THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES
|
|
- Lee Shields
- 6 years ago
- Views:
Transcription
1 SESSION ID: STR-R14 THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES Doug Cahill Group Director and Senior Analyst Enterprise Strategy
2 WHO IS THIS GUY?
3 Topics The Composition of Hybrid Clouds Spotlight: Container Security Considerations Defining the Lack of Cloud Visibility Retooling for Multi-Dimensional Hybrid Clouds Spotlight: Automating Security via Integration with the CI/CD Pipeline Applying Best Practices Summary 3
4 THE COMPOSITION OF HYBRID CLOUDS
5 What is hybrid, anyway?
6 THE MANY DEFINITIONS OF A HYBRID CLOUD Primary Historical Use Case: Public cloud as a storage target for backup and archiving More Accurately: Cross-cloud Orchestration By app tier e.g. DB tier on-premise, web app tier in the cloud Burst-mode for scale, portability for best fit and price --> For this Discussion: Simply the combination of an on-premises + cloud footprint 6
7 Multi-Cloud Adoption 7
8 Workloads are Shifting to Public Clouds Of all the production workloads used by your organization, approximately what percentage is run on public cloud infrastructure services (i.e., IaaS and/or PaaS) today? How do you expect this to change if at all over the next 24 months? (Percent of respondents, N=450) Percent of production workloads run on public cloud infrastructure services today Percent of production workloads run on public cloud infrastructure services 24 months from now 25% 26% 24% 24% 16% 5% 15% 16% 10% 16% 15% 5% 1% 2% Less than 10% of workloads 10% to 20% of workloads 21% to 30% of workloads 31% to 40% of workloads 41% to 50% of workloads More than 50% of workloads Don t know 8
9 The Heterogeneous Mix of Workload Types 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Bare metal servers, 35% Virtual machines, 46% Containers, 19% Percent of Percent production of production workloads workloads run on each run server on each type server today type TODAY 9 Bare metal servers, 26% Virtual machines, 41% Containers, 33% Percent of Percent production of production workloads workloads run on each server type run 24 on months each server from type now 24 MONTHS FROM NOW
10 HYBRID CLOUDS ARE MULTI-DIMENSIONAL X 2+ MULTI-CLOUDS + = HETEROGENOUS SERVER TYPES 2017 by The Enterprise Strategy Group, Inc.
11 SPOTLIGHT: CONTAINER SECURITY CONSIDERATIONS
12 Containers are coming, en masse!
13 App Containers Are Moving Into Production Yes, we have already deployed an extensive number of containerized production applications 16% 4%1% 13% Yes, we have already deployed a few containerized production applications No, but we are testing it and plan to start deploying to production in the next 12 months No, but we intend to start testing it in our lab in the next 12 months No, and we have no plans to 24% 42% Don t know 56% already in production +24% in next 12 months 13
14 Legacy and New Apps are Being Containerized 4% 23% We use/will use containers for new applications only We use/will use containers for new applications and some pre-existing legacy applications We use/will use containers for pre-existing legacy applications only 73% 14
15 Application Container Portability Make Them Location Agnostic 27% 21% Our container-based applications are/will be deployed in a public cloud environment only Our container-based applications are/will be deployed in an on-premises data center or colocation facility managed by our organization only 52% Our container-based applications are/will be deployed in a combination of public cloud platforms and private data centers 15
16 Container Security Concerns = VM Sprawl Redux 16
17 Container Security Pre-Production Requirements Establish Trusted Images via Registry-resident Image Scanning Eliminate known software vulnerabilities Bonus: Contextual based on risk -- known exploit, criticality of the app and data Harden configurations against CIS benchmarks Remediate, rinse and repeat Secrets Management: Separate until runtime 17
18 Container Security Runtime Requirements Continuous Monitoring Inventory including discovery of untrusted/unsigned containers Topology mapping to view and verify relationships East-west inter-container traffic Auditing of access requests, system activity, and Docker API calls Integrity monitoring Baselining of normal behavior Threat Prevention Detection and prevention of anomalous activity Integrity and applications control to prevent drift Intrusion detection and prevention Access controls including segmentation Anti-malware detection and prevention 18
19 Container Security - Implementation Considerations CI/CD tool integration to enable automation (build-ship-run tools) Consider pros and cons of host vs. privileged container vs. sensor Registry aware public and private Heterogeneous server workload type support 19
20 DEFINING THE LACK OF CLOUD VISIBILITY
21 Where s the network tap?
22 Top Hybrid Cloud Security Challenges Maintaining strong and consistent security across our own data center and multiple public cloud Employees signing up for cloud applications without the approval and governance of our IT Keeping up with the rapid pace of change via DevOps automation makes it a challenge to Meeting prescribed best practices for the configuration of cloud-resident workloads and the use Our DevOps and application owners do not want to involve our security team in their cloud Inability for existing network security controls to provide visibility into cloud Lack of skills needed to align strong security with our hybrid cloud strategy Satisfying our security team that our public cloud infrastructure is secure Some of our business units are doing application development and deployment on public cloud My organization s existing security tools do not support cloud native conventions such as on- Aligning regulatory compliance requirements with my organization s cloud strategy Lack of visibility into the network related activity of our cloud-based workloads Inability to automate the application of security controls due to the lack of integration with We have not experienced any challenges 22 6% 25% 23% 20% 19% 19% 18% 18% 18% 17% 16% 16% 14% 13%
23 Top Areas for Improving Visibility Into Cloud-Resident Workloads Identifying software vulnerabilities Identifying workload configurations that are out of compliance An audit trail of all system level activity Alerts on the detection of anomalous system-level workload activity An audit trail of privileged user account activity An audit trail of the use of IaaS APIs The existence of any external facing server workloads which do not Inter-workload communication The communication between workloads and an externally facing Alerts on the anomalous use of cloud APIs 30% 30% 27% 26% 26% 24% 21% 19% 18% 18% 23
24 WHICH IS WHY SOME FEEL THIS WAY
25 RETOOLING FOR MULTI-DIMENSIONAL HYBRID CLOUDS
26 2017 by The Enterprise Strategy Group, Inc.
27 Highest Priorities for Hybrid Cloud Security Build a cloud security strategy that can be used across heterogeneous public and private clouds Implement a workload segmentation model to limit the lateral movement of an attack, i.e., segment test/dev from production workloads, segment regulated from non-regulated workloads, etc. Integrate security controls with cloud and/or container orchestration tools Work with other teams to align security requirements with cloud provisioning and management automation Create a self-service catalogue so that workloads can be classified and then assigned to different public and private cloud options based upon their sensitivity Explore and recommend new security technologies that are specifically designed for cloud computing Determine ways to accelerate security tasks to keep pace with cloud provisioning and DevOps Learn about the security controls, monitoring capabilities, and APIs associated with each cloud service provider offering Figure out how we can extend our current security technologies to protect/monitor cloud workloads Create new policies specifically for cloud workloads and containers 30% 28% 27% 24% 23% 22% 20% 20% 20% 20% 27
28 Retooling Across Skills and Processes General knowledge of cybersecurity threats that pose a risk to hybrid cloud infrastructure Lack of familiarity with the continuous integration and continuous delivery processes and orchestration tools of a DevOps methodology Working relationship between the IT Operations, DevOps, and cybersecurity teams Understanding the specifics of how our cloud service provider and our organization share responsibility for securing our cloud-resident assets 33% 31% 31% 28% We don t have an adequately sized staff to meet our cloud security needs We don t have the right level of cloud security skills 20% 19% None of the above 6% 28
29 The Rise of the Cloud Security Architect Yes, and this position(s) has been in place for a year or more 7% 4% 3% 1% 25% Yes, and this position(s) has been in place for less than one year Yes, and this position(s) was recently established 6% No, but we are actively hiring for this position 12% We have had difficulty filling this position 24% 18% No, but we plan to establish this type of position(s) within the next 12 to 24 months No, but we are interested in establishing this type of position(s) sometime in the future No, and we have no plans or interest in doing so in the future Don t know 29
30 AUTOMATING SECURITY VIA INTEGRATION WITH THE CI/CD PIPELINE
31
32 Strong Interest in Security + DevOps Use Cases 18% 6%1% 15% Extensively Automating security via DevOps was one of the main reasons we adopted DevOps Somewhat We plan to incorporate some level of security in of DevOps process 19% We are evaluating security use cases that leverage our DevOps processes We do not want to slow down our DevOps processes with security 41% We have not yet discussed how security fits with our DevOps plans Don t know 32
33 Drivers Behind DevSecOps Adoption 1. TIGHT INTEGRATION Allows us to improve our security posture by making sure cybersecurity controls and processes are tightly integrated at every stage of our continuous integration and continuous delivery (CI/CD) tool chain 2. COMPLIANCE Allows us to assure we meet and maintain compliance with applicable industry regulations 3. COLLABORATION Fosters a high level of collaboration between our development, infrastructure management, application owners, and cybersecurity stakeholders 4. OPERATIONAL EFFICIENCY Improves our operational efficiency by automating the deployment of cybersecurity controls 5. PROACTIVE APPROACH Makes us think about security proactively and as an immutable attribute of how we manage our infrastructure 33
34 DevSecOps and Cloud SecOps Use Cases Span Environments Identifying workload configuration vulnerabilities before deployment to production Applying controls which can detect anomalous activity 44% 46% Applying preventative controls 44% Identifying software vulnerabilities before deployment to production Identifying workload configurations that are out of compliance with a regulation before deployment to production Applying controls which capture system activity for incident response and forensics 39% 42% 41% Applying inter-workload communication access controls 34% 34
35 APPLYING BEST PRACTICES
36
37 Separate Environments and Duties By Environment Segment Dev, Test, and Production environments Further segment by compute and storage Tiny bubbles to reduce blast radius By Role with Least Privilege, MFA APIs, not user accounts to interact with services Least privilege model protects against credential harvesting MFA for commits, builds, and deploys
38 Gain Visibility via Discovery, Assessments, and Monitoring Inventory the attack surface area Instance and container sprawl = developer manifestation of Shadow IT On-premises and cloud resident workloads For all accounts, all clouds Assess Configurations The obvious: Externally facing workloads not routing via a bastion host Workload configs against CIS benchmarks Use of pre-hardened images Monitor the environment Enable auditing services for API and service usage; augment with on-board agent Host network flow traffic for east-west, in/outbound threat detection DVR activity for trust, but verify compliance and IR investigations
39 Employ Anomaly Detection for Auto Scaling Groups Premise: There should be no intra-group drift Anomalies of interest: New process and child processes File system changes Logins beyond ID - time, location, frequency Netflow to/from remote IPs (i.e. not via jumphost) User access behaviors Inter-entity deviations Rules by role to automate and reduce alerts storms
40 Automate Across All Environments (DevSecOps + Cloud SecOps) In Dev: SDLC integrated Static code analysis Composition analysis In Test: Reduce attack surface Because production is immutable Eliminate software vulnerabilities Assess and harden configs of services and workloads In Prod: Policy via tool chain integration By tag, and thus templates, for consistency Host firewalls, integrity monitoring, IDS/IPS, anomaly detection
41 Unify for Consistency Across the Dimensions Replicate policy by workload profile/tag CI/CD automation on-prem and in the cloud Centralized visibility of inter-workload traffic Cloud-delivered and single console lowers operational cost
42 Seek Purpose-Built Solutions Supports automated policy assignment by tag Operates in auto-scaling groups, transient instances Linux support not an after thought Support heterogeneous server workload types Server less security on the roadmap Cloud delivered for cloud scale APIs for integrations and instrumentation Metered utility-based pricing model
43
44 Appreciate this is a Team Sport Groups directly involved in hybrid cloud security policies (Evaluating, Purchasing, and Operating) Security team Networking team Data center infrastructure/operations team DevOps team Regulatory compliance team Application development team Line-of-business/application owner Legal team 41% 40% 35% 33% 29% 24% 19% 56%
45 SUMMARY
46 You may ask yourself How did I get here? 2018 by The Enterprise Strategy Group, Inc.
47 Summary Multi-dimensionality drives complexity, clouds visibility Siloed approaches should be an interim step Environment specifics need to be understood en route to a unified approach CI/CD integration is an opportunity to both automate for efficiencies and move security upstream/left Immutable production environments requires introducing security earlier I had the best pictures at RSA Conference
48
Closing the Hybrid Cloud Security Gap with Cavirin
Enterprise Strategy Group Getting to the bigger truth. Solution Showcase Closing the Hybrid Cloud Security Gap with Cavirin Date: June 2018 Author: Doug Cahill, Senior Analyst Abstract: Most organizations
More informationAutomating Security Practices for the DevOps Revolution
Automating Security Practices for the DevOps Revolution Hari Srinivasan Director Product Management, Cloud and Virtualization Security Qualys Inc. 1 Qualys, Inc. 2018 Agenda Transformation of today s IT
More informationThe Why, What, and How of Cisco Tetration
The Why, What, and How of Cisco Tetration Why Cisco Tetration? With the above trends as a backdrop, Cisco has seen specific changes within the multicloud data center. Infrastructure is changing. It is
More informationCLOUD WORKLOAD SECURITY
SOLUTION OVERVIEW CLOUD WORKLOAD SECURITY Bottom line: If you re in IT today, you re already in the cloud. As technology becomes an increasingly important element of business success, the adoption of highly
More informationDevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY
DevOps Anti-Patterns Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! 31 Anti-Pattern: Throw it Over the Wall Development Operations 32 Anti-Pattern: DevOps Team Silo
More informationContainer Deployment and Security Best Practices
Container Deployment and Security Best Practices How organizations are leveraging OpenShift, Quay, and Twistlock to deploy, manage, and secure a cloud native environment. John Morello CTO Twistlock Dirk
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationMEETING ISO STANDARDS
WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationSecurity as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS
Security as Code: The Time is Now Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS Introduction Business is moving faster to the cloud, and DevOps is accelerating scale and pushing automation
More informationAWS Reference Design Document
AWS Reference Design Document Contents Overview... 1 Amazon Web Services (AWS), Public Cloud and the New Security Challenges... 1 Security at the Speed of DevOps... 2 Securing East-West and North-South
More informationThe threat landscape is constantly
A PLATFORM-INDEPENDENT APPROACH TO SECURE MICRO-SEGMENTATION Use Case Analysis The threat landscape is constantly evolving. Data centers running business-critical workloads need proactive security solutions
More informationSecuring Your Cloud Introduction Presentation
Securing Your Cloud Introduction Presentation Slides originally created by IBM Partial deck derived by Continental Resources, Inc. (ConRes) Security Division Revision March 17, 2017 1 IBM Security Today
More informationDevSecOps Why Aren t You Doing It? Brian Liceaga, CISSP 1
DevSecOps Why Aren t You Doing It? Brian Liceaga, CISSP 1 Agenda State of DevOps Value of DevOps Benefitting from DevOps DevSecOps What you can do as InfoSec 2 The State of DevOps - 2017 Automation is
More informationCisco Tetration Analytics
Cisco Tetration Analytics Enhanced security and operations with real time analytics John Joo Tetration Business Unit Cisco Systems Security Challenges in Modern Data Centers Securing applications has become
More informationAutomating the Software-Defined Data Center with vcloud Automation Center
Automating the Software-Defined Data Center with vcloud Automation Center 10 June 2014 Chris Alleaume Senior Systems Engineer 2014 VMware Inc. All rights reserved. The Impact of the Accelerating Pace of
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationWITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,
More informationData Sheet GigaSECURE Cloud
Data Sheet GigaSECURE Cloud Intelligent network traffic visibility that enables enterprises to extend their security posture to Microsoft The rapid evolution of Infrastructure-as-a-Service (IaaS) brings
More informationDevelopment. Architecture QA. Operations
Development Architecture QA Operations Lack of business agility Slow to onboard new customers Hard to practice true DevOps Outpaced by disruptors Rogue dev projects Lack of SecOps agility Slow threat assessments
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationIBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan
IBM Cloud Security for the Cloud Amr Ismail Security Solutions Sales Leader Middle East & Pakistan Today s Drivers for Cloud Adoption ELASTIC LOWER COST SOLVES SKILLS SHORTAGE RAPID INNOVATION GREATER
More informationebook ADVANCED LOAD BALANCING IN THE CLOUD 5 WAYS TO SIMPLIFY THE CHAOS
ebook ADVANCED LOAD BALANCING IN THE CLOUD 5 WAYS TO SIMPLIFY THE CHAOS Introduction Load balancing isn t just about managing traffic anymore. As your infrastructure expands to include applications in
More informationUnify DevOps and SecOps: Security Without Friction
SANS Secure DevOps Summit Unify DevOps and SecOps: Security Without Friction Matt Alderman, CISSP Chief Strategy & Marketing Officer Layered Insight @maldermania Technology Trend #1: Infrastructure Migrates
More informationQualys Cloud Platform
Qualys Cloud Platform Our Journey into the Cloud: The Qualys Cloud Platform & Architecture Thomas Wendt Regional Manager Post-Sales, DACH, Qualys Inc. Digital Transformation More than just adopting new
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationExam C Foundations of IBM Cloud Reference Architecture V5
Exam C5050 287 Foundations of IBM Cloud Reference Architecture V5 1. Which cloud computing scenario would benefit from the inclusion of orchestration? A. A customer has a need to adopt lean principles
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
MMC1532BE Using VMware NSX Cloud for Enhanced Networking and Security for AWS Native Workloads Percy Wadia Amol Tipnis VMworld 2017 Content: Not for publication #VMworld #MMC1532BE Disclaimer This presentation
More informationIT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,
IT Security Training MS-500: Microsoft 365 Security Administration $2,595.00 4 Days Upcoming Dates Course Description Day 1: Managing Microsoft 365 Identity and Access (MS-500T01-A) Help protect against
More informationQualys Cloud Platform
18 QUALYS SECURITY CONFERENCE 2018 Qualys Cloud Platform Looking Under the Hood: What Makes Our Cloud Platform so Scalable and Powerful Dilip Bachwani Vice President, Engineering, Qualys, Inc. Cloud Platform
More informationCREATING A CLOUD STRONGHOLD: Strategies and Methods to Manage and Secure Your Cloud
CREATING A CLOUD STRONGHOLD: Strategies and Methods to Manage and Secure Your Cloud Ted Brunell Principal Solution Architect, DoD Programs tbrunell@redhat.com @DoDCloudGuy AGENDA Overview of Current Security
More informationSecurity Models for Cloud
Security Models for Cloud Kurtis E. Minder, CISSP December 03, 2011 Introduction Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer
More informationNetwork Visibility and Segmentation
Network Visibility and Segmentation 2019 Cisco and/ or its affiliates. All rights reserved. Contents Network Segmentation A Services Approach 3 The Process of Segmentation 3 Segmentation Solution Components
More informationCisco Cloud Application Centric Infrastructure
Cisco Cloud Application Centric Infrastructure About Cisco cloud application centric infrastructure Cisco Cloud Application Centric Infrastructure (Cisco Cloud ACI) is a comprehensive solution for simplified
More informationHALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.
HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD Automated PCI compliance anytime, anywhere. THE PROBLEM Online commercial transactions will hit an estimated
More informationSolution Overview Gigamon Visibility Platform for AWS
Solution Overview Gigamon Visibility Platform for Background With the rapid evolution of the public cloud that brings instant advantages of economies of scale, elasticity and agility, IT and data center
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationBuilding a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.
Building a Secure and Compliant Cloud Infrastructure Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc. Why Are We Here? Expanded Enterprise Data access anywhere, anytime
More informationPrivilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer
Privilege Security & Next-Generation Technology Morey J. Haber Chief Technology Officer mhaber@beyondtrust.com Agenda The Next-Gen Threat Landscape o Infomatics, Breaches & the Attack Chain o Securing
More informationHow Security Policy Orchestration Extends to Hybrid Cloud Platforms
How Security Policy Orchestration Extends to Hybrid Cloud Platforms Reducing complexity also improves visibility when managing multi vendor, multi technology heterogeneous IT environments www.tufin.com
More informationMcAfee Public Cloud Server Security Suite
McAfee Public Cloud Server Security Suite Comprehensive security for AWS and Azure cloud workloads As enterprises shift their data center strategy to include and often lead with public cloud server instances,
More informationOracle Buys Palerra Extends Oracle Identity Cloud Service with Innovative Cloud Access Security Broker
Oracle Buys Palerra Extends Oracle Identity Cloud Service with Innovative Cloud Access Security Broker October 14, 2016 Copyright 2016, Oracle and/or its affiliates. All rights reserved. Oracle is currently
More information85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges
Do You Have A Firewall Around Your Cloud? California Cybersecurity Education Summit 2018 Tyson Moler Oracle Security, North America Public Sector Conquering The Big Threats & Challenges Real Life Threats
More informationFive Essential Capabilities for Airtight Cloud Security
Five Essential Capabilities for Airtight Cloud Security SECURITY IN THE CLOUD REQUIRES NEW CAPABILITIES It is no secret; security and compliance are at the top of the list of concerns tied to cloud adoption.
More informationVulnerability Management
Vulnerability Management Modern Vulnerability Management The IT landscape today is changing and because of that, vulnerability management needs to change too. IT environments today are filled with both
More information2018 Report The State of Securing Cloud Workloads
2018 Report The State of Securing Cloud Workloads 1 Welcome to our 2018 report on the state of securing cloud workloads A summary of the responses of close to 350 professionals whose primary areas of responsibility
More informationLift and Shift, Don t Lift and Pray: Pragmatic Cloud Migration Strategies
SESSION ID: STR-T08 Lift and Shift, Don t Lift and Pray: Pragmatic Cloud Migration Strategies Rich Mogull Analyst/CEO Securosis VP of Product DisruptOps rmogull@securosis.com Reality Bites There is relentless
More informationAutomating the Software-Defined Data Center with vcloud Automation Center
Automating the Software-Defined Data Center with vcloud Automation Center Aviv Waiss, lead Cloud management Specialist 2014 VMware Inc. All rights reserved. The Impact of the Accelerating Pace of Business
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationNOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect
NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should
More informationALIENVAULT USM FOR AWS SOLUTION GUIDE
ALIENVAULT USM FOR AWS SOLUTION GUIDE Summary AlienVault Unified Security Management (USM) for AWS is a unified security platform providing threat detection, incident response, and compliance management
More informationCyberPosture Intelligence for Your Hybrid Infrastructure
VALUE BRIEF CyberPosture Intelligence for Your Hybrid Infrastructure CyberPosture is a consolidated risk score, based on configuration and workload analysis, that executives can present to their board,
More informationSIEMLESS THREAT DETECTION FOR AWS
SOLUTION OVERVIEW: ALERT LOGIC FOR AMAZON WEB SERVICES (AWS) SIEMLESS THREAT DETECTION FOR AWS Few things are as important to your business as maintaining the security of your sensitive data. Protecting
More informationData Protection. Plugging the gap. Gary Comiskey 26 February 2010
Data Protection. Plugging the gap Gary Comiskey 26 February 2010 Data Protection Trends in Financial Services Financial services firms are deploying data protection solutions across their enterprise at
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationLogging, Monitoring, and Alerting
Logging, Monitoring, and Alerting Logs are a part of daily life in the DevOps world In security, we focus on particular logs to detect security anomalies and for forensic capabilities A basic logging pipeline
More informationPasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP
Pasiruoškite ateičiai: modernus duomenų centras Laurynas Dovydaitis Microsoft Azure MVP 2016-05-17 Tension drives change The datacenter today Traditional datacenter Tight coupling between infrastructure
More informationChallenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9
HAWK Overview Agenda Contents Slide Challenges 3 HAWK Introduction 4 Key Benefits 6 About Gavin Technologies 7 Our Security Practice 8 Security Services Approach 9 Why Gavin Technologies 10 Key Clients
More informationCloud Going Mainstream All Are Trying, Some Are Benefiting; Few Are Maximizing Value
All Are Trying, Some Are Benefiting; Few Are Maximizing Value Germany Findings September 2016 Executive Summary Cloud adoption has increased 70% from last year, with 71% of companies in Germany pursuing
More informationAZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments
AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES To Secure Azure and Hybrid Cloud Environments Introduction Cloud is at the core of every successful digital transformation initiative. With cloud comes new
More informationSECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011
SECURING THE NEXT GENERATION DATA CENTER Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011 JUNIPER SECURITY LEADERSHIP Market Leadership Data Center with High-End
More informationCloud Going Mainstream All Are Trying, Some Are Benefiting; Few Are Maximizing Value
All Are Trying, Some Are Benefiting; Few Are Maximizing Value Latin America Findings September 2016 Executive Summary Cloud adoption has increased 49% from last year, with 78% of companies in Latin America
More informationModelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer
Modelos de Negócio na Era das Clouds André Rodrigues, Cloud Systems Engineer Agenda Software and Cloud Changed the World Cisco s Cloud Vision&Strategy 5 Phase Cloud Plan Before Now From idea to production:
More informationAutomating the Software-Defined Data Center with vcloud Automation Center
Automating the Software-Defined Data Center with vcloud Automation Center Alex Tanner EM Specialist SE July 2014 2014 VMware Inc. All rights reserved. The Impact of the Accelerating Pace of Business The
More informationAlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment
BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug
More informationEnabling Hybrid Cloud Transformation
Enterprise Strategy Group Getting to the bigger truth. White Paper Enabling Hybrid Cloud Transformation By Scott Sinclair, ESG Senior Analyst November 2018 This ESG White Paper was commissioned by Primary
More informationSecurity Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:
Position: Reports to: Location: Security Monitoring Engineer / (NY or NC) Director, Information Security New York, NY or Winston-Salem, NC Position Summary: The Clearing House (TCH) Information Security
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationManaging Microsoft 365 Identity and Access
Course MS-500T01-A: Managing Microsoft 365 Identity and Access Page 1 of 3 Managing Microsoft 365 Identity and Access Course MS-500T01-A: 1 day; Instructor-Led Introduction Help protect against credential
More informationCloud Going Mainstream All Are Trying, Some Are Benefiting; Few Are Maximizing Value. An IDC InfoBrief, sponsored by Cisco September 2016
All Are Trying, Some Are Benefiting; Few Are Maximizing Value September 2016 Executive Summary Cloud adoption has increased 61% from last year, with 73% pursuing a hybrid cloud strategy and on-premises
More informationNEXT GENERATION SECURITY OPERATIONS CENTER
DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting
More informationGDPR Update and ENISA guidelines
GDPR Update and ENISA guidelines 2016 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure
More informationAUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs
AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs WITH PALO ALTO NETWORKS AND REAN CLOUD 1 INTRODUCTION EXECUTIVE SUMMARY Organizations looking to provide developers with a free-range development environment
More informationWill your application be secure enough when Robots produce code for you?
SESSION ID: ASD-W02 Will your application be secure enough when Robots produce code for you? Hasan Yasar Technical Manager, Faculty Member SEI CMU @securelifecycle With the speed of DevOps It is me! I
More informationTripwire State of Container Security Report
RESEARCH Tripwire State of Container Security Report January 2019 FOUNDATIONAL CONTROLS FOR SECURITY, COMPLIANCE & IT OPERATIONS As DevOps continues to drive increased use of containers, security teams
More informationCloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.
George Gerchow, Sumo Logic Chief Information Security Officer Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops. Agenda Sumo Security
More informationIntroduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview
IBM Watson on the IBM Cloud Security Overview Introduction IBM Watson on the IBM Cloud helps to transform businesses, enhancing competitive advantage and disrupting industries by unlocking the potential
More informationTRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald
TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE John McDonald 1 What is Trust? Can I trust that my assets will be available when I need them? Availability Critical Assets Security Can I trust
More informationAgenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options
Agenda Why we need a new approach to endpoint security Introducing Sophos Intercept X Demonstration / Feature Walk Through Deployment Options Q & A 2 Endpoint Security has reached a Tipping Point Attacks
More informationGovernment IT Modernization and the Adoption of Hybrid Cloud
Government IT Modernization and the Adoption of Hybrid Cloud An IDC InfoBrief, Sponsored by VMware June 2018 Federal and National Governments Are at an Inflection Point Federal and national governments
More informationData Sheet Gigamon Visibility Platform for AWS
Data Sheet Gigamon Visibility Platform for Overview The rapid evolution of Infrastructure-as-a-Service (IaaS), or public clouds, brings instant advantages of economies of scale, elasticity, and agility
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationThe intelligence of hyper-converged infrastructure. Your Right Mix Solution
The intelligence of hyper-converged infrastructure Your Right Mix Solution Applications fuel the idea economy SLA s, SLA s, SLA s Regulations Latency Performance Integration Disaster tolerance Reliability
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationMarc Hornbeek DevOps-the-Gray Principal DevOps Consultant, Trace3 Author, DevOps Test Engineering Course The DevOps Institute
HOST EXPERT PANEL Shashi Kiran CMO Quali Marc Hornbeek DevOps-the-Gray Principal DevOps Consultant, Trace3 Author, DevOps Test Engineering Course The DevOps Institute Pascal Joly Director, Technology Partnerships
More informationGoing cloud-native with Kubernetes and Pivotal
Going cloud-native with Kubernetes and Pivotal A guide to Pivotal Container Service (PKS) by role Fast, low-risk enterprise-grade Kubernetes has arrived With Pivotal Container Service (PKS), organizations
More informationWHITE PAPER. Applying Software-Defined Security to the Branch Office
Applying Software-Defined Security to the Branch Office Branch Security Overview Increasingly, the branch or remote office is becoming a common entry point for cyber-attacks into the enterprise. Industry
More informationWHY LEGACY SECURITY ARCHITECTURES ARE INADEQUATE IN A MULTI-CLOUD WORLD
WHY LEGACY SECURITY ARCHITECTURES ARE INADEQUATE IN A MULTI-CLOUD WORLD CONTENTS EXECUTIVE SUMMARY 1 MULTI-CLOUD CHANGES THE SECURITY EQUATION 2 SECTION 1: CLOUD SILOS IMPAIR VISIBILITY AND RESPONSE 3
More informationSecurity Architecture
Security Architecture RDX s top priority is to safeguard our customers sensitive information. Introduction RDX understands that our customers have turned over the keys to their sensitive data stores to
More informationForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.
Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do
More informationAdopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security
Adopting Modern Practices for Improved Cloud Security Cox Automotive - Enterprise Risk & Security 1 About Cox Automotive Cox Automotive is a leading provider of products and services that span the automotive
More informationCOMPLIANCE AUTOMATION BRIDGING THE GAP BETWEEN DEVELOPMENT AND INFORMATION SECURITY
COMPLIANCE AUTOMATION BRIDGING THE GAP BETWEEN DEVELOPMENT AND INFORMATION SECURITY Published January, 2018 : BRIDGING THE GAP BETWEEN DEVELOPMENT AND INFORMATION SECURITY Speed is nothing without control.
More informationvrealize Introducing VMware vrealize Suite Purpose Built for the Hybrid Cloud
vrealize Introducing VMware vrealize Suite Purpose Built for the Hybrid Cloud Overview: Realizing the Full Power of the Cloud Cloud computing provides tremendous competitive advantages to companies, but
More informationADC im Cloud - Zeitalter
ADC im Cloud - Zeitalter Applikationsdienste für Hybrid-Cloud- und Microservice-Szenarien Ralf Sydekum, SE Manager DACH, F5 Networks GmbH Some of the Public Cloud Related Questions You May Have.. It s
More information