Verizon Software Defined Perimeter (SDP).

Similar documents
Segmentation for Security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Securing Your Most Sensitive Data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

GDPR Update and ENISA guidelines

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

Software Defined Perimeter & PrecisionAccess. Secure. Simple.

Building a More Secure Cloud Architecture

WHITE PAPER. Applying Software-Defined Security to the Branch Office

Mitigating Risks with Cloud Computing Dan Reis

WHITEPAPER. How to secure your Post-perimeter world

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

PrecisionAccess Trusted Access Control

External Supplier Control Obligations. Cyber Security

Retail Security in a World of Digital Touchpoint Complexity

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

AT&T Endpoint Security

Mitigating Branch Office Risks with SD-WAN

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

Integrated Access Management Solutions. Access Televentures

Cyber Attacks & Breaches It s not if, it s When

Google on BeyondCorp: Empowering employees with security for the cloud era

AKAMAI CLOUD SECURITY SOLUTIONS

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

Benefits of SD-WAN to the Distributed Enterprise

Office 365 Buyers Guide: Best Practices for Securing Office 365

Cybersecurity Roadmap: Global Healthcare Security Architecture

The Common Controls Framework BY ADOBE

Security by Default: Enabling Transformation Through Cyber Resilience

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

SAFE JOURNEY TO THE CLOUD. Eric Meadows Cloud Security Team

SoftLayer Security and Compliance:

Compliance with NIST

Introduction. The Safe-T Solution

Security

Simple and Secure Micro-Segmentation for Internet of Things (IoT)

CTO PoV: Enterprise Networks (Part 2) Security for IoT & Cloud

Securing the future of mobility

Secure Access & SWIFT Customer Security Controls Framework

Citrix SD-WAN for Optimal Office 365 Connectivity and Performance

Overcoming Business Challenges in WAN infrastructure

PROTECT WORKLOADS IN THE HYBRID CLOUD

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Versa Software-Defined Solutions for Service Providers

Enterprise Guest Access

Identity-Based Cyber Defense. March 2017

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Link Security Considerations in the. Enterprise

Cyber Security Technologies

Secure Technology Alliance Response: NIST IoT Security and Privacy Risk Considerations Questions

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Sage Data Security Services Directory

PCI DSS Compliance. White Paper Parallels Remote Application Server

DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY. Cyber Security. Safeguarding Covered Defense Information.

Cyber security for digital substations. IEC Europe Conference 2017

ASD CERTIFICATION REPORT

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

Next Generation Privilege Identity Management

Who s Protecting Your Keys? August 2018

Internet of Things Toolkit for Small and Medium Businesses

2017 Annual Meeting of Members and Board of Directors Meeting

The Windstream Enterprise Advantage for Healthcare

The Windstream Enterprise Advantage for Banking

Microsoft Azure Integration and Security. Course Code: AZ-101; Duration: 4 days; Instructorled

locuz.com SOC Services

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

CS 356 Operating System Security. Fall 2013

Designing and Building a Cybersecurity Program

CipherCloud CASB+ Connector for ServiceNow

Network Security Protection Alternatives for the Cloud

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

VMware Hybrid Cloud Solution

VANGUARD WHITE PAPER VANGUARD INSURANCE INDUSTRY WHITEPAPER

Seagate Supply Chain Standards and Operational Systems

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

WHITE PAPERS. INSURANCE INDUSTRY (White Paper)

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Caught in the Crosshairs of Evolving Endpoints and Malware Sophistication Moderator: Kari Ann Sewell

Defense in Depth Security in the Enterprise

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

PCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

IC32E - Pre-Instructional Survey

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

SOLUTIONS BRIEFS. ADMINISTRATION (Solutions Brief) KEY SERVICES:

Federal Mobility: A Year in Review

E-guide Getting your CISSP Certification

WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution

Compliance with CloudCheckr

Cloud Connect. Gain highly secure, performance-optimized access to third-party public and private cloud providers

Vidder PrecisionAccess

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Security Vendor Line Card

THE ULTIMATE SOLUTION TO SECURE MOBILE COMMUNICATIONS AND DEVICES

Transcription:

Verizon Software Defined Perimeter (). 1

Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances. However, the growth of outsourcing and cloud computing has increased the cost of operating physical appliances, as resources migrate outside the perimeter. More important, there is a new generation of malware that can spread via compute devices belonging to authorized users. New cyber-threats coupled with increased network complexity have enterprises looking for a new approach to perimeter security. Verizon Software Defined Perimeter () is a cybersecurity service that protects application infrastructure against existing and emerging cyber threats. Verizon defeats existing cyber attacks such as credential theft and server exploitation by blocking connectivity from unknown devices and making them virtually invisible to anyone that is not approved to access them. More significantly, Verizon is a countermeasure against a new generation of malware that has the ability to spread via LAN, WiFi and VPN connections. These two features make an over the top security solution that can fit any customer environment without requiring a re-architecture of the existing infrastructure or security elements. An extension to our Software Defined suite of solutions, Verizon creates a strong barrier around high value apps and implements multiple identity, device and entitlements checks before granting application layer access. Verizon is an ideal perimeter security solution for enterprises that operate global supply chains, have a large number of subsidiaries, handle regulated data or are US government vendors handling Controlled Unclassified Information (CUI). It can also be combined with endpoint protection systems and micro-segmentation to create secure enclaves that can withstand sophisticated inside and malware attacks. Emerging cyber threats. For the past decade, perimeter security enterprises deployed a combination of VPN gateways and Firewalls with Multi-Factor-Authentication (MFA) step-up for external access control and NAC gateways for internal access. Unfortunately, the existing perimeter security model has two significant shortcomings. First, the growth of outsourcing and cloud computing has increased the operational complexity due to the requirement to authenticate and authorize an increasing number of external users connecting to external resources. Second, and perhaps more important, existing perimeter security systems are not able to block the new generation of malware that is able to propagate via authorized devices. Traditionally, malware got into a user s device via a phishing attack. However, there is a new type of malware that can autonomously hunt for vulnerable devices across LAN, WiFi and VPN connections. 2017 saw three global-scale cyber-attacks involving lateral-moving malware attacks. For example, NotPetya started as a state-sponsored attack on Ukraine government computers but within a few days was impacting un-related companies around the globe. The key aspect that made NotPetya so lethal was its ability to spread device to device. Verizon can help protect application infrastructure against existing and newly emerging cyber threats. Existing attacks, such as credential theft and server exploitation, are blocked as Verizon only allows access from devices registered to authenticated users. To combat the new generation of malware that propagates via authorized users, Verizon only allows white-listed application processes on the user s device to connect to application infrastructure. Subsequently malware cannot utilize connections to scan for protected application servers even from the device of the authorized user. With the ability to combine cyber security services, such as and network services, such as SD-WAN, Verizon can help you gain additional benefits from the synergy of bringing these services together. Enterprise s not only enjoy significant application security and performance improvements by having Verizon as their global connectivity provider, but Verizon also offers its SDx services in a multi-transport-carrier environment via its ecosystem of leading service providers. 2

VPN/NAC problem: malware attacks spread from authorized devices. Malware slipstreams behind app Network VPN Malware Authorized Traffic VPN Solution: malware blocked at source. Malware gets no access Application VPN Process-to-Process Software Defined Perimeter (). Software Defined Perimeter () represents a new concept in cybersecurity that creates a strong barrier around high value enterprise apps that helps prevent cyber attackers from breaking thru. Verizon is based on the Software Defined Perimeter security architecture. Verizon teamed with Vidder, a leading developer of software components, to create an effective network-based countermeasure against cyber attacks. Real time monitoring Verizon Customer identity system AD/LDAP User identity verified Device identity verified Controller Role verified Public Cloud Role-based App Layer 4 connection provisioned X Customer Infrastructure Customer Infrastructure 3

The first component of the architecture is a that is deployed in front of either physical or virtual application resources. The combines the functions of a Firewall, VPN and application layer gateway in a single virtual appliance. The only allows approved software on authorized devices to connect to protected applications. To allow users to connect to protected applications they must utilize the Client. The Client has three distinct purposes: To determine if the device and the user identity match. To allow remote analysis of software and system processes to detect the presence of malware. To provide a secure application layer connection between the user s device and one or more s. Tying the Client and together is the Controller. The Controller functions as a hub between the Client and, as well as external security controls such as the Identity, Issuing Certificate Authority and remote trust assessment systems. s interlocked security controls protect application resources and data from cyber-attacks. All transactions are cryptographically certified to mitigate real time tampering. s architecture has been rigorously tested in public hackathons as well as government labs. Verizon applications. Verizon is ideal for enterprises that operate global supply chains, have a large number of subsidiaries, handle regulated data or are government contractors. Global supply chain and subsidiary networks. Enterprises that utilize MFA and VPN to manage access to global supply chain network are vulnerable to the new generation of laterally moving malware that spreads from the devices of authorized users. While an enterprise may be able to deploy the latest generation of machine learning endpoint protection on head office devices, it is impossible to know the condition of a partner s device or distant subsidiary. Verizon is an ideal over the top security solution for global supply chain networks or enterprises with a large number of subsidiaries as malware cannot propagate thru it. Additionally for enterprises deploying regional clouds or hybrid infrastructure, the route optimization features of means the best path is taken. Verizon can also be deployed over a SD WAN service integrating MPLS/Internet/Broadband/LTE bandwidth to maintain application performance. Public cloud deployment for financial and medical organizations. One of the challenges financial and medical organizations face is meeting security requirements in virtualized cloud environments. For example, financial institutions need a data center with multiple physical controls, thus making it difficult for financial institutions to utilize public cloud services. Verizon provides these entities with the equivalence to physical barriers. s set of interlocked security controls creates a secure enclave when combined with native cloud partitioning and encryption services enabling public cloud usage. Secure enclaves for U.S. government vendors handling CUI. State-sponsored cyber-attacks on U.S. government vendors have greatly increased as described in the National Security Strategy released on December 20, 2017. The U.S. government has mandated that all suppliers handling Controlled Unclassified Information (CUI) must implement NIST 800-171. Verizon is an ideal solution for protecting CUI by only allowing authorized users to access file servers. Verizon supports the access control and monitoring requirements in NIST 800-171 in an integrated solution, and when Verizon is deployed over SD-WAN or Private IP, U.S. government suppliers benefit from the added network security. Verizon: your connectivity provider. Enterprises universally seek to increase agility while improving their cost structure. Verizon provides enterprises a complete solution portfolio of application aware security services like and SD WAN that help enterprises meet their strategic objectives of cost and risk reduction. Looking to the near future, Verizon plans to offer over Virtual Network Services (Verizon s version of NFV). The combination of and SD WAN via VNS will provide even more flexibility and agility to enterprises at premise or cloud sites. Enterprises will enjoy significant application security and performance improvements by having Verizon become their global connectivity provider for, SD WAN and VNS services. 4

Customer Site High value user Regular user Executive Employee Centralized Cloud Management Partner Site VNS MPLS/PIP/LTE Data Center High value user Executive High value application Regular user Employee Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback