Stop Cyber Threats With Adaptive Micro-Segmentation. Jeff Francis Regional Systems Engineer

Similar documents
Stop Cyber Threats With Adaptive Micro-Segmentation. Chris Westphal Head Of Product Marketing

WHITE PAPER MICRO-SEGMENTATION. illumio.com

Building a Smart Segmentation Strategy

ELIMINATING FIREWALL RULE PROLIFERATION

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

CloudVision Macro-Segmentation Service

Securing Your Virtual World Harri Kaikkonen Channel Manager

How to Use Micro-Segmentation to Secure Government Organizations

SYMANTEC DATA CENTER SECURITY

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Title DC Automation: It s a MARVEL!

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Cloud Native Security. OpenShift Commons Briefing

Clearing the Path to Micro-Segmentation. A Strategy Guide for Implementing Micro- Segmentation in Hybrid Clouds

The Why, What, and How of Cisco Tetration

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Cisco Tetration Analytics Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH

The threat landscape is constantly

AWS Reference Design Document

Network Virtualization Business Case

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

How to Use Segmentation to Secure Government Organizations

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER

Cisco Tetration Analytics

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud

Deployment Patterns using Docker and Chef

Datacenter Security: Protection Beyond OS LifeCycle

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Cisco Tetration Analytics + Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH

Cisco Tetration Analytics

THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES

Intuit Application Centric ACI Deployment Case Study

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER

Service Mesh and Microservices Networking

Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER

Using Network Virtualization in DevOps environments Yves Fauser, 22. March 2016 (Technical Product Manager VMware NSBU)

SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Securing Your SWIFT Environment Using Micro-Segmentation

VMworld disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

25 Best Practice Tips for architecting Amazon VPC

The Road to a Secure, Compliant Cloud

Defining Security for an AWS EKS deployment

Getting Started with AWS Security

PSOACI Tetration Overview. Mike Herbert

Simplify Hybrid Cloud

HIPrelay Product. The Industry's First Identity-Based Router Product FAQ

Best Practices in Securing a Multicloud World

VMware vshield App Design Guide TECHNICAL WHITE PAPER

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Operationalizing NSX Micro segmentation in the Software Defined Data Center

Five Essential Capabilities for Airtight Cloud Security

Security Considerations for Cloud Readiness

A10 HARMONY CONTROLLER

A different approach to Application Security

2018 Cisco and/or its affiliates. All rights reserved.

Self-driving Datacenter: Analytics

ebook ADVANCED LOAD BALANCING IN THE CLOUD 5 WAYS TO SIMPLIFY THE CHAOS

Development. Architecture QA. Operations

Zener. Distributed Software Defined Firewalls A TECHNICAL WHITE PAPER

FortiGate. on OCB FE Configuration Guide. 6 th December 2018 Version 1.0

Cisco Cloud Application Centric Infrastructure

1V0-642.exam.30q.

Data Center and Cloud Automation

Realities and Risks of Software-Defined Everything (SDx) John P. Morency Research Vice President

Hybrid Cloud Solutions

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

The Business Case for Network Segmentation

Securely Access Services Over AWS PrivateLink. January 2019

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

Oracle Cloud Infrastructure Virtual Cloud Network Overview and Deployment Guide ORACLE WHITEPAPER JANUARY 2018 VERSION 1.0

3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

AGENDA Introduction Pivotal Cloud Foundry NSX-V integration with Cloud Foundry New Features in Cloud Foundry Networking NSX-T with Cloud Fou

Cloud Services. Infrastructure-as-a-Service

Nuage Networks Product Architecture. White Paper

Cato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.

An introductory look. cloud computing in education

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

Verizon Software Defined Perimeter (SDP).

Qualys Cloud Platform

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

CloudBridge and Get Ready for Desktops and Apps as a Service. Henrik Poulsen

WHAT CIOs NEED TO KNOW TO CAPITALIZE ON HYBRID CLOUD

VMware Cloud on AWS. A Closer Look. Frank Denneman Senior Staff Architect Cloud Platform BU

Redefining Networking with Network Virtualization

SECURING THE MULTICLOUD

The Cisco HyperFlex Dynamic Data Fabric Advantage

Microsegmentation with Cisco ACI

CHEM-E Process Automation and Information Systems: Applications

VMware vcloud Networking and Security Overview

Managing Security While Driving Digital Transformation

Delivering the Wireless Software-Defined Branch

Securing Digital Transformation

Check Point vsec for Microsoft Azure

VM-SERIES ON GOOGLE CLOUD DEPLOYMENT GUIDELINES

Transcription:

Stop Cyber Threats With Adaptive Micro-Segmentation Jeff Francis Regional Systems Engineer

Who is This Guy, and Why is He Here? Jeff Francis Regional Systems Engineer Northwestern United States Datacenter Network Security Not Users, Protocols, Operating Systems, or Hypervisors How We Got to the Current Mess We re In Microsegmentation: A New Hope Four Use Cases Visibility: You Can t Protect What You Don t Understand 2

A Brief History of Datacenter Security 1969 through early 1990s: Host-Based Security Mid-1990s: Border Firewalls 2000s: Datacenter (E/W) Firewalls 2015-ish: Per-Host Firewalls Reduce the Attack Surface 3

The Move to the Cloud 4

Come on Baby, can you do that Conga? Line of Business Central IT and Security & Risk Central IT DAYS OR WEEKS CHANGE REQUEST MAP NETWORK IMPACTS DETERMINE REQUIRED CHANGES Security & Risk Central IT LONG & DIFFICULT CHANGE CONTROL / APPROVALS IMPLEMENT

Security is Hard Who do you invite to the Security Party? Security Team Networking Team Application Developers 6

The Data Center of Today Internal data center communication aka East / West traffic

All of This, and We Still Haven t Solved the Problem

Let s Start Over 1. Don t make what I already own obsolete. 2. One-stop shopping. 3. Web-based GUI, but also scriptable (API). 4. Leverage native encryption. 5. Write policy in something more intuitive than VLANs, subnets, and zones. 6. Distribute the load. 7. Automatically scale and protect, regardless of provider, hypervisor, or geographical changes. 8. Firewall on a host-by-host basis. 9. Don t make me babysit the solution. 9

Perimeter Security Isn t Enough Today s Security Challenges Problem # 1 Anywhere on Anything Problem # 2 Speed, Agility & DevOps Problem # 3 Surface Area of Attack

Microsegmentation: A New Hope Microsegmentation: Fine-grained security with distributed enforcement. 1. Appliance/Virtual Appliance-based 2. Hypervisor/Switch-based 3. Workload/Host-based 11

Micro-segmentation - Approaches Virtual Appliance Virtualization Infrastructure Workload Enforced in virtual security appliance Enforced in network / virtualization infrastructure Enforced in workload Pro: familiar model Pro: fewer network dependencies Pro: adapts to workload changes 12

Adaptive Micro-Segmentation What It Does X Control Contain

4 Degrees Of Adaptive Micro-Segmentation

Use Case 1: HVA Ringfencing Ringfencing High-Value Applications Everything in the bubble can talk to everything else in the bubble. Network equivalent to moving all servers to a VLAN, then putting that VLAN behind a firewall. Ordering, Prod, Germany => Ordering, Prod, Germany on All Ports Internet => Web Servers, Ordering, Prod, Germany on TCP Ports 80, 443 15

Use Case 2: Environmental Separation Dev and Test resources shouldn t ever touch Prod resources. Period. This happens more than you think. Do a Google search on accidental Wall Street trades. Dev => Dev on All Ports Test => Test on All Ports Prod => Prod on All Ports 16

Use Case 3: Secure App Migration Covers that awkward phase during migration. 100% of traffic and assets covered through all phases of the move. Ordering, Prod => Ordering, Prod on All Ports 17

Use Case 4: Hybrid Infrastructure When the awkward phase is not temporary. Private cloud, bare metal servers, and five different cloud providers (plus containers). Ordering, Prod => Ordering, Prod on All Ports 18

You Can t Secure What You Can t See Understand your applications and risk Model policy with visual feedback before enforcing Check compliance and identify threats

600+ Workloads, 1.2M Flows 20

Turns Into 21

Controlled With Policy 22

Behind Door Number Three 1. Use existing firewalls (IPTables and WFP). 2. Strong central management. 3. Use existing IPSec functionality. 4. Whitelist only. 5. Put a simple agent on each server. 6. Bake the agent into the OS image (or make it trivial to automate the install). 7. Build policy with labels, not network constructs. 23

Illumio Adaptive Security Platform (ASP) Security Delivered in Any Environment WORKLOADS Context & Telemetry Data Center Security Policy Virtual Enforcement Node (VEN) Antenna installed or baked in to image Linux & Windows Policy Compute Engine (PCE) Central Brain Consumed via cloud or on premises

Label-Based Security Policy I need mysql access from my App Tier of my Production instance of my Ordering Application in Germany to the Database Tier of my Production instance of my Ordering Application in Germany rule 42 { action accept log enable source { address 10.1.2.3 } destination { address 10.2.3.4 port 3306 } protocol tcp state { new enable } } App Tier, Ordering, Prod, Germany => Database, Ordering, Prod, Germany on TCP port 3306 25

What Did We Just Do? Vastly simplified policy creation. Total and Complete Traffic Visibility no matter where the workloads live. Policy Follows the Workload, whether VMotion, metal to cloud, or cloud to cloud. No more Security Conga Line new (and existing) systems receive current policy the moment they boot (and immediately as systems scale or move). Attack surface reduction of 97% - >99%. 26

Stop Cyber Threats with Adaptive Micro-Segmentation Contain and stop the spread of threats Reduce friction between teams Container Bare-metal Virtual Machine Eliminate delays in app delivery Secure applications running anywhere on anything Private DC Cloud

Questions?

Thank You

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback