Rethinking Security CLOUDSEC2016. Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team

Similar documents
Rethinking Security: The Need For A Security Delivery Platform

Product Brief GigaVUE-VM

The Gigamon Visibility Platform

Security inside out. The top seven reasons to optimize your network security model with a security delivery platform. See what matters.

Top Five Reasons You Need an. Elemental Shift in Your Security

Automated Traffic Visibility for SDDC Solution Guide

Aligning Agency Cybersecurity Practices with the Cybersecurity Framework

Man kann nur schützen was man sieht - oder Zentrales Entschlüsseln von SSL/TLS Verkehr Rethinking Security

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Check Point 4800 with Gigamon Inline Deployment Guide

Cisco Firepower NGFW. Anticipate, block, and respond to threats

1V0-642.exam.30q.

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

The threat landscape is constantly

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Cisco ASA 5500-X NGFW

SentinelOne Technical Brief

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Agile Security Solutions

CloudSOC and Security.cloud for Microsoft Office 365

SentinelOne Technical Brief

SYMANTEC DATA CENTER SECURITY

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

68 Insider Threat Red Flags

AKAMAI CLOUD SECURITY SOLUTIONS

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

Automated Threat Management - in Real Time. Vectra Networks

Securing the Software-Defined Data Center

SOC AUTOMATION OF THREAT INVESTIGATION

Software-Define Secure Networks The Future of Network Security for Digital Learning

Disclaimer CONFIDENTIAL 2

The Cognito automated threat detection and response platform

Data Sheet Gigamon Visibility Platform for AWS

Exam Name: VMware Certified Associate Network Virtualization

Copyright 2011 Trend Micro Inc.

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

Solution Overview Gigamon Visibility Platform for AWS

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

Integrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement

Dynamic Datacenter Security Solidex, November 2009

The Future of Threat Prevention

Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

Introducing VMware Validated Designs for Software-Defined Data Center

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

Introducing VMware Validated Designs for Software-Defined Data Center

Windows Server The operating system

Kaspersky Security for Virtualization Frequently Asked Questions

SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012

The Road to a Secure, Compliant Cloud

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Sichere Applikations- dienste

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

VM-SERIES FOR VMWARE VM VM

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Introducing VMware Validated Designs for Software-Defined Data Center

Software-Defined Secure Networks. Sergei Gotchev April 2016

MONITORING AND MANAGING NETWORK FLOWS IN VMWARE ENVIRONMENTS

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

NET1846. Introduction to NSX. Milin Desai, VMware, Inc Kausum Kumar, VMware, Inc

IXIA PHANTOM VTAP WITH TAPFLOW FILTERING

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Gladiator Incident Alert

Datacenter Security: Protection Beyond OS LifeCycle

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

BUFFERZONE Advanced Endpoint Security

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

vshield Administration Guide

Cisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER

VMworld disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no

Paper. Delivering Strong Security in a Hyperconverged Data Center Environment

Using Visibility To Turn The Tables on Cybercriminals

McAfee Network Security Platform 9.1

Transforming Security from Defense in Depth to Comprehensive Security Assurance

RSA NetWitness Suite Respond in Minutes, Not Months

DECRYPT SSL AND SSH TRAFFIC TO DISRUPT ATTACKER COMMUNICATIONS AND THEFT

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

McAfee Network Security Platform 9.2

Snort: The World s Most Widely Deployed IPS Technology

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

Proactive Approach to Cyber Security

Build a Software-Defined Network to Defend your Business

SOLUTION BRIEF RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

5 STEPS TO BUILDING ADVANCED SECURITY IN SOFTWARE- DEFINED DATA CENTERS

External Supplier Control Obligations. Cyber Security

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

BUFFERZONE Advanced Endpoint Security

Unlocking the Power of the Cloud

Securing VMware NSX MAY 2014

How Breaches Really Happen

Transcription:

Rethinking Security CLOUDSEC2016 Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team

Breaches Are The New Normal Only The Scale Surprises Us OPM will send notifications to approximately 22.1 million individuals whose PII may have been compromised. + As many as 80 million customers of the nation's second-largest health insurance company, Anthem Inc., have had their account information stolen, the company said in a statement. ++ Sony Entertainment CEO Michael Lynton told employees of the embattled studio Saturday that the hack attack that has resulted in the leak of employees personal information and internal business documents is unprecedented in nature. * *http://variety.com/2014/film/news/sony-hack-unparalleled-cyber-security-firm-1201372889/ +http://www.opm.gov/news/releases/2015/06/opm-to-notify-employees-of-cybersecurity-incident/ ++http://www.usatoday.com/story/tech/2015/02/04/health-care-anthem-hacked/22900925/ 2

Traditional Security Model Perimeter or Endpoint Based Inside vs. outside Focus on prevention Rule based Signature based Simple Trust Model Trusted vs. Un-trusted Corporate vs. personal asset Insider-outsider boundary dissolved BYOD Static Environment Fixed locations, zones, perimeters Mobility of users, devices and applications 3

Traditional Security Model Perimeter or Endpoint Based Simple Trust Model Static Environment Inside vs. outside Focus on prevention More importantly Trusted vs Un-trusted THE VERY NATURE Corporate vs. personal asset OF CYBER THREATS HAS CHANGED! Fixed locations, zones, perimeters Rule based Signature based Insider-outsider boundary dissolved BYOD Mobility of users, devices and applications Gigamon. All rights reserved. 4

Anatomy of an Advanced Persistent Threat (APT) 1 2 3 4 5 6 Reconnaissance Phishing & zero day attack Back door Lateral movement Data gathering Exfiltrate In Many Cases the System Stays Breached After Exfiltration! Source: RSA 5

Mitigating Risk Remains Difficult *Trustwave Holdings, Inc. "2015 Trustwave Global Security Report." 2015. Accessed July 16, 2015. **FireEye. "MAGINOT REVISITED: More Real-World Results from Real-World Tests." 2015. Accessed July 16, 2015. 6

What Else Has Changed That Impacts Security? FUNDAMENTAL SHIFT IN TRAFFIC PATTERNS Internet Firewall DMZ IPS Core Switch IDS No visibility into lateral propagation of threats! Spine Leaf Server Farm 7

What Else Has Changed That Impacts Security? MOBILITY Internet Firewall DMZ IPS Core Switch IDS No visibility into lateral propagation of threats! Spine Leaf Server Farm 8

What Else Has Changed That Impacts Security? GROWING USE OF SSL 25%-35% of enterprise traffic today is SSL 1 Security and Performance management tools are either blind to SSL traffic or get overloaded if they decrypt SSL Large (2048b) ciphers cause an 81% performance degradation in existing SSL architectures 1 More than 50% of network attacks in 2017 will use encrypted traffic to bypass controls (vs. 5% today) 2 How to ensure security, manage risk, and maintain compliance with growing use of encrypted traffic? 1 NSS Labs 2 Gartner 9

A Perfect Storm: The Need To Rethink Security Architecture Changed Threat Model Fundamentally Unchanged Security Trust Model At Will Security Breaches Rising Use of Encryption Changed Traffic Patterns and Mobility 10

Finding the Threat Within: Challenges with Ad Hoc Security Deployments VISIBILITY LIMITED TO A POINT IN TIME OR PLACE Significant blind spots Intrusion Detection System Internet IPS (Inline) Extraordinary costs Contention for access to traffic Routers Inconsistent view of traffic Data Loss Prevention Spine Switches Anti-Malware (Inline) Blind to encrypted traffic Too many false positives Leaf Switches Email Threat Detection Forensics Virtualized Server Farm It is time the balance of power shifted from attacker to defender! 11

Transformation through Visibility: The Security Delivery Platform Internet IPS (Inline) Anti-Malware (Inline) Data Loss Prevention Intrusion Detection System Forensics Email Threat Detection Routers Spine Switches Security Delivery Platform Leaf Switches A complete network-wide reach: physical and virtual Scalable metadata extraction for improved forensics Isolation of applications for targeted inspection Visibility to encrypted traffic for threat detection Inline bypass for connected security applications Virtualized Server Farm Security Delivery Platform: A foundational building block to effective security. 12

Introducing GigaSECURE THE INDUSTRY S FIRST SECURITY DELIVERY PLATFORM 2015 Gigamon. All All rights reserved. 13

Gaining Complete Network Wide Reach GigaVUE-VM and GIgaVUE Nodes H Series and TA Series Terabit scale visibility nodes with the ability to cluster multiple nodes Traffic aggregation and intelligent filtering using patented Flow Mapping Replicate traffic to multiple security appliances without performance impact GigaVUE VM Non-intrusive access to virtual traffic via a lightweight user-space monitoring VM Follow the VM : Uninterrupted security monitoring during virtual workload migration Enables a physical security appliance to extend the security function to virtual traffic Standalone G-TAP and Embedded TAPs Non-intrusive access to TAP all network traffic from 10 Mb to 100 Gb links Industry-leading TAP density available in a range of split ratios Available as standalone TAPs or embedded into GigaVUE appliances 14

Visibility in VMware ESXi Environments GigaVUE-VM Traffic Policies APM NPM Host-based approach GigaVUE-VM on every ESXi host Traffic of interest extracted from virtual switch VDS, VSS, Nexus 1k Integration with vcenter Approach is admin friendly VDS, VSS, N1k VMware ESXi VDS, VSS, N1k VMware ESXi GigaVUE-FM Security CEM Tunneling 15

Gigamon Visibility Solution for VMware NSX Monitoring Policy GigaVUE-FM Security/Monitor Admin Internet Traffic Copy Tools and Analytics Application Performance Network Management Security 16

OpenStack Cloud Monitoring Tenant Visibility MONITORING FROM WITHIN (MFW) Agent Any vswitch KVM GigaVUE-VM Any vswitch KVM Traffic Policies GigaVUE-FM Glance Horizon Nova Tenant APM NPM Security Agent-based approach Agent on every application VM that needs monitoring GigaVUE-VM aggregates traffic from agents GigaVUE-VM sends traffic to physical Visibility Fabric Agnostic to virtual switch Integration with OpenStack Approach is tenant friendly CEM Tunneling 17

GigaSECURE: Manageability and Automation PROGRAMMABILITY VIA GIGAVUE-FM GigaVUE-FM REST APIs Email Threat Detection Forensics Internet Virtual Workloads Intrusion Detection System Data Loss Prevention Production Network Security Functions 19

Benefits FASTER DETECTION, FASTER CONTAINMENT Consistent network-wide traffic view for all security appliances, all of the time Eliminate departmental and appliance level contention for access to data No disruption to network traffic as security solutions get deployed or upgraded, or when moving from out-of-band to inline deployments Eliminate blind spots associated with encrypted traffic, mobility Significantly offload security appliances through full session offload and full flow metadata Faster identification of malware movement, faster time to containment 20

Summary The security state of today s networks is catalyzing an acute need to shift security architecture from prevention toward detection and response This new security model has a critical reliance on network visibility with which to vet, deploy and scale security applications and devices GigaSECURE, the first offering of a Security Delivery Platform (SDP), is poised to transform the way security services are deployed and leveraged by making them more effective at protection, more dynamic and more cost-effective 21

Q&A

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback