Identiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks

Similar documents
Defend Your Web Applications Against the OWASP Top 10 Security Risks. Speaker Name, Job Title

ADC im Cloud - Zeitalter

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

AKAMAI CLOUD SECURITY SOLUTIONS

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013

En partenariat avec CA Technologies. Genève, Hôtel Warwick,

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

Cybersecurity Roadmap: Global Healthcare Security Architecture

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

Service Provider View of Cyber Security. July 2017

Building a More Secure Cloud Architecture

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

A different approach to Application Security

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

PrecisionAccess Trusted Access Control

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

Secure & Unified Identity

Cyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA

Security Landscape Thorsten Stoeterau Security Systems Engineer - Barracuda Networks

Introduction. The Safe-T Solution

Security

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

Security Readiness Assessment

Defense in Depth. Constructing Your Walls for Your Enterprise. Mike D Arezzo Director of Security April 21, 2016

The Oracle Trust Fabric Securing the Cloud Journey

KEEPING THE BAD GUYS OUT WHILE LETTING THE GOOD GUYS IN. Paul Deakin Federal Field Systems Engineer

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Cloud Security, Mobility and Current Threats. Tristan Watkins, Head of Research and Innovation

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

Copyright 2011 Trend Micro Inc.

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

2017 Annual Meeting of Members and Board of Directors Meeting

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO

Access Denied! Decoding Identity Aware Proxies

ISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems

Secure Access for Microsoft Office 365 & SaaS Applications

Make Cloud the Most Secure Environment for Business. Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks)

Security for the Cloud Era

Enterprise & Cloud Security

AUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response

GOING WHERE NO WAFS HAVE GONE BEFORE

O365 Solutions. Three Phase Approach. Page 1 34

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets

Keys to a more secure data environment

Software Defined Perimeter & PrecisionAccess. Secure. Simple.

The Etihad Journey to a Secure Cloud

DenyAll Protect. accelerating. Web Application & Services Firewalls. your applications. DenyAll Protect

IBM Future of Work Forum

WHITEPAPER. How to secure your Post-perimeter world

Imperva Incapsula Website Security

AT&T Endpoint Security

SAS and F5 integration at F5 Networks. Updates for Version 11.6

Fencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1

F5 Application Security. Radovan Gibala Field Systems Engineer

Sichere Applikations- dienste

Architecture: Consolidated Platform. Eddie Augustine Major Accounts Manager: Federal

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

CHARLES DARWIN, CYBERSECURITY VISIONARY

Securing The Cloud in Today's Threat Landscape. David Dzienciol Vice President, Channels & SMB Asia Pacific Japan Region September 2011

Adaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

F5 Azure Cloud Try User Guide. F5 Networks, Inc. Rev. September 2016

The Interactive Guide to Protecting Your Election Website

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Google Identity Services for work

RETHINKING DATA CENTER SECURITY. Reed Shipley Field Systems Engineer, CISSP State / Local Government & Education

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Securing the Modern Data Center with Trend Micro Deep Security

Secure Access & SWIFT Customer Security Controls Framework

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

CloudSOC and Security.cloud for Microsoft Office 365

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Certified Secure Web Application Engineer

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Censornet. CensorNet Unified Security Service (USS) FREEDOM. VISIBILITY. PROTECTION. Lars Gotlieb Regional Manager DACH

Verizon Software Defined Perimeter (SDP).

Whiteboard Hacking / Hands-on Threat Modeling. Introduction

Total Threat Protection. Whitepaper

Best Practices in Securing a Multicloud World

Proactive Approach to Cyber Security

CAN MICROSOFT HELP MEET THE GDPR

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

Comprehensive datacenter protection

IoT Security for Critical Information Infrastructures. Andrey Tikhonov

Advanced Endpoint Protection

Designing an Enterprise GIS Security Strategy

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Seamless Security in the Age of Cloud Services: Securing SaaS Applications & Cloud Workloads

Transforming Security Part 2: From the Device to the Data Center

Transcription:

Identiteettien hallinta ja sovellusturvallisuus Timo Lohenoja, CISPP Systems Engineer, F5 Networks timo@f5.com

Cybersecurity Is Business Continuity Maintain and grow revenue Identify industry threats Protect assets and customers

GOAL Threat Intel DDoS Mitigation Defense in Depth Anti-Fraud L7 WAF / Signatures / Zero day Bot Defense Identity / Access SSL Offload

Web app attacks are the #1 single source entry point of successful data breaches Web App Attacks User / Identity Physical 11% 33% 53% Other (VPN, PoS, infra.) 3% https://f5.com/labs

But we still have a lot of other exposure Web App Attacks User / Identity 33% 53% Physical 11% Other (VPN, PoS, infra.) 3% https://f5.com/labs

GDPR CHALLENGE SOLUTION Unauthorised access affecting confidentiality and integrity of data Malicious access attempts Least privilege violations User password fatigue Lack of endpoint visibility Phishing attacks Malware on client endpoints Bot disruption Secure authentication Multi-Factor Authentication (MFA) Federation SAML 2.0 / OAuth 2.0 Granular and context-aware access Single sign-on (SSO) Endpoint detection and protection Phishing detection Credential theft prevention

Unauthorised access affecting confidentiality and integrity of data Authentication Browser Device type and integrity Location OS Operating system Access method Network integrity Network quality and availability v3.1 App location App importance and risk App type / version Connection integrity

SOLUTION 1 Risk-based policy protection Allow Deny Challenge OTP Client cert. North Korea User ID Location Endpoint Device health Device type Malware Sensitive data Human Low-Value App Public Cloud IaaS Allow Deny Challenge OTP Client cert. Finland User ID Location Endpoint Device health Device type Malware Sensitive data Human Enterprise Data Center High-Value App

SOLUTION 2 Online Customers Man-in-the- Browser Attacks A Copied Pages and Phishing Credential protection B Online Customers Network Firewall Credential protection Encryption Account Amount Transfer Funds Automated Transactions Online Customers Security Operations Center C

SOLUTION 3 Application Infrastructure Corporate Users Federated identity for cloud access Users MFA VPN SSO Context- Based Auth Attackers SAML 2.0 OAUTH 2.0 Access Protection Directory Services Applications Office 365 Google Apps Salesforce SaaS Providers Federation

A broad consensus on the most critical web application security flaws

Apps are the gateways to data TRADITIONAL NEW PERIMETER App APP SSL SSL SSL NETWORK PERIMETER SSL-visible, Location-independent, Sessionbased, Continuous trust verification, Strategic control points, Application availability PER-APP / PER-USER PERIMETER IT S TIME TO RETHINK SECURITY ARCHITECTURES

GDPR CHALLENGE SOLUTION Cyber attacks on vulnerable web apps affect confidentiality, integrity, and availability OWASP Top 10 threats Credential stuffing Malicious bots L7 DDoS attacks Session hijacking Advanced Web application Firewall (WAF) Session tracking to identify bad actors Virtual patching to block attacks on vulnerable code Bot detection and prevention DAST integration Data cloaking

SOLUTION Private/Public/ Hybrid/Service Web application firewall, cloud or on-premises Legitimate User OWASP Top 10, BOT protection, L7 DDoS, API Protection Web Application Firewall Services Private/Hybrid Cloud Hosted Web App Physical Hosted Web App Attackers Public Cloud Hosted Web App Third-Party DAST VA/DAST Scans

Secure Expedient Effective

WAF IPS NGFW Multiprotocol Security * IP Reputation * Web Attack Signatures * Web Vulnerabilities Signatures * Automatic Policy Learning * URL, Parameter, Cookie, and Form Protection * Leverage Vulnerability Scan Results * Browser Fingerprinting Protection against Layer 7 DDoS Attacks Pro-active Modification of Application Requests/Responses Advanced Protection for Web Services (SOAP, XML, AJAX) = Good to very good = Average or fair = Below average * Source: Gartner "Web Application Firewalls Are Worth the Investment for Enterprises"

Security programs are journeys of evolution Ongoing diligence and constant refinement

Asiantuntija on henkilö, joka on tehnyt kaikki mahdolliset virheet hyvin kapealla alalla -Niels Bohr-

Opiskelu ilman ajattelua on hyödytöntä. Ajattelu ilman opiskelua on vaarallista. -Kungfutse-

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback