Securing the Network: Understanding CIA, Segmentation, and Zero Trust. Jacek Szamrej VP of Cybersecurity SEDC
|
|
- Russell Strickland
- 6 years ago
- Views:
Transcription
1 Securing the Network: Understanding CIA, Segmentation, and Zero Trust Jacek Szamrej VP of Cybersecurity SEDC
2 Jacek Szamrej VP of Cybersecurity SEDC
3 C? A I
4 What are we protecting? Confidentiality DATA Availability Integrity
5 What are we protecting? Public Personal Secret Availability Confidentiality RTO RPO MTD DATA Cryptography Meta data Integrity
6 What are we protecting? Public Personal Secret Availability Confidentiality RTO RPO MTD DATA DATA DATA DATA Cryptography Meta data Integrity
7 Data Classification Example SCADA DATA AMI DATA DATA DATA PII & PCI Intranet, E&O
8 Defense in Depth Now we can support this defense with network segmentation We divided data into different categories for more effective protection
9 Data segmentation example Account Number Meter Number Usage Data , 0.5, 0.3, 1.2, MD5 HASH Account Number Meter Number Usage Data 2cb6128ecc85fa a626d876cfd MD5 HASH be799977f7b518b14 16daa371f Copy 0.2, 0.5, 0.3, 1.2,
10 No Segmentation labs.iro.umontreal.ca/~vaucher/history/ships_discovery/
11 Segmentation
12 Segmentation
13 Segmentation _of_the_worlds_largest_ever_container_ships
14 Segmentation reinstalled pcs and servers to recover from notpetya attack/
15 How do we apply CIA to our network? Office S1 S2 SCADA DMZ SCADA Substation
16 How do we apply CIA to our network? Office Untrusted S1 S2 Trusted Network SCADA DMZ DMZ SCADA Substation
17 Ukraine Power Grid Cyberattack 2015 Office S1 S2 SCADA DMZ SCADA Substation
18 Ukraine Power Grid Cyberattack with BlackEnergy malware Office S1 S2 SCADA DMZ SCADA Substation
19 Ukraine Power Grid Cyberattack 2015 Pivot to server and establish C&C Office S1 S2 SCADA DMZ SCADA Substation
20 Ukraine Power Grid Cyberattack 2015 Office S1 S2 They found pre shared key for VPN on SCADA firewall SCADA DMZ SCADA Substation
21 Ukraine Power Grid Cyberattack 2015 Office S1 S2 Firmware has been changed on SCADA devices SCADA DMZ SCADA Substation
22 Ukraine Power Grid Cyberattack 2015 Office S1 S2 They use SCADA HMI to open breakers SCADA DMZ SCADA Substation
23 Ukraine Power Grid Cyberattack 2015
24 Ukraine Power Grid Cyberattack 2015 Full document with all recommendations: ISAC_SANS_Ukraine_DUC_18Mar2016.pdf
25 Network Segmentation Definition: Network segmentation in computer networking is the act or profession of splitting a computer network into subnetworks, each being a network segment. Advantages of such splitting are primarily for boosting performance and improving security.
26 Common Reasons for Network Segmentation Performance Security Compliance
27 Network Segmentation Examples Levels of Trust VLAN/ACL ACL Virtual Firewall Firewall Data Diode Air Gap Source: Gartner (July 2016)
28 Zero Trust Model
29 Concepts of Zero Trust Model All resources are accessed in a secure manner regardless of location Access control is on a need to know and is strictly enforced Inspect and log all traffic
30 Zero Trust Network Diagram steps to a zero trust network from theory to practice
31 Zero Trust Network Diagram Next Generation Firewall: FW Firewall IPS Intrusion Prevention System CF Content Filtering AC Activity Monitoring Crypto Cryptography AM Access Control steps to a zero trust network from theory to practice
32 Zero Trust Network Diagram Management jumpbox in separate zone steps to a zero trust network from theory to practice
33 Zero Trust Network Diagram MCAP (Micro Core and Perimeter): Protected L2 switching zone MCAP members have similar functionality steps to a zero trust network from theory to practice
34 Zero Trust Network Diagram DAN (Data Acquisition Network): Zone dedicated to log analysis SIEM Network Analysis and Visibility (NAV) steps to a zero trust network from theory to practice
35 Software Defined Perimeter All network connections are authenticated (using MFA and/or PKI), the health of each endpoint is inspected Originated at the Defense Information Systems Agency (DISA), now maintained by Cloud Security Alliance BeyondCorp is Google version of this concept lerner/2017/03/21/microsegmentation/
36 Software Defined Perimeter defined perimeter/#_overview
37 Micro Segmentation Software defined segmentation Isolates applications in virtual environment Focus on east west communication Security defined at granular level lerner/2017/03/21/microsegmentation/
38 Micro Segmentation Models Native micro segmentation Vendors examples: Amazon, Cisco, Microsoft, VMware lerner/2017/03/21/microsegmentation/
39 Micro Segmentation Models Native micro segmentation Third party model Vendor examples: Cisco, Check Point, Fortinet, Juniper Networks, Palo Alto Networks, SonicWall, Sophos, Huawei lerner/2017/03/21/microsegmentation/
40 Micro Segmentation Models Native micro segmentation Third party model Overlay model Vendor examples: Cisco, CloudPassage, Drawbridge Networks, GuardiCore, Illumio, Juniper Networks, ShieldX, varmour, Unisys, Tempered Networks lerner/2017/03/21/microsegmentation/
41 Micro Segmentation Models Native micro segmentation Third party model Overlay model Hybrid model lerner/2017/03/21/microsegmentation/
42 Example of Native Micro Segmentation segmentation with nsx/
43 How Overlay Segmentation Works Agent W1 Agent W2 Firewall Agent S1 Agent S2 SW3 Internet P1 P2 SW1 S3 PBX1 SW2 PR1 P3 SW-D1 SW4 DMZ-S1 DMZ-S2 Controller Agent W3 Agent W4-CC Controller: analyzing traffic, allows communication, apply and adjust policies
44 How Overlay Segmentation Works Agent W1 Agent W2 Firewall Agent S1 Agent S2 SW3 Internet P1 P2 SW1 S3 PBX1 SW2 PR1 P3 SW-D1 SW4 DMZ-S1 DMZ-S2 Controller Agent W3 Agent W4-CC Controller: analyzing traffic, allows communication, apply and adjust policies
45 How Overlay Segmentation Works Agent W1 Agent W2 Firewall Agent S1 Agent S2 SW3 Internet P1 P2 SW1 S3 PBX1 SW2 PR1 P3 SW-D1 SW4 DMZ-S1 DMZ-S2 Controller Agent W3 Agent W4-CC Some vendors are offering deception features
46 came but the french were prepared.html Cyber Deception Example
47 Purdue Enterprise Reference Architecture Level 5 Level 4 Level 3 Level 2 Level 1 Level 0 Enterprise network IT Applications (CIS, GIS, OMS, AMI?) SCADA Historian FEP, SCADA Master Meter, RTU CT, PT, other sensors Source:
48 Phases of Network Segmentation Classification Analysis Design Implementation Monitoring Data Classification Analyze network traffic (types, volume) Network structure, monitoring methods Select vendor, install equipment Monitor traffic, apply changes Source:
49 Bison Valley Electric Cooperative Network Segmentation Project
50 Our Guests Gary Jeger Palmetto Electric Co op George Buckner Central Florida Electric Co op Jack Daniels Bison Valley Electric Co op
51 Gary Jeger Palmetto Electric Cooperative
52 George Buckner Central Florida Electric Cooperative
53 Jack Daniels Bison Valley Electric Cooperative
54 BVEC Network Before After cleanup before and after photos/pg004.html
55 BVEC Network Segmentation Project Objective Follow Zero Trust Model and recommendations from PCI DSS and US CERT TA16 250A. Solution BVEC is considering three different approaches to segment their network. Questions How these options follow concept of Zero Trust Model, PCI DSS, and TA16 250A recommendations?
56 BVEC Network Segmentation Project US CERT Alert (TA16 250A) The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations Protecting the network infrastructure is critical to preserve the confidentiality, integrity, and availability of communication and services across an enterprise.
57 BVEC Network Segmentation Project TA16 250A Recommendations: 1. Segregate Networks and Functions 2. Limit Unnecessary Lateral Communications 3. Harden Network Devices 4. Secure Access to Infrastructure Devices 5. Perform Out of Band Management 6. Validate Integrity of Hardware and Software
58 BVEC Network MS MS MS FIN CFO CEO CIS AMI MDM GIS OMS AD & FS Exchange Intranet DB1 DB2 Office S1 S2 VM1 VM2 E&O E&O E&O E&O LG COO DMZ Server Room Fiber & Radio Dispatch & SCADA Office DMZ District Office SCADA AMI Substation PTZ C SCADA AMI Substation PTZ C
59 BVEC Network Option 1 Segmentation Gateway
60 BVEC Network Option 1 Segmentation Gateway Multiple NGFW vendors: (Palo Alto, Checkpoint, Fortinet, Juniper, etc) Shall we use the same vendor as edge firewall or different? We will need High Availability option which is more expensive.
61 BVEC Network Option 2 VMWare NSX MS MS MS FIN CFO CEO CIS AMI MDM GIS OMS AD & FS Exchange Intranet DB1 DB2 Office S1 S2 VM1 VM2 E&O E&O E&O E&O LG COO DMZ Server Room Fiber & Radio Dispatch & SCADA Office DMZ District Office SCADA AMI Substation PTZ C SCADA AMI Substation PTZ C
62 BVEC Network Option 2 VMWare NSX Physical vsphere Distributed Switch VDS DFW Distributed Firewalls CIS AMI MDM GIS OMS DB2 DB1 Intranet Exchange AD & FS VM1 VM2
63 BVEC Network Option 2 VMWare NSX Throughput not tied to hardware, easy to scale, can be extended to the cloud. vsphere Distributed Switch Consultant might be needed to determine optimal configuration. VDS Physical Uses proprietary VMWare NSX solution, bare metal servers are not included. DFW Distributed Firewalls CIS AMI MDM GIS OMS DB2 DB1 Intranet Exchange AD & FS VM1 VM2
64 BVEC Network Option 3 Identity Defined Network HIP Client HIP Client HIP Server HIP Server CIS AMI MDM GIS OMS AD FS Exchange Intranet Apps Office Conductor S1 S2 VM1 VM2 HIP Server DMZ Server Room Fiber & Radio HIP Server Dispatch & SCADA DMZ District Office SCADA AMI Substation CCV C SCADA AMI Substation CCV C
65 BVEC Network Option 3 Identity Defined Network Does not require major CIS hardware installation. HIP Server AMI MDM GIS HIP Server OMS It can be extended to the cloud in the future. Conductor S1 S2 VM1 AD FS Exchange Intranet Apps VM2 Based on HIP standard, but IDN is a proprietary solution. HIP Client HIP Client Can be tested locally before installed. Office HIP Server DMZ Server Room Fiber & Radio HIP Server Dispatch & SCADA DMZ District Office SCADA AMI Substation CCV C SCADA AMI Substation CCV C
66 BVEC Network Option 1 Segmentation Gateway
67 BVEC Network Option 2 VMWare NSX MS MS MS FIN CFO CEO CIS AMI MDM GIS OMS AD & FS Exchange Intranet DB1 DB2 Office S1 S2 VM1 VM2 E&O E&O E&O E&O LG COO DMZ Server Room Fiber & Radio Dispatch & SCADA Office DMZ District Office SCADA AMI Substation PTZ C SCADA AMI Substation PTZ C
68 BVEC Network Option 3 Identity Defined Network HIP Client HIP Client HIP Server HIP Server CIS AMI MDM GIS OMS AD FS Exchange Intranet Apps Office Conductor S1 S2 VM1 VM2 HIP Server DMZ Server Room Fiber & Radio HIP Server Dispatch & SCADA DMZ District Office SCADA AMI Substation CCV C SCADA AMI Substation CCV C
69 Summary Classify your data by using CIA triad Network segmentation can be designed in house Consider segmenting SCADA, PCI, and PII first
70 Thank you! Jacek Szamrej, SEDC
Firewalls (IDS and IPS) MIS 5214 Week 6
Firewalls (IDS and IPS) MIS 5214 Week 6 Agenda Defense in Depth Evolution of IT risk in automated control systems Security Domains Where to put firewalls in an N-Tier Architecture? In-class exercise Part
More informationStop Cyber Threats With Adaptive Micro-Segmentation. Chris Westphal Head Of Product Marketing
Stop Cyber Threats With Adaptive Micro-Segmentation Chris Westphal Head Of Product Marketing Agenda Why Are We Here? What Is Adaptive Micro-Segmentation? How Adaptive Micro-Segmentation Is Used Why Visibility
More informationBLOCKCHAIN FOR CYBERSECURITY MICRO-SEGMENTED NETWORK ACCESS CONTROL
SESSION ID: SDS-R03 BLOCKCHAIN FOR CYBERSECURITY MICRO-SEGMENTED NETWORK ACCESS CONTROL Rajeevan Kallumpuram CISSP, CISM Assistant Vice President Reliance Industries Limited Twitter- @RajeevansView BLOCKCHAIN
More informationZero Trust Security with Software-Defined Secure Networks
Zero Trust Security with Software-Defined Secure Networks Srinivas Nimmagadda and Pradeep Nair Juniper Networks This statement of direction sets forth Juniper Networks current intention and is subject
More informationThe threat landscape is constantly
A PLATFORM-INDEPENDENT APPROACH TO SECURE MICRO-SEGMENTATION Use Case Analysis The threat landscape is constantly evolving. Data centers running business-critical workloads need proactive security solutions
More informationPROTECT WORKLOADS IN THE HYBRID CLOUD
PROTECT WORKLOADS IN THE HYBRID CLOUD SPOTLIGHTS Industry Aviation Use Case Protect workloads in the hybrid cloud for the safety and integrity of mission-critical applications and sensitive data across
More informationThe Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy
The Next Generation Security Platform Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy The Next Generation Enterprise Security Platform Core Value Proposition An Enterprise Security
More informationSECURITY PLATFORM FOR HEALTHCARE PROVIDERS
SECURITY PLATFORM FOR HEALTHCARE PROVIDERS Hundreds of hospitals, clinics and healthcare networks across the globe prevent successful cyberattacks with our Next-Generation Security Platform. Palo Alto
More informationSECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011
SECURING THE NEXT GENERATION DATA CENTER Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011 JUNIPER SECURITY LEADERSHIP Market Leadership Data Center with High-End
More informationAddressing Cyber Threats in Power Generation and Distribution
Addressing Cyber Threats in Power Generation and Distribution VEO, Asko Tuomela o Bachelor of Science in Electrical Power Engineering o Over 6 years experience in power projects, PLCs and supervision systems
More informationOperationalizing NSX Micro segmentation in the Software Defined Data Center
Operationalizing NSX Micro segmentation in the Software Defined Data Center A Comprehensive Solution for Visibility and Management of Heterogeneous Security Controls in a Data Center www.tufin.com Introduction
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationIntroduction to ICS Security
Introduction to ICS Security Design. Build. Protect. Presented by Jack D. Oden, June 1, 2018 ISSA Mid-Atlantic Information Security Conference, Rockville, MD Copyright 2018 Parsons Federal 2018 Critical
More informationFuture Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group
Future Challenges and Changes in Industrial Cybersecurity Sid Snitkin VP Cybersecurity Services ARC Advisory Group Srsnitkin@ARCweb.com Agenda Industrial Cybersecurity Today Scope, Assumptions and Strategies
More informationKaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia
Kaspersky Cloud Security for Hybrid Cloud Diego Magni Presales Manager Kaspersky Lab Italia EXPERTISE 1/3 of our employees are R&D specialists 323,000 new malicious files are detected by Kaspersky Lab
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationBuilding a More Secure Cloud Architecture
Building a More Secure Cloud Architecture Jerry Archer SVP and CSO Let s Make College Happen Security Guiding Principles in the Cloud Secure Perimeter Micro-segmentation -- isolating applications and data
More informationTransforming Security Part 2: From the Device to the Data Center
SESSION ID: SP01-R11 Transforming Security Part 2: From the Device to the Data Center John Britton Director, EUC Security VMware @RandomDevice The datacenter as a hospital 3 4 5 Digital transformation
More informationSimple and Secure Micro-Segmentation for Internet of Things (IoT)
Solution Brief Simple and Secure Micro-Segmentation for Internet of Things (IoT) A hardened network architecture for securely connecting any device, anywhere in the world Tempered Networks believes you
More informationPresenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe
Presenting the ware NSX ECO System May 2015 Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe Agenda 10:15-11:00 ware NSX, the Network Virtualization Platform 11.15-12.00 Palo Alto
More informationNetwork Virtualization Business Case
SESSION ID: GPS2-R01 Network Virtualization Business Case Arup Deb virtual networking & security VMware NSBU adeb@vmware.com I. Data center security today Don t hate the player, hate the game - Ice T,
More informationBUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY
SOLUTION OVERVIEW BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY Every organization is exploring how technology can help it disrupt current operating models, enabling it to better serve
More informationProtecting productivity with Industrial Security Services
Protecting productivity with Industrial Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. usa.siemens.com/industrialsecurityservices
More informationNo compromises for secure SCADA Communications even over 3rd Party Networks
No compromises for secure SCADA Communications even over 3rd Party Networks The Gamble of Using ISP Private Networks How to Stack the Odds in Your Favor Standards Certification Education & Training Publishing
More informationPrivilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer
Privilege Security & Next-Generation Technology Morey J. Haber Chief Technology Officer mhaber@beyondtrust.com Agenda The Next-Gen Threat Landscape o Infomatics, Breaches & the Attack Chain o Securing
More informationCopyright 2011 Trend Micro Inc.
Copyright 2011 Trend Micro Inc. 2008Q1 2008Q2 2008Q3 2008Q4 2009Q1 2009Q2 2009Q3 2009Q4 2010Q1 2010Q2 2010Q3 2010Q4 2011Q1 2011Q2 2011Q3 2011Q4 M'JPY Cloud Security revenue Q to Q Growth DeepSecurity/Hosted/CPVM/IDF
More informationSoftware-Define Secure Networks The Future of Network Security for Digital Learning
Software-Define Secure Networks The Future of Network Security for Digital Learning SIGS, 5.Juli 2015 Klaus Ernst, Systems Engineer Juniper Networks Threat Landscape Feels like Treading Water 2017 IT Priorities
More informationThe Need For A New IT Security Architecture: Global Study On The Risk Of Outdated Technologies
The Need For A New IT Security Architecture: Global Study On The Risk Of Outdated Technologies Daniel Yeung Technical Manager, Hong Kong & Taiwan AUG 2017 2017 Citrix Why Worry? Security needs to be top-of-mind
More informationRethinking Security CLOUDSEC2016. Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team
Rethinking Security CLOUDSEC2016 Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team Breaches Are The New Normal Only The Scale Surprises Us OPM will send notifications
More informationSECURING THE MULTICLOUD
SECURING THE MULTICLOUD Bahul Harikumar and Ali Bidabadi Juniper Networks This statement of direction sets forth Juniper Networks current intention and is subject to change at any time without notice.
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
SAI2803BU The Road to Micro- Segmentation with VMware NSX #VMworld #SAI2803BU Disclaimer This presentation may contain product features that are currently under development. This overview of new technology
More informationWhy the cloud matters?
Why the cloud matters? Speed and Business Impact Expertise and Performance Cost Reduction Trend Micro Datacenter & Cloud Security Vision Enable enterprises to use private and public cloud computing with
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationSecuring the North American Electric Grid
SESSION ID: TECH-R02 Securing the North American Electric Grid Marcus H. Sachs, P.E. SVP and CSO North American Electric Reliability Corporation @MarcusSachs Critical Infrastructure s Common Denominator
More informationSecure Access & SWIFT Customer Security Controls Framework
Secure Access & SWIFT Customer Security Controls Framework SWIFT Financial Messaging Services SWIFT is the world s leading provider of secure financial messaging services. Their services are used and trusted
More informationPROTECTING MANUFACTURING and UTILITIES Industrial Control Systems
PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems Mati Epstein Global Sales Lead, Critical Infrastructure and ICS [Internal Use] for Check Point employees 1 Industrial Control Systems (ICS)/SCADA
More informationSecuring IEDs against Cyber Threats in Critical Substation Automation and Industrial Control Systems
Securing IEDs against Cyber Threats in Critical Substation Automation and Industrial Control Systems Eroshan Weerathunga, Anca Cioraca, Mark Adamiak GE Grid Solutions MIPSYCON 2017 Introduction Threat
More informationINDUSTRIAL NETWORK RESILIENCE. Davide Crispino Salvatore Brandonisio
INDUSTRIAL NETWORK RESILIENCE Davide Crispino Salvatore Brandonisio Cyber Attacks: A risk among the most feared At the World Economic Forum 2016: «Cyber Attacks are considered to be one of the highest
More informationTABLE OF CONTENTS. Section Description Page
GPA Cybersecurity TABLE OF CONTENTS Section Description Page 1. Cybersecurity... 1 2. Standards... 1 3. Guides... 2 4. Minimum Hardware/Software Requirements For Secure Network Services... 3 4.1. High-Level
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationThe Global Information Security Compliance Packet (GISCP): The World's most In-Depth set of professionally researched and developed information
The Global Information Security Compliance Packet (GISCP): The World's most In-Depth set of professionally researched and developed information security policies, procedures, forms, checklists, templates,
More informationVM-SERIES FOR VMWARE VM VM
SERIES FOR WARE Virtualization technology from ware is fueling a significant change in today s modern data centers, resulting in architectures that are commonly a mix of private, public or hybrid cloud
More informationDynamic Datacenter Security Solidex, November 2009
Dynamic Datacenter Security Solidex, November 2009 Deep Security: Securing the New Server Cloud Virtualized Physical Servers in the open Servers virtual and in motion Servers under attack 2 11/9/09 2 Dynamic
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationDisclaimer CONFIDENTIAL 2
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationGLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More informationSecuring VMware NSX MAY 2014
Securing VMware NSX MAY 2014 Securing VMware NSX Table of Contents Executive Summary... 2 NSX Traffic [Control, Management, and Data]... 3 NSX Manager:... 5 NSX Controllers:... 8 NSX Edge Gateway:... 9
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationSegmentation. Threat Defense. Visibility
Segmentation Threat Defense Visibility Establish boundaries: network, compute, virtual Enforce policy by functions, devices, organizations, compliance Control and prevent unauthorized access to networks,
More informationVirtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC
Virtualization Security & Audit John Tannahill, CA, CISM, CGEIT, CRISC jtannahi@rogers.com Session Overview Virtualization Concepts Virtualization Technologies Key Risk & Control Areas Audit Programs /
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
MMC1532BE Using VMware NSX Cloud for Enhanced Networking and Security for AWS Native Workloads Percy Wadia Amol Tipnis VMworld 2017 Content: Not for publication #VMworld #MMC1532BE Disclaimer This presentation
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationCyber security for digital substations. IEC Europe Conference 2017
Cyber security for digital substations IEC 61850 Europe Conference 2017 Unrestricted Siemens 2017 siemens.com/gridsecurity Substation Digitalization process From security via simplicity 1st generation:
More informationCybersecurity Roadmap: Global Healthcare Security Architecture
SESSION ID: TECH-W02F Cybersecurity Roadmap: Global Healthcare Security Architecture Nick H. Yoo Chief Security Architect Disclosure No affiliation to any vendor products No vendor endorsements Products
More informationPaloalto Networks PCNSA EXAM
Page No 1 m/ Paloalto Networks PCNSA EXAM Palo Alto Networks Certified Network Security Administrator Product: Full File For More Information: /PCNSA-dumps 2 Product Questions: 50 Version: 8.0 Question:
More informationClearPass Ecosystem. Tomas Muliuolis HPE Aruba Baltics lead
ClearPass Ecosystem Tomas Muliuolis HPE Aruba Baltics lead 2 Changes in the market create paradigm shifts 3 Today s New Behavior and Threats GenMobile Access from anywhere? BYOD Trusted or untrusted? Bad
More informationMICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER
TECHNICAL WHITE PAPER MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY Abstract Organizations are in search of ways to more efficiently and securely use IT resources to increase innovation and minimize cost.
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
SIE2034BE Securing your VMware Horizon Virtualized Apps and Desktop Investments with NSX Satish Yadavalli, General Manager & Global Practice Head Wipro Limited Bhanu Reddy, Practice Manager Wipro Limited
More informationBuilding a Smart Segmentation Strategy
Building a Smart Segmentation Strategy Using micro-segmentation to reduce your attack surface, harden your data center, and secure your cloud. WP201705 Overview Deployed at the network layer, segmentation
More informationIntelligent Edge Protection
Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017 Flexible consumption Beacons, sensors and geo-positioning Driven by agile DevOps Mobile users, apps and devices
More informationIdentity Awareness Software Blade Check Point Software Technologies Ltd. [Unrestricted] For everyone
Identity Awareness Software Blade 2010 Check Point Software Technologies Ltd. [Unrestricted] For everyone Agenda 1 Introduction 2 Solution Overview 3 Identity Awareness Features 4 Selling Strategy 2 Agenda
More informationT22 - Industrial Control System Security
T22 - Industrial Control System Security PUBLIC Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 1 Holistic Approach A secure application depends on multiple layers of protection and industrial
More informationSecurity in Cloud Environments
Security in Cloud Environments Security Product Manager Joern Mewes (joern.mewes@nokia.com) 16-11-2016 1 Cloud transformation happens in phases and will take 5+ years Steps into the cloud Now 2016+ 2020+
More informationto protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large
Executive Summary As a County Government servicing about 1.5 million citizens, we have the utmost responsibility to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large
More informationSecuring the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.
Securing the Smart Grid Understanding the BIG Picture The Power Grid The electric power system is the most capital-intensive infrastructure in North America. The system is undergoing tremendous change
More informationAND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING
PROTECTING BANKING AND FINANCIAL INSTITUTIONS FROM CYBER FRAUD Enabling the financial industry to become proactively secure and compliant Overview In order to keep up with the changing digital payment
More informationVerizon Software Defined Perimeter (SDP).
Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.
More informationSecuring the Modern Data Center with Trend Micro Deep Security
Advania Fall Conference Securing the Modern Data Center with Trend Micro Deep Security Okan Kalak, Senior Sales Engineer okan@trendmicro.no Infrastructure change Containers 1011 0100 0010 Serverless Public
More informationTitle: Planning AWS Platform Security Assessment?
Title: Planning AWS Platform Security Assessment? Name: Rajib Das IOU: Cyber Security Practices TCS Emp ID: 231462 Introduction Now-a-days most of the customers are working in AWS platform or planning
More informationNEXT-GENERATION SECURITY WITH VMWARE NSX AND PALO ALTO NETWORKS VM-SERIES
NEXT-GENERATION SECURITY WITH VMWARE NSX AND PALO ALTO NETWORKS SERIES Palo Alto Networks Next-Generation Security With VMware NSX and Palo Alto Networks White Paper 1 Table of Contents Introduction 3
More informationSecure & Unified Identity
Secure & Unified Identity for End & Privileged Users Copyright 2015 Centrify Corporation. All Rights Reserved. 1 Key Point #1: Perimeter is Dissolving Making Identity Matter Most You must plant a strong
More informationBeOn Security Cybersecurity for Critical Communications Systems
WHITEPAPER BeOn Security Cybersecurity for Critical Communications Systems Peter Monnes System Design Engineer Harris Corporation harris.com #harriscorp TABLE OF CONTENTS BeOn Security... 3 Summary...
More informationA CISO GUIDE TO MULTI-CLOUD SECURITY Achieving Transparent Visibility and Control and Enhanced Risk Management
A CISO GUIDE TO MULTI-CLOUD SECURITY Achieving Transparent Visibility and Control and Enhanced Risk Management CONTENTS INTRODUCTION 1 SECTION 1: MULTI-CLOUD COVERAGE 2 SECTION 2: MULTI-CLOUD VISIBILITY
More informationCyber Security of Industrial Control Systems (ICSs)
Cyber Security of Industrial Control Systems (ICSs) February 23, 2016 Joe Weiss PE, CISM, CRISC, ISA Fellow Managing Partner Applied Control Solutions, LLC (408) 253-7934 joe.weiss@realtimeacs.com Applied
More informationSecurity Considerations for Cloud Readiness
Application Note Zentera Systems CoIP Platform CoIP Defense-in-Depth with Advanced Segmentation Advanced Segmentation is Essential for Defense-in-Depth There is no silver bullet in security a single solution
More informationBest Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security
Best Practices in Healthcare Risk Management Balancing Frameworks/Compliance and Practical Security Our industry is full of jargon terms that make it difficult to understand what we are buying To accelerate
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationData Diode Cybersecurity Implementation Protects SCADA Network and Facilitates Transfer of Operations Information to Business Users
Data Diode Cybersecurity Implementation Protects SCADA Network and Facilitates Transfer of Operations Information to Business Users Standards Certification Education & Training Publishing Conferences &
More informationSecuring the Software-Defined Data Center
Securing the Software-Defined Data Center The future of the data center is software defined Key Advantages McAfee Network Platform 8.4 Delivers best-in-class IPS security across physical and softwaredefined
More informationImprove Existing Disaster Recovery Solutions with VMware NSX
Improve Existing Disaster Recovery Solutions with VMware NSX Kevin Reed Sr Manager, VMware Federal Networking & Security Team kreed@vmware.com 703.307.3253 Don Poorman Manager Solutions Enginering Govplace
More informationCloud Native Security. OpenShift Commons Briefing
Cloud Native Security OpenShift Commons Briefing Amir Sharif Co-Founder amir@aporeto.com Cloud Native Applications Challenge Security Change Frequency x 10x 100x 1,000x Legacy (Pets) Servers VMs Cloud
More informationVMware, SQL Server and Encrypting Private Data Townsend Security
VMware, SQL Server and Encrypting Private Data Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 Today s Agenda! What s new from Microsoft?! Compliance, standards, and
More informationVMworld disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no
LHC3296BUS OVH: Shields Up! Building a True Security Barrier in the Cloud Chris Romano, Principal Systems Engineer #VMworld #LHC3296BUS VMworld disclaimer This presentation may contain product features
More informationSmart Grid vs. The NERC CIP
Smart Grid vs. The NERC CIP Tobias Whitney, MBA GE Smart Grid Center of Excellence 1 First The Bottom Line Security & Privacy are paramount Smart Grid concerns of regulators and the public Currently every
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationDECRYPT SSL AND SSH TRAFFIC TO DISRUPT ATTACKER COMMUNICATIONS AND THEFT
DECRYPT SSL AND SSH TRAFFIC TO DISRUPT ATTACKER COMMUNICATIONS AND THEFT SUMMARY Industry Federal Government Use Case Prevent potentially obfuscated successful cyberattacks against federal agencies using
More informationNAVIGATING THE WATERS OF THE NEW EU NIS 2016/1148 CYBERSECURITY DIRECTIVE FOR ESSENTIAL SERVICE OPERATORS WHITE PAPER
NAVIGATING THE WATERS OF THE NEW EU NIS 2016/1148 CYBERSECURITY DIRECTIVE FOR ESSENTIAL SERVICE OPERATORS WHITE PAPER MAY 2018 2018 Radiflow, Ltd. All Rights reserved. The information in this document
More informationBILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers
This document is scheduled to be published in the Federal Register on 07/28/2016 and available online at http://federalregister.gov/a/2016-17854, and on FDsys.gov BILLING CODE 6717-01-P DEPARTMENT OF ENERGY
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationSecurity: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration
Security: A Driving Force Behind Moving to the Cloud Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration 2017, Amazon Web Services, Inc. or its affiliates.
More informationICS Security. Trends, Issues, and New Standards. Speaker: David Mattes CTO, Asguard Networks
ICS Security Trends, Issues, and New Standards Standards Certification Education & Training Publishing Conferences & Exhibits Speaker: David Mattes CTO, Asguard Networks 2013 ISA Water / Wastewater and
More informationOpen Security Controller - Security Orchestration for OpenStack
SESSION ID: CSV-W02 Open Security Controller - Security Orchestration for OpenStack Tarun Viswanathan Platform Solution Architect Intel Manish Dave Platform Architect Intel Notices and Disclaimers Intel
More informationSRX als NGFW. Michel Tepper Consultant
SRX als NGFW Michel Tepper Consultant Firewall Security Challenges Organizations are looking for ways to protect their assets amidst today s ever-increasing threat landscape. The latest generation of web-based
More informationWHITE PAPER OCTOBER VMWARE NSX WITH CHECK POINT vsec. Enhancing Micro-Segmentation Security
WHITE PAPER OCTOBER 2017 VMWARE NSX WITH CHECK POINT vsec Enhancing Micro-Segmentation Security Table of Contents Executive Summary 3 VMware NSX Network Virtualization Overview 5 East-West Versus North-South
More informationCryptographically Isolated Virtual Networks
Cryptographically Isolated Virtual Networks A Community of Interest Approach SecTor 2013 Rob Johnson, Distinguished Engineer Unisys Agenda Who am I? What is the issue? What are Secure COIs? How do Secure
More informationGoogle Cloud Platform: Customer Responsibility Matrix. December 2018
Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect
More informationDIGITAL TRANSFORMATION IN FEDERAL GOVERNMENT. Securely Modernize and Mobilize Government IT to Advance Missions
DIGITAL TRANSFORMATION IN FEDERAL GOVERNMENT Securely Modernize and Mobilize Government IT to Advance Missions ACHIEVING GREATER EFFICIENCY AND COST CONTAINMENT With 80 percent of every Federal IT dollar
More information