secure and maintain default images User and/or tenant level network isolation for instances Least privilege, mandatory access controls, strong auth!39
40 Major Security Considerations High level architecture has different security domains End to end protection of network traffic Protected virtualization stack Protected API endpoints Ability to update easily Physical security at the datacenter!40
41 Case Study: TLS in the Cloud External Management Backend Service Client Customer-facing SSL certificate SSL / TLS Termination Load Balancing HTTP Header Inspection Backend Service Backend Service Backend Service Internal SSL certificate!41
42 Case Study: API Endpoint Protection External Management Compute Bob Mallory Identity Storage Database Message Queue!42
43 Source:
44 Securing the Virtualization Stack
45 What Is The Security Concern? Hypervisors have vulnerabilities A VM-breakout is among the worst exploits for cloud Breakdown of Hypervisor Vulnerabilities From Perez-Botero et al, Characterizing Hypervisor Vulnerabilities in Cloud Computing Servers, In Proceedings of the Workshop on Security in Cloud Computing (SCC), May 2013.!45
46 Other Virtualization Considerations Bad actors on the control plane Hardware emulation, entropy considerations for VM Side channel cache attacks!46
47 Mitigation Strategies Mandatory access controls (KVM+SVirt & Xen+XSM) Minimize & harden QEMU software stack Runtime monitoring Security updates!47
48 Demo: Layered Security Mitigates Attacks!48
49 Questions
50 Time For Action
51 Your Next Steps Securing Your Own Cloud Identify security controls? Threat model? Security-driven architecture? Can you audit everything? Evaluating 3rd Party Cloud Who has privilege? Bryan D. Payne
Security+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationIntroduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview
IBM Watson on the IBM Cloud Security Overview Introduction IBM Watson on the IBM Cloud helps to transform businesses, enhancing competitive advantage and disrupting industries by unlocking the potential
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationCopyright 2011 Trend Micro Inc.
Copyright 2011 Trend Micro Inc. 2008Q1 2008Q2 2008Q3 2008Q4 2009Q1 2009Q2 2009Q3 2009Q4 2010Q1 2010Q2 2010Q3 2010Q4 2011Q1 2011Q2 2011Q3 2011Q4 M'JPY Cloud Security revenue Q to Q Growth DeepSecurity/Hosted/CPVM/IDF
More informationUnderstanding Perimeter Security
Understanding Perimeter Security In Amazon Web Services Aaron C. Newman Founder, CloudCheckr Aaron.Newman@CloudCheckr.com Changing Your Perspective How do I securing my business applications in AWS? Moving
More informationDatacenter Security: Protection Beyond OS LifeCycle
Section Datacenter Security: Protection Beyond OS LifeCycle 1 Not so fun Facts from the Symantec ISTR 2017 Report Zero-Day Vulnerability, annual total Legitimate tools, annual total 6,000 5 5,000 4,000
More informationW11 Hyper-V security. Jesper Krogh.
W11 Hyper-V security Jesper Krogh jesper_krogh@dell.com Jesper Krogh Speaker intro Senior Solution architect at Dell Responsible for Microsoft offerings and solutions within Denmark Specialities witin:
More informationUse Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION
Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION At many enterprises today, end users are demanding a powerful yet easy-to-use Private
More informationADC im Cloud - Zeitalter
ADC im Cloud - Zeitalter Applikationsdienste für Hybrid-Cloud- und Microservice-Szenarien Ralf Sydekum, SE Manager DACH, F5 Networks GmbH Some of the Public Cloud Related Questions You May Have.. It s
More informationA10 HARMONY CONTROLLER
DATA SHEET A10 HARMONY CONTROLLER AGILE MANAGEMENT, AUTOMATION, ANALYTICS FOR MULTI-CLOUD ENVIRONMENTS PLATFORMS A10 Harmony Controller provides centralized agile management, automation and analytics for
More informationF5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe
F5 comprehensive protection against application attacks Jakub Sumpich Territory Manager Eastern Europe j.sumpich@f5.com Evolving Security Threat Landscape cookie tampering Identity Extraction DNS Cache
More informationSoftLayer Security and Compliance:
SoftLayer Security and Compliance: How security and compliance are implemented and managed Introduction Cloud computing generally gets a bad rap when security is discussed. However, most major cloud providers
More informationSECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry
SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below
More informationCloud Essentials for Architects using OpenStack
Cloud Essentials for Architects using OpenStack Course Overview Start Date 5th March 2015 Duration 2 Days Location Dublin Course Code SS15-13 Programme Overview Cloud Computing is gaining increasing attention
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationIdentity Management and Compliance in OpenShift
Identity Management and Compliance in OpenShift Or Use DevOps to Make Your Auditors and Suits Happy Marc Boorshtein CTO, Tremolo Security Ellen Newlands Senior Security Product Manager, Cloud Business
More informationViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project
ViryaOS RFC: Secure Containers for Embedded and IoT A proposal for a new Xen Project sub-project Stefano Stabellini @stabellinist The problem Package applications for the target Contain all dependencies
More informationActual Agility with SDN: Weaving SDN into Data Center Automation May 6, John Burke Principal Research Analyst & CIO
Actual Agility with SDN: Weaving SDN into Data Center Automation May 6, 2016 John Burke Principal Research Analyst & CIO john@nemertes Agenda ± Introductions ± SDN Adoption ± Cloud Management Adoption
More informationAdvanced Systems Security: Cloud Computing Security
Advanced Systems Security: Cloud Computing Security Trent Jaeger Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) 1 Cloudy Foundations Can customers move their services
More informationEASILY DEPLOY AND SCALE KUBERNETES WITH RANCHER
EASILY DEPLOY AND SCALE KUBERNETES WITH RANCHER 2 WHY KUBERNETES? Kubernetes is an open-source container orchestrator for deploying and managing containerized applications. Building on 15 years of experience
More informationLeveraging Adaptive Auth and Device Trust for Enhanced Security and Compliance
Leveraging Adaptive Auth and Device Trust for Enhanced Security and Compliance CHRISTOPHER NIGGEL, DIRECTOR OF SECURITY & COMPLIANCE SWAROOP SHAM, SR PRODUCT MARKETING MANAGER, SECURITY CHRIS NIGGEL Director
More informationMurray Goldschmidt. Chief Operating Officer Sense of Security Pty Ltd. Micro Services, Containers and Serverless PaaS Web Apps? How safe are you?
Murray Goldschmidt Chief Operating Officer Sense of Security Pty Ltd Micro Services, Containers and Serverless PaaS Web Apps? How safe are you? A G E N D A 1 2 3 Serverless, Microservices and Container
More informationCloud Systems 2018 Training Programs. Catalog of Course Descriptions
Cloud Systems 2018 Training Programs Catalog of Course Descriptions Catalog of Course Descriptions INTRODUCTION...3 Open 2 2018 Introduction Ericsson has developed a comprehensive Training Programs service
More informationNephOS. A Single Turn-key Solution for Public, Private, and Hybrid Clouds
NephOS A Single Turn-key Solution for Public, Private, and Hybrid Clouds What is NephOS? NephoScale NephOS is a turn-key OpenStack-based service-provider-grade cloud software suite designed for multi-tenancy.
More informationSecurity Considerations for Cloud Readiness
Application Note Zentera Systems CoIP Platform CoIP Defense-in-Depth with Advanced Segmentation Advanced Segmentation is Essential for Defense-in-Depth There is no silver bullet in security a single solution
More informationF5 Synthesis Information Session. April, 2014
F5 Synthesis Information Session April, 2014 Agenda Welcome and Introduction to Customer Technology Challenges Software Defined Application Services Reference Architectures for Today s Customer Challenges
More informationNephOS. A Single Turn-key Solution for Public, Private, and Hybrid Clouds
NephOS A Single Turn-key Solution for Public, Private, and Hybrid Clouds What is NephOS? NephoScale NephOS is a turn-key OpenStack-based service-provider-grade cloud software suite designed for multi-tenancy.
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
NET3282BE The NSX Practical Path Brian Lazear, Sr. Director, NSX Product Management Brian Muita, CTO, Node Africa #VMworld #NET3282BE Disclaimer This presentation may contain product features that are
More informationData Center and Cloud Automation
Data Center and Cloud Automation Tanja Hess Systems Engineer September, 2014 AGENDA Challenges and Opportunities Manual vs. Automated IT Operations What problem are we trying to solve and how do we solve
More informationBuild Cloud like Rackspace with OpenStack Ansible
Build Cloud like Rackspace with OpenStack Ansible https://etherpad.openstack.org/p/osa-workshop-01 Jirayut Nimsaeng DevOps & Cloud Architect 2nd Cloud OpenStack-Container Conference and Workshop 2016 Grand
More informationPulse Secure Application Delivery
DATA SHEET Pulse Secure Application Delivery HIGHLIGHTS Provides an Application Delivery and Load Balancing solution purposebuilt for high-performance Network Functions Virtualization (NFV) Uniquely customizable,
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationCogniFit Technical Security Details
Security Details CogniFit Technical Security Details CogniFit 2018 Table of Contents 1. Security 1.1 Servers........................ 3 1.2 Databases............................3 1.3 Network configuration......................
More informationFencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1
Fencing the Cloud with Identity Roger Casals Senior Director Product Management Shared vision for the Identity: Fencing the Cloud 1 Disclaimer Copyright 2014 Symantec Corporation. All rights reserved.
More informationOpen Security Controller Project Use Cases
Open Security Controller Project Use Cases Security Orchestration for Software-defined Infrastructure https://www.opensecuritycontroller.org Conceptual Architecture Orchestrating security policies with
More informationAWS Reference Design Document
AWS Reference Design Document Contents Overview... 1 Amazon Web Services (AWS), Public Cloud and the New Security Challenges... 1 Security at the Speed of DevOps... 2 Securing East-West and North-South
More informationIntroduction to Cloud Computing
You will learn how to: Build and deploy cloud applications and develop an effective implementation strategy Leverage cloud vendors Amazon EC2 and Amazon S3 Exploit Software as a Service (SaaS) to optimize
More informationSecuring your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008
Securing your Virtualized Datacenter Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008 Agenda VMware Virtualization Technology How Virtualization Affects Datacenter Security Keys to
More informationAspirin as a Service: Using the Cloud to Cure Security Headaches
SESSION ID: CSV-T10 Aspirin as a Service: Using the Cloud to Cure Security Headaches Bill Shinn Principle Security Solutions Architect Amazon Web Services Rich Mogull CEO Securosis @rmogull Little. Cloudy.
More informationCloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com
Cloud Computing Faculty of Information Systems Duc.NHM nhmduc.wordpress.com Evaluating Cloud Security: An Information Security Framework Chapter 6 Cloud Computing Duc.NHM 2 1 Evaluating Cloud Security
More informationWayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk
Wayward Wi-Fi How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk 288 MILLION There are more than 288 million unique Wi-Fi networks worldwide. Source: Wireless Geographic Logging
More informationSOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management
SOLUTION BRIEF CA API MANAGEMENT Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management 2 SOLUTION BRIEF ENABLE AND PROTECT YOUR WEB APPLICATIONS WITH CA API MANAGEMENT ca.com
More informationTable of Contents DevOps Administrators
DevOps Administrators Table of Contents DevOps Administrators Overview for DevOps Admins Managing Images, Projects, Users Configure a Registry Create Users Assign the Administrator Role Create a Project
More informationDocker and Oracle Everything You Wanted To Know
Docker and Oracle Everything You Wanted To Know June, 2017 Umesh Tanna Principal Technology Sales Consultant Oracle Sales Consulting Centers(SCC) Bangalore Safe Harbor Statement The following is intended
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
NET3420BU Introducing VMware s Transformative Data Center Endpoint Security Solution Vijay Ganti Director, Product Management VMware Christopher Frenz Director of Infrastructure Interfaith Medical Center
More informationVMWARE ENTERPRISE PKS
DATASHEET AT A GLANCE VMware Enterprise PKS is a productiongrade Kubernetes-based container solution equipped with advanced networking, a private container registry, and full lifecycle management. VMware
More informationISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems
ISACA Silicon Valley APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems Why Should You Care About APIs? Because cloud and mobile computing are built
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationRed Hat OpenStack Platform 10 Product Guide
Red Hat OpenStack Platform 10 Product Guide Overview of Red Hat OpenStack Platform OpenStack Team Red Hat OpenStack Platform 10 Product Guide Overview of Red Hat OpenStack Platform OpenStack Team rhos-docs@redhat.com
More informationSOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications
Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers
More informationPrivilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer
Privilege Security & Next-Generation Technology Morey J. Haber Chief Technology Officer mhaber@beyondtrust.com Agenda The Next-Gen Threat Landscape o Infomatics, Breaches & the Attack Chain o Securing
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationLayer Security White Paper
Layer Security White Paper Content PEOPLE SECURITY PRODUCT SECURITY CLOUD & NETWORK INFRASTRUCTURE SECURITY RISK MANAGEMENT PHYSICAL SECURITY BUSINESS CONTINUITY & DISASTER RECOVERY VENDOR SECURITY SECURITY
More informationTable of Contents 1.1. Overview. Containers, Docker, Registries vsphere Integrated Containers Engine
Table of Contents Overview Containers, Docker, Registries vsphere Integrated Containers Engine Management Portal Registry Roles and Personas 1.1 1.1.1 1.1.2 1.1.2.1 1.1.2.2 1.1.2.3 1.1.2.4 2 Overview of
More informationVMWARE PKS. What is VMware PKS? VMware PKS Architecture DATASHEET
DATASHEET VMWARE PKS AT A GLANCE VMware PKS is a production-grade Kubernetes-based container solution equipped with advanced networking, a private container registry, and full lifecycle management. VMware
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationThe Latest EMC s announcements
The Latest EMC s announcements Copyright 2014 EMC Corporation. All rights reserved. 1 TODAY S BUSINESS CHALLENGES Cut Operational Costs & Legacy More Than Ever React Faster To Find New Growth Balance Risk
More informationIBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights
IBM Secure Proxy Advanced edge security for your multienterprise data exchanges Highlights Enables trusted businessto-business transactions and data exchange Protects your brand reputation by reducing
More informationOrchestrating the Cloud Infrastructure using Cisco Intelligent Automation for Cloud
Orchestrating the Cloud Infrastructure using Cisco Intelligent Automation for Cloud 2 Orchestrate the Cloud Infrastructure Business Drivers for Cloud Long Provisioning Times for New Services o o o Lack
More informationTable of Contents 1.1. Introduction. Overview of vsphere Integrated Containers 1.2
Table of Contents Introduction Overview of vsphere Integrated Containers 1.1 1.2 2 Overview of vsphere Integrated Containers This document provides an overview of VMware vsphere Integrated Containers.
More informationBuilding a More Secure Cloud Architecture
Building a More Secure Cloud Architecture Jerry Archer SVP and CSO Let s Make College Happen Security Guiding Principles in the Cloud Secure Perimeter Micro-segmentation -- isolating applications and data
More informationIdentity-Based Cyber Defense. March 2017
Identity-Based Cyber Defense March 2017 Attackers Continue to Have Success Current security products are necessary but not sufficient Assumption is you are or will be breached Focus on monitoring, detecting
More informationWEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM
SECURITY ANALYTICS WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM BLAZING PERFORMANCE, HIGH AVAILABILITY AND ROBUST SECURITY FOR YOUR CRITICAL WEB APPLICATIONS OVERVIEW Webscale is a converged multi-cloud
More informationJim Reavis CEO and Founder Cloud Security Alliance December 2017
CLOUD THREAT HUNTING Jim Reavis CEO and Founder Cloud Security Alliance December 2017 A B O U T T H E BUILDING SECURITY BEST PRACTICES FOR NEXT GENERATION IT C L O U D S E C U R I T Y A L L I A N C E GLOBAL,
More informationCombating Cyber Risk in the Supply Chain
SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an
More informationOrchestration Ownage: Exploiting Container-Centric Datacenter Platforms
SESSION ID: CSV-R03 Orchestration Ownage: Exploiting Container-Centric Datacenter Platforms Bryce Kunz Senior Threat Specialist Adobe Mike Mellor Director, Information Security Adobe Intro Mike Mellor
More informationM2M / IoT Security. Eurotech`s Everyware IoT Security Elements Overview. Robert Andres
M2M / IoT Security Eurotech`s Everyware IoT Security Elements Overview Robert Andres 23. September 2015 The Eurotech IoT Approach : E2E Overview Application Layer Analytics Mining Enterprise Applications
More informationAutomated Deployment of Private Cloud (EasyCloud)
Automated Deployment of Private Cloud (EasyCloud) Mohammed Kazim Musab Al-Zahrani Mohannad Mostafa Moath Al-Solea Hassan Al-Salam Advisor: Dr.Ahmad Khayyat COE485 T151 1 Table of Contents Introduction
More informationUsing Threat Modeling To Find Design Flaws
Using Threat Modeling To Find Design Flaws Introduction Jim DelGrosso Run Cigital's Architecture Analysis practice 20+ years in software development in many different domains ~15 years focusing on software
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationAdvanced threats. "Software defined" everything. Internet of Things. SDDC/Cloud. HTTP is the new TCP. Mobile. F5 Networks, Inc 2
F5 Software Defined Application Services F5 Synthesis Fred Wu Technical Director of F5 Networks China Advanced threats "Software defined" everything SDDC/Cloud Internet of Things Mobile HTTP is the new
More informationCitrix Workspace. Lausanne Laurent Strauss Christophe Beaugrand
Workspace Lausanne 09.03.2017 Laurent Strauss Christophe Beaugrand WorkspaceSuite Improve employee productivity Deliver a high performance user experience Empower entire workforce Secure enterprise content
More informationVirtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC
Virtualization Security & Audit John Tannahill, CA, CISM, CGEIT, CRISC jtannahi@rogers.com Session Overview Virtualization Concepts Virtualization Technologies Key Risk & Control Areas Audit Programs /
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationBuilding a government cloud Concepts and Solutions
Building a government cloud Concepts and Solutions Dr. Gabor Szentivanyi, ULX Open Source Consulting & Distribution Background Over 18 years of experience in enterprise grade open source Based in Budapest,
More informationIntegrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises
Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises AI-driven website & network protection service that secures online businesses from today's
More informationSECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA
SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA CTO Office www.digi.me another Engineering Briefing digi.me keeping your data secure at all times ALL YOUR DATA IN ONE PLACE TO SHARE WITH PEOPLE WHO
More informationCourse Overview This five-day course will provide participants with the key knowledge required to deploy and configure Microsoft Azure Stack.
[MS20537]: Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Length : 5 Days Audience(s) : IT Professionals Level : 300 Technology : Azure Delivery Method : Instructor-led (Classroom)
More informationModelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer
Modelos de Negócio na Era das Clouds André Rodrigues, Cloud Systems Engineer Agenda Software and Cloud Changed the World Cisco s Cloud Vision&Strategy 5 Phase Cloud Plan Before Now From idea to production:
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationDISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud?
DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing Slide 1 Slide 3 ➀ What is Cloud Computing? ➁ X as a Service ➂ Key Challenges ➃ Developing for the Cloud Why is it called Cloud? services provided
More informationCisco Cloud Strategy. Uwe Müller. Leader PreSales Cloud & Datacenter Germany
Cisco Cloud Strategy Uwe Müller Leader PreSales Cloud & Datacenter Germany 277X Data created by IoE devices v. end-user 30M New devices connected every week 180B Mobile apps downloaded in 2015 78% Workloads
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT
ArcGIS Enterprise Security: An Introduction Randall Williams Esri PSIRT Agenda ArcGIS Enterprise Security for *BEGINNING to INTERMIDIATE* users ArcGIS Enterprise Security Model Portal for ArcGIS Authentication
More informationEtanova Enterprise Solutions
Etanova Enterprise Solutions Networking» 2018-02-24 http://www.etanova.com/technologies/networking Contents HTTP Web Servers... 6 Apache HTTPD Web Server... 6 Internet Information Services (IIS)... 6 Nginx
More informationUnderstanding Cisco Cybersecurity Fundamentals
210-250 Understanding Cisco Cybersecurity Fundamentals NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 210-250 Exam on Understanding Cisco
More informationArticle Summary of: Understanding Cloud Computing Vulnerabilities. Michael R. Eldridge
Article Summary of: Understanding Cloud Computing Vulnerabilities Michael R. Eldridge April 14, 2016 2 Introduction News stories abound about the almost daily occurrence of break-ins and the stealing of
More informationWhose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control SESSION ID: CDS-T11 Sheung-Chi NG Senior Security Consulting Manager, APAC SafeNet, Inc. Cloud and Virtualization Are Change the
More informationReimagining OpenStack*
Reimagining OpenStack* Kristen Accardi *Other names and brands may be claimed as the property of others. 1 "Evaluators of OpenStack believe that complexity and difficulty of deployment are decreasing,
More informationConsumerization. Copyright 2014 Trend Micro Inc. IT Work Load
Complete User Protection Consumerization IT Work Load 2 Then... File/Folder & Removable Media Email & Messaging Web Access Employees IT Admin 3 Now! File/Folder & Removable Media Email & Messaging Web
More informationTrusted Identities. Foundational to Cloud Services LILA KEE CHIEF PRODUCT OFFICER GLOBALSIGN
Trusted Identities Foundational to Cloud Services LILA KEE CHIEF PRODUCT OFFICER GLOBALSIGN WHAT YOU WILL LEARN TODAY Strong identity verification as a security measure and business enabler Authentication
More informationEvolution of Data Center Security Automated Security for Today s Dynamic Data Centers
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationLet s say that hosting a cloudbased application is like car ownership
Let s say that hosting a cloudbased application is like car ownership Azure App Service App Service Features & Capabilities All features and capabilities are shared across all of App Service application
More informationPrecisionAccess Trusted Access Control
Data Sheet PrecisionAccess Trusted Access Control Defeats Cyber Attacks Credential Theft: Integrated MFA defeats credential theft. Server Exploitation: Server isolation defeats server exploitation. Compromised
More informationExtend your datacenter with the power of Citrix Open Cloud
Extend your datacenter with the power of Citrix Open Cloud Peter Leimgruber Sr. SE Datacenter & Networking, CE Mikael Lindholm Sr. SE XenServer & Cloud, EMEA Sales Dev Agenda Cloud Expectations and reality
More informationICS Security Monitoring
ICS Security Monitoring INFRASTRUCTURE MINING & METALS NUCLEAR, SECURITY & ENVIRONMENTAL OIL, GAS & CHEMICALS Moses Schwartz Security Engineer Computer Incident Response Team Bechtel Corporation State
More information1. What is Cloud Computing (CC)? What are the Pros and Cons of CC? Technologies of CC 27
1. What is Cloud Computing (CC)? 3 1.1. Utility Computing First 3 1.2. The New Features of Cloud Computing (CC) 4 1.3. Cloud Service Provider (CSP) 6 1.3.1 Thin Provisioning 7 1.4. CC via a CSP (not via
More informationReal-time Monitoring, Inventory and Change Tracking for. Track. Report. RESOLVE!
Real-time Monitoring, Inventory and Change Tracking for Track. Report. RESOLVE! Powerful Monitoring Tool for Full Visibility over Your Hyper-V Environment VirtualMetric provides the most comprehensive
More information