Secure Access - Update for people, devices, things and services Jonas Gyllenhammar Senior Consultant Engineer - Specialist
The New Reality All Major OSs One Client On-the-go Home network Untrusted LAN Guest Wifi Cloud Security Ent Web GW Mobile GW Datacenter Consolidation VPN GW VDI GW NAC Mobile Apps Apps Cloud SaaS Apps Hybrid IT Cloudification Datacenter Enterprise applications VDI, terminal services Cloud IaaS AWS, Azure 2
Why Secure Access is important Outside-In = Remote Access Inside-Out = Firewall Inside-In = Network Security Outside-Out = Cloud Security Outside-Out Outside-In User/Devices/Things Resources Visibility Enforcement Unified Policies Echo system Outside Inside Inside-Out User/Devices/Things Inside-In Resources
Pulse Secure - Secure Access Unified Client Unified client for VPN and NAC Unified policy and enforcement Endpoint compliance Off premise: Employees, Contractors, and Partners Pulse One and Pulse Workspace BYOD Ready PSA PSA Onboarding Guest Management On-premise & Off-premise User Endpoints Pulse Connect Secure Federation Services Protected Resources Pulse Policy Secure Pulse Secure Ecosystem (MDM, SIEM, IPS, etc.) On premise: Employees and Guests Turnkey Profiler Firewall Integration MDM/IAM Integration Cloud Secure User Endpoints Unmanaged Endpoints (Phones, Printers, etc.) Switches and WLAN Firewall (optional L4-L7)
Seamless Cloud Access Remote & On-Premise Benefits Leverage existing PCS infrastructure Guarantee same compliance based access SaaS SAML+Metadata+ exchange PULSE&CONNECT&SECURE Session+Federation Cloud&Secure AD PULSE&CLIENT Authentication+&+Device+Compliance PULSE&POLICY&SECURE On:Premise+Users
Pulse Secure Profiler Visibility with Context Who What On-box Profiler Where When Visibility
Pulse Policy Secure BYOD/Mobility Automated configuration of devices with settings and software for Wi-Fi, VPN and certificate Endpoint Compliance Enhanced assessments of endpoint device health and security state before allowing them on your network Guest Access Ability to create time-limited guest accounts - and provide a seamless user experience Policy Management Centralize network access policy management providing consistent, highly secure access Ecosystem Adopts and utilizes the TNCs open standard IF-MAP or standard API. Enables easy integration with third-party network and security devices IoT Detect and Classify IoT devices and apply enforcement policies to control the devices Employees and Guests PSA Pulse Policy Secure Pulse Secure Ecosystem (MDM, SIEM, IPS, etc.) Visibility Gain greater visibility into what's connecting to your network - on-premises or remote User Unmanaged Endpoints Endpoints (Phones, Printers, etc.) Switches and WLAN Firewall Protected Resources
Secure Access IoT Strategy PCS PPS Pulse One PWS CS Virtualization Azure, AWS, GCP MSP - Rest API IoT / Mobility Extend Visibility Ecosystem IoT Device Visibility/Enforc ement Auto-provision FW based on category of IoT devices Traffic Analysis / Analytics Appliance Management Visibility - Single pane of Glass view Seamless BYO Enablement Desktop Management Consolidated Appliance IoT Device Visibility and Compliance Secure Cloud Access Seamless O365 enablement Application Visibility
Secure Access for Connected Vehicles Use Cases Send vehicle data securely to data center for Connected car systems monitoring Smart driving assistance Cloud-based infotainment solutions Automated emergency management Real-time fleet management Driver safety systems Predictive maintenance Pulse Secure IoT Solution Establish IPSEC VPN tunnel from vehicle to PCS Maintain roaming vehicles secure tunnel with IKEv2 in-built tunnel liveness checks Provide comprehensive authentication capabilities Leverage Pulse Secure IoT client or native VPN client
Secure Access for Connected Vehicles Client Or Native VPN Client Connect Secure Pulse One Data Center Roaming Firewall Protected Resources Policy Secure Client Or Native VPN Client Remote network Internal network
Secure Access for IoT Devices Use Case Unknown IoT devices connecting to the network Master devices (Mobile, Desktop) connecting directly via PCS/PPS are known devices Challenges Connected devices via bluetooth, Wifi-direct (Wifi-P2P) or hotspots are not known Pulse Secure IoT Solution Visibility into IoT devices by collecting contextual device information IoT device pre-admission and post-admission control via PCS, PPS or PWS
Secure Access for IoT Devices 2. Device Compliance PCS Pulse One IoT device Visibility Firewall Protected Resources IoT devices connected to Mobile Hub 1. Collect IoT device contextual information & send it to PCS PPS IoT devices connected to Windows or MAC Machine Unprotected Resources Remote network Internal network
Secure Access for IoT Devices 3. Device Compliance Pulse Workspace Pulse One a. Authentication and Device Compliance IoT device Visibility Firewall Protected Resources IoT devices connected to Mobile Hub 2. Collect to IoT device contextual information & send it to PWS PPS IoT devices connected to Windows or MAC Machine Unprotected Resources Remote network Internal network
Device Profiling & Approval New Mobile device is Enrolled. Access to Internal and SaaS Cloud Service IoT Device Cloud Service vsrx 15.1X49-D100.6 New IoT device. Sends data to Cloud Service PCS Admin Device Approval Access Switch PPS - Profiler
2017 Portfolio Priorities Secure Access User Experience Management & Visibility Access/Auth Consistent, secure and seamless onboarding experience across PCS, PPS & PWS Unified Compliance based access to Data Centre & Cloud resources, from Desktops & Mobile devices Centralized device and appliance management Endpoint visibility and centralized auditing Centralized logging and troubleshooting and call home telemetry to Pulse One Workspace for Windows and Mac OS Compliant and Secure SSO for Hybrid IT Apps Adaptive Authentication, Multi-Factor Authentication, Biometric Authentication Core Security Ongoing Improvements Connect Secure: IPv6 support, IKEv2 (native mobile VPN), Azure support, MSSP support Policy Secure: Azure support, basic visibility Unified client for secure access, remote access, and network access control Connect Secure: Updated to always on, Application Launcher updates, ongoing url rewriting improvements Policy Secure: SNMP support, built-in profiler
PCS 8.3R3 notable Features (now in Beta) VA-SPE Licensing via PCLS (on- prem and in public IaaS clouds) Cloud-VPN hosted in Azure Named User Licensing: Support in PCS and PPS (phase 1) HSTS: Provide max-age and optional directives support Clustering support in VA-SPE Virtual Appliance Support for REST APIs Framework and Config VLAN support on all Root interfaces (Internal/External/Management)
PPS 5.4R3 notable Features (now in Beta) Pulse Policy Secure eco-system expansion using Fortinet, Checkpoint Firewalls and Microsoft Intune. Guest Access - Account approval process Licensing & New Features for Virtual Appliance New features in Profiler Support for profiling devices in an active/active cluster Support for Profiler licensing Troubleshooting and device sponsorship Enhanced WMI collector (now collects AV information)